Page MenuHomeDevCentral
Differential D2455

Collect logs from Docker
Needs ReviewPublic
Actions

Authored by dereckson on Jan 9 2022, 11:30.
Tags
None
Referenced Files
F12376255: D2455.id6178.diff
Fri, Oct 31, 01:48
Unknown Object (File)
Thu, Oct 30, 16:38
Unknown Object (File)
Thu, Oct 30, 10:23
Unknown Object (File)
Thu, Oct 30, 09:56
Unknown Object (File)
Thu, Oct 30, 08:24
Unknown Object (File)
Thu, Oct 30, 07:08
Unknown Object (File)
Thu, Oct 30, 07:08
Unknown Object (File)
Thu, Oct 30, 07:02
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1624: Install an Elastic stack for nasqueron-infra forest
Summary

Docker logs -> Filebeat container -> OpenSearch infra-logs

Ref T1624

Test Plan

Collect logs from docker-001

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
opensearch
Build Status
Buildable 3833
Build 4083: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Jan 9 2022, 11:30
dereckson created this revision.
Harbormaster completed remote builds in B3818: Diff 6178.Jan 9 2022, 11:30
dereckson planned changes to this revision.Jan 9 2022, 11:32
dereckson added inline comments.
roles/opensearch/opensearch/files/internal_users.yml.jinja
53

We need to create this ingest_client role.

It should be able to:

  • create an index
  • publish documents for any index
roles/paas-docker/containers/filebeat.sls
41
dereckson accepted this revision.Jan 9 2022, 21:26
dereckson updated this revision to Diff 6181.Jan 9 2022, 21:27

Ready to test :)

This revision is now accepted and ready to land.Jan 9 2022, 21:27
Harbormaster completed remote builds in B3820: Diff 6181.Jan 9 2022, 21:27
dereckson planned changes to this revision.Jan 9 2022, 21:38
dereckson added inline comments.
roles/opensearch/opensearch/files/roles.yml
217

Careful when manually converting JSON to YAML

ERR: Seems /opt/opensearch/plugins/opensearch-security/securityconfig/roles.yml is not in OpenSearch Security 7 format: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: while parsing a block collection
 in 'reader', line 217, column 7:
          - "cluster_monitor",
          ^
expected <block end>, but found ','
 in 'reader', line 217, column 26:
          - "cluster_monitor",
dereckson updated this revision to Diff 6182.Jan 9 2022, 21:39

roles, remove example config file

This revision is now accepted and ready to land.Jan 9 2022, 21:39
Harbormaster completed remote builds in B3821: Diff 6182.Jan 9 2022, 21:39
dereckson added inline comments.Jan 9 2022, 21:47
pillar/paas/docker.sls
149
yaml.composer.ComposerError: found undefined alias
  in "<unicode string>", line 149, column 24

Seems the alias must be defined BEFORE first use.

dereckson updated this revision to Diff 6183.Jan 9 2022, 21:50

Fix YAML

Harbormaster completed remote builds in B3822: Diff 6183.Jan 9 2022, 21:50
dereckson requested review of this revision.Jan 9 2022, 21:52

OpenSearch. OpenSearch part looks good: we've the role and the user.

Filebeat. Docker container runs, load the harvesters correctly, but use http and not https to try to connect to OpenSearch:

{"level":"error","timestamp":"2022-01-09T21:51:06.179Z","logger":"publisher_pipeline_output","caller":"pipeline/output.go:154","message":"Failed to connect to backoff(elasticsearch(http://cloudhugger.nasqueron.org:9200)): Get \"http://cloudhugger.nasqueron.org:9200\": EOF"}

dereckson updated this revision to Diff 6184.Jan 9 2022, 21:55

Connect to OpenSearch using https

Harbormaster completed remote builds in B3823: Diff 6184.Jan 9 2022, 21:55
dereckson updated this revision to Diff 6185.Jan 9 2022, 21:56

Connect to OpenSearch using https

Harbormaster completed remote builds in B3824: Diff 6185.Jan 9 2022, 21:56
dereckson added a comment.Jan 9 2022, 21:56

{"level":"error","timestamp":"2022-01-09T21:54:40.939Z","logger":"publisher_pipeline_output","caller":"pipeline/output.go:154","message":"Failed to connect to backoff(elasticsearch(https://cloudhugger.nasqueron.org:9200)): Get \"https://cloudhugger.nasqueron.org:9200\": x509: certificate signed by unknown authority"}

dereckson added a comment.Jan 9 2022, 21:57

Addressing comments

dereckson updated this revision to Diff 6186.Jan 9 2022, 21:58

Fix chmod

Harbormaster completed remote builds in B3825: Diff 6186.Jan 9 2022, 21:58
dereckson updated this revision to Diff 6192.Jan 10 2022, 01:15

Works, but needs multiline configuration. And Logstash as buffer.

Harbormaster completed remote builds in B3829: Diff 6192.Jan 10 2022, 01:15
dereckson mentioned this in T1672: Configure capabilities for MySQL containers.Jan 10 2022, 19:17
dereckson updated this revision to Diff 6198.Jan 10 2022, 21:24

Rebased.

Harbormaster completed remote builds in B3833: Diff 6198.Jan 10 2022, 21:24
dereckson updated this revision to Diff 6199.Jan 10 2022, 23:06

Add index policies management

Harbormaster completed remote builds in B3834: Diff 6199.Jan 10 2022, 23:06

Revision Contents
Changeset List

PathSize
pillar/
credentials/
1 line
opensearch/
8 lines
paas/
40 lines
roles/
opensearch/
opensearch/
files/
15 lines
228 lines
2 lines
11 lines
paas-docker/
containers/
86 lines
files/
filebeat/
52 lines

Diff 6198

View Options

pillar/credentials/zr.sls

Loading...
View Options

pillar/opensearch/clusters.sls

Loading...
View Options

pillar/paas/docker.sls

Loading...
View Options

roles/opensearch/opensearch/files/internal_users.yml.jinja

Loading...
View Options

roles/opensearch/opensearch/files/roles.yml

Loading...
View Options

roles/opensearch/opensearch/files/security_initialize.sh

Loading...
View Options

roles/opensearch/opensearch/security.sls

Loading...
View Options

roles/paas-docker/containers/filebeat.sls

Loading...
View Options

roles/paas-docker/containers/files/filebeat/filebeat.yml.jinja

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator