From 4b6c8049d6d3b499cf3ed43c54bf76db897e0c3c Mon Sep 17 00:00:00 2001 From: Yujun Zhang Date: Tue, 13 Mar 2018 17:48:07 +0800 Subject: Initial commit for logging installation and validataion - install fluentd with elastic stack - validate the installation JIRA: CLOVER-5 Change-Id: I181a7277bc332ceac549d384cf2c3817a182b06e Signed-off-by: Yujun Zhang --- Pipfile | 15 +++ Pipfile.lock | 182 ++++++++++++++++++++++++++ clover/logging/install/fluentd-istio.yaml | 40 ++++++ clover/logging/install/logging-stack.yaml | 205 ++++++++++++++++++++++++++++++ clover/logging/validate.py | 56 ++++++++ docs/logging.rst | 28 ++++ 6 files changed, 526 insertions(+) create mode 100644 Pipfile create mode 100644 Pipfile.lock create mode 100644 clover/logging/install/fluentd-istio.yaml create mode 100644 clover/logging/install/logging-stack.yaml create mode 100644 clover/logging/validate.py create mode 100644 docs/logging.rst diff --git a/Pipfile b/Pipfile new file mode 100644 index 0000000..7bac042 --- /dev/null +++ b/Pipfile @@ -0,0 +1,15 @@ +[[source]] + +url = "https://pypi.python.org/simple" +verify_ssl = true +name = "pypi" + + +[dev-packages] + + + +[packages] + +kubernetes = "*" +sh = "*" diff --git a/Pipfile.lock b/Pipfile.lock new file mode 100644 index 0000000..d840d68 --- /dev/null +++ b/Pipfile.lock @@ -0,0 +1,182 @@ +{ + "_meta": { + "hash": { + "sha256": "3e773b6eb42a9dba3e5cb71bcac1c832939ab3b069641084d9f5ecd0967ce7cf" + }, + "pipfile-spec": 6, + "requires": {}, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.python.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "cachetools": { + "hashes": [ + "sha256:4319bbb78172e7bcf99423e1ecd6914b32336ccfe97d2058ffe62e641a7f3abe", + "sha256:ede01f2d3cbd6ddc9e35e16c2b0ce011d8bb70ce0dbaf282f5b4df24b213bc5d" + ], + "version": "==2.0.1" + }, + "certifi": { + "hashes": [ + "sha256:14131608ad2fd56836d33a71ee60fa1c82bc9d2c8d98b7bdbc631fe1b3cd1296", + "sha256:edbc3f203427eef571f79a7692bb160a2b0f7ccaa31953e99bd17e307cf63f7d" + ], + "version": "==2018.1.18" + }, + "chardet": { + "hashes": [ + "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", + "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" + ], + "version": "==3.0.4" + }, + "google-auth": { + "hashes": [ + "sha256:34088434cb2a2409360b8f3cbc04195a465df1fb2aafad71ebbded77cbf08803", + "sha256:9051802d3dae256036cca9e34633a32c0ed1427730d4ebc513dff91ec8b6dd45" + ], + "version": "==1.4.1" + }, + "idna": { + "hashes": [ + "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f", + "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4" + ], + "version": "==2.6" + }, + "ipaddress": { + "hashes": [ + "sha256:200d8686011d470b5e4de207d803445deee427455cd0cb7c982b68cf82524f81" + ], + "version": "==1.0.19" + }, + "kubernetes": { + "hashes": [ + "sha256:2f1a05a9bb2549d6afb6d138b2767d61d8aeb735a7a12bf554440524205e2894", + "sha256:f81f145882471a1dd9d23360e99bd77027f07744729ef2728af4af7130cd19fd" + ], + "version": "==5.0.0" + }, + "oauthlib": { + "hashes": [ + "sha256:ce57b501e906ff4f614e71c36a3ab9eacbb96d35c24d1970d2539bbc3ec70ce1" + ], + "version": "==2.0.6" + }, + "pyasn1": { + "hashes": [ + "sha256:0d7f6e959fe53f3960a23d73f35e1fce61348b30915b6664309ca756de7c1f89", + "sha256:5a0db897b311d265cde49615cf783f1c78613138605cdd0f907ecfa5b2aba3ee", + "sha256:758cb50abddc03e4563fd9e7f03db56e3e87b58c0bd01247360326e5c0c7ffa5", + "sha256:7d626683e3d792cccc608da02498aff37ab4f3dafd8905d6bf755d11f9b26b43", + "sha256:a7efe807c4b83a859e2735c692b92ed7b567cfddc4163763412920041d876c2b", + "sha256:b5a9ca48055b9a20f6d1b3d68e38692e5431c86a0f99ea602e61294e891fee5b", + "sha256:c07d6e587b2f928366b1f67c09bda026a3e6fcc99e80a744dc67f8fca3895626", + "sha256:d258b0a71994f7770599835249cece1caef3c70def868c4915e6e5ca49b67d15", + "sha256:d5cd6ed995dba16fad0c521cfe31cd2d68400b53fcc2bce93326829be73ab6d1", + "sha256:d84c2aea3cf43780e9e6a19f4e4dddee9f6976519020e64e47c57e5c7a8c3dd2", + "sha256:e85895087905c65b5b594eb91f7522664c85545b147d5f4d4e7b1b07da8dcbdc", + "sha256:f81c96761fca60d64b1c9b79ec2e40cf9495a745cf570613079ef324aeb9672b" + ], + "version": "==0.4.2" + }, + "pyasn1-modules": { + "hashes": [ + "sha256:041e9fbafac548d095f5b6c3b328b80792f006196e15a232b731a83c93d59493", + "sha256:0cdca76a68dcb701fff58c397de0ef9922b472b1cb3ea9695ca19d03f1869787", + "sha256:0cea139045c38f84abaa803bcb4b5e8775ea12a42af10019d942f227acc426c3", + "sha256:0f2e50d20bc670be170966638fa0ae603f0bc9ed6ebe8e97a6d1d4cef30cc889", + "sha256:47fb6757ab78fe966e7c58b2030b546854f78416d653163f0ce9290cf2278e8b", + "sha256:598a6004ec26a8ab40a39ea955068cf2a3949ad9c0030da970f2e1ca4c9f1cc9", + "sha256:72fd8b0c11191da088147c6e4678ec53e573923ecf60b57eeac9e97433e09fc2", + "sha256:854700bbdd01394e2ada9c1bfbd0ed9f5d0c551350dbbd023e88b11d2771ae06", + "sha256:af00ea8f2022b6287dc375b2c70f31ab5af83989fc6fe9eacd4976ce26cd7ccc", + "sha256:b1f395cae2d669e0830cb023aa86f9f283b7a9aa32317d7f80d8e78aa2745812", + "sha256:c6747146e95d2b14cc2a8399b2b0bde3f93778f8f9ec704690d2b589c376c137", + "sha256:f53fe5bcebdf318f51399b250fe8325ef3a26d927f012cc0c8e0f9e9af7f9deb" + ], + "version": "==0.2.1" + }, + "python-dateutil": { + "hashes": [ + "sha256:07009062406cffd554a9b4135cd2ff167c9bf6b7aac61fe946c93e69fad1bbd8", + "sha256:8f95bb7e6edbb2456a51a1fb58c8dca942024b4f5844cae62c90aa88afe6e300" + ], + "version": "==2.7.0" + }, + "pyyaml": { + "hashes": [ + "sha256:0c507b7f74b3d2dd4d1322ec8a94794927305ab4cebbe89cc47fe5e81541e6e8", + "sha256:16b20e970597e051997d90dc2cddc713a2876c47e3d92d59ee198700c5427736", + "sha256:3262c96a1ca437e7e4763e2843746588a965426550f3797a79fca9c6199c431f", + "sha256:326420cbb492172dec84b0f65c80942de6cedb5233c413dd824483989c000608", + "sha256:4474f8ea030b5127225b8894d626bb66c01cda098d47a2b0d3429b6700af9fd8", + "sha256:592766c6303207a20efc445587778322d7f73b161bd994f227adaa341ba212ab", + "sha256:5ac82e411044fb129bae5cfbeb3ba626acb2af31a8d17d175004b70862a741a7", + "sha256:5f84523c076ad14ff5e6c037fe1c89a7f73a3e04cf0377cb4d017014976433f3", + "sha256:827dc04b8fa7d07c44de11fabbc888e627fa8293b695e0f99cb544fdfa1bf0d1", + "sha256:b4c423ab23291d3945ac61346feeb9a0dc4184999ede5e7c43e1ffb975130ae6", + "sha256:bc6bced57f826ca7cb5125a10b23fd0f2fff3b7c4701d64c439a300ce665fff8", + "sha256:c01b880ec30b5a6e6aa67b09a2fe3fb30473008c85cd6a67359a1b15ed6d83a4", + "sha256:ca233c64c6e40eaa6c66ef97058cdc80e8d0157a443655baa1b2966e812807ca", + "sha256:e863072cdf4c72eebf179342c94e6989c67185842d9997960b3e69290b2fa269" + ], + "version": "==3.12" + }, + "requests": { + "hashes": [ + "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b", + "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e" + ], + "version": "==2.18.4" + }, + "requests-oauthlib": { + "hashes": [ + "sha256:50a8ae2ce8273e384895972b56193c7409601a66d4975774c60c2aed869639ca", + "sha256:883ac416757eada6d3d07054ec7092ac21c7f35cb1d2cf82faf205637081f468" + ], + "version": "==0.8.0" + }, + "rsa": { + "hashes": [ + "sha256:25df4e10c263fb88b5ace923dd84bf9aa7f5019687b5e55382ffcdb8bede9db5", + "sha256:43f682fea81c452c98d09fc316aae12de6d30c4b5c84226642cf8f8fd1c93abd" + ], + "version": "==3.4.2" + }, + "sh": { + "hashes": [ + "sha256:ae3258c5249493cebe73cb4e18253a41ed69262484bad36fdb3efcb8ad8870bb", + "sha256:b52bf5833ed01c7b5c5fb73a7f71b3d98d48e9b9b8764236237bdc7ecae850fc" + ], + "version": "==1.12.14" + }, + "six": { + "hashes": [ + "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", + "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb" + ], + "version": "==1.11.0" + }, + "urllib3": { + "hashes": [ + "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b", + "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f" + ], + "version": "==1.22" + }, + "websocket-client": { + "hashes": [ + "sha256:188b68b14fdb2d8eb1a111f21b9ffd2dbf1dbc4e4c1d28cf2c37cdbf1dd1cae6", + "sha256:a453dc4dfa6e0db3d8fd7738a308a88effe6240c59f3226eb93e8f020c216149" + ], + "version": "==0.47.0" + } + }, + "develop": {} +} diff --git a/clover/logging/install/fluentd-istio.yaml b/clover/logging/install/fluentd-istio.yaml new file mode 100644 index 0000000..1853831 --- /dev/null +++ b/clover/logging/install/fluentd-istio.yaml @@ -0,0 +1,40 @@ +# Configuration for logentry instances +apiVersion: "config.istio.io/v1alpha2" +kind: logentry +metadata: + name: newlog + namespace: istio-system +spec: + severity: '"info"' + timestamp: request.time + variables: + source: source.labels["app"] | source.service | "unknown" + user: source.user | "unknown" + destination: destination.labels["app"] | destination.service | "unknown" + responseCode: response.code | 0 + responseSize: response.size | 0 + latency: response.duration | "0ms" + monitored_resource_type: '"UNSPECIFIED"' +--- +# Configuration for a fluentd handler +apiVersion: "config.istio.io/v1alpha2" +kind: fluentd +metadata: + name: handler + namespace: istio-system +spec: + address: "fluentd-es.logging:24224" +--- +# Rule to send logentry instances to the fluentd handler +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: newlogtofluentd + namespace: istio-system +spec: + match: "true" # match for all requests + actions: + - handler: handler.fluentd + instances: + - newlog.logentry +--- diff --git a/clover/logging/install/logging-stack.yaml b/clover/logging/install/logging-stack.yaml new file mode 100644 index 0000000..9542496 --- /dev/null +++ b/clover/logging/install/logging-stack.yaml @@ -0,0 +1,205 @@ +# Logging Namespace. All below are a part of this namespace. +apiVersion: v1 +kind: Namespace +metadata: + name: logging +--- +# Elasticsearch Service +apiVersion: v1 +kind: Service +metadata: + name: elasticsearch + namespace: logging + labels: + app: elasticsearch +spec: + ports: + - port: 9200 + protocol: TCP + targetPort: db + selector: + app: elasticsearch + type: NodePort +--- +# Elasticsearch Deployment +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: elasticsearch + namespace: logging + labels: + app: elasticsearch + annotations: + sidecar.istio.io/inject: "false" +spec: + template: + metadata: + labels: + app: elasticsearch + spec: + containers: + - image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.1 + name: elasticsearch + resources: + # need more cpu upon initialization, therefore burstable class + limits: + cpu: 1000m + requests: + cpu: 100m + env: + - name: discovery.type + value: single-node + ports: + - containerPort: 9200 + name: db + protocol: TCP + - containerPort: 9300 + name: transport + protocol: TCP + volumeMounts: + - name: elasticsearch + mountPath: /data + volumes: + - name: elasticsearch + emptyDir: {} +--- +# Fluentd Service +apiVersion: v1 +kind: Service +metadata: + name: fluentd-es + namespace: logging + labels: + app: fluentd-es +spec: + ports: + - name: fluentd-tcp + port: 24224 + protocol: TCP + targetPort: 24224 + - name: fluentd-udp + port: 24224 + protocol: UDP + targetPort: 24224 + selector: + app: fluentd-es +--- +# Fluentd Deployment +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: fluentd-es + namespace: logging + labels: + app: fluentd-es + annotations: + sidecar.istio.io/inject: "false" +spec: + template: + metadata: + labels: + app: fluentd-es + spec: + containers: + - name: fluentd-es + image: gcr.io/google-containers/fluentd-elasticsearch:v2.0.1 + env: + - name: FLUENTD_ARGS + value: --no-supervisor -q + resources: + limits: + memory: 500Mi + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - name: config-volume + mountPath: /etc/fluent/config.d + terminationGracePeriodSeconds: 30 + volumes: + - name: config-volume + configMap: + name: fluentd-es-config +--- +# Fluentd ConfigMap, contains config files. +kind: ConfigMap +apiVersion: v1 +data: + forward.input.conf: |- + # Takes the messages sent over TCP + + type forward + + output.conf: |- + + type elasticsearch + log_level info + include_tag_key true + host elasticsearch + port 9200 + logstash_format true + # Set the chunk limits. + buffer_chunk_limit 2M + buffer_queue_limit 8 + flush_interval 5s + # Never wait longer than 5 minutes between retries. + max_retry_wait 30 + # Disable the limit on the number of retries (retry forever). + disable_retry_limit + # Use multiple threads for processing. + num_threads 2 + +metadata: + name: fluentd-es-config + namespace: logging +--- +# Kibana Service +apiVersion: v1 +kind: Service +metadata: + name: kibana + namespace: logging + labels: + app: kibana +spec: + ports: + - port: 5601 + protocol: TCP + targetPort: ui + selector: + app: kibana + type: NodePort +--- +# Kibana Deployment +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: kibana + namespace: logging + labels: + app: kibana + annotations: + sidecar.istio.io/inject: "false" +spec: + template: + metadata: + labels: + app: kibana + spec: + containers: + - name: kibana + image: docker.elastic.co/kibana/kibana-oss:6.1.1 + resources: + # need more cpu upon initialization, therefore burstable class + limits: + cpu: 1000m + requests: + cpu: 100m + env: + - name: ELASTICSEARCH_URL + value: http://elasticsearch:9200 + ports: + - containerPort: 5601 + name: ui + protocol: TCP +--- diff --git a/clover/logging/validate.py b/clover/logging/validate.py new file mode 100644 index 0000000..821f912 --- /dev/null +++ b/clover/logging/validate.py @@ -0,0 +1,56 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +from kubernetes import client, config +from kubernetes.stream import stream +import sh +import re + +FLUENTD_NAMESPACE = 'logging' +FLUENTD_PATTERN = 'fluentd-.*' +FLUENTD_LABELS = 'app=fluentd-es' +FLUENTD_INPUT = """ + type forward +""" + +def main(): + # Load config from default location. + config.load_kube_config() + + v1 = client.CoreV1Api() + + fluentd_pod_name = None + + # find by name + print("Find fluentd pod by name '{}'".format(FLUENTD_PATTERN)) + fluentd_regex = re.compile(FLUENTD_PATTERN) + resp = v1.list_namespaced_pod(FLUENTD_NAMESPACE) + for i in resp.items: + if fluentd_regex.search(i.metadata.name) is not None: + print(i.metadata.name) + + # find by label selector + print("Find fluentd pod by label selector '{}'".format(FLUENTD_LABELS)) + resp = v1.list_namespaced_pod(FLUENTD_NAMESPACE, label_selector=FLUENTD_LABELS) + for i in resp.items: + print(i.metadata.name) + fluentd_pod_name = i.metadata.name + + # check fluentd configuration + # NOTE: exec in Python librarry does not work well, use shell command as a workaround + # See https://github.com/kubernetes-client/python/issues/485 + result = sh.kubectl(( + 'exec -n logging ' + + fluentd_pod_name + + ' cat /etc/fluent/config.d/forward.input.conf').split()) + if FLUENTD_INPUT in result: + print("fluentd input configured correctly") + else: + print("fluentd input not configured\n{}".format(FLUENTD_INPUT)) + +if __name__ == '__main__': + main() diff --git a/docs/logging.rst b/docs/logging.rst new file mode 100644 index 0000000..196ba40 --- /dev/null +++ b/docs/logging.rst @@ -0,0 +1,28 @@ +####### +Logging +####### + +************ +Installation +************ + +Currently, we use the `sample configuration`_ in Istio to install fluentd:: + + cd clover/logging + kubectl apply -f install + +.. _sample configuration: https://istio.io/docs/tasks/telemetry/fluentd.html + +******** +Validate +******** + +The scripts in ``clover/logging`` validates fluentd installation:: + + python clover/logging/validate.py + +It validates the installation with the following criterias + +#. existence of fluented pod +#. fluentd input is configured correctly +#. TBD -- cgit 1.2.3-korg