diff options
39 files changed, 3222 insertions, 0 deletions
diff --git a/docs/lma/devguide.rst b/docs/lma/devguide.rst new file mode 100644 index 00000000..c72b8b12 --- /dev/null +++ b/docs/lma/devguide.rst @@ -0,0 +1,147 @@ +================= +Table of Contents +================= +.. contents:: +.. section-numbering:: + +Ansible Client-side +==================== + +Ansible File Organisation +-------------------------- +Files Structure:: + + ansible-client + ├── ansible.cfg + ├── hosts + ├── playbooks + │ └── setup.yaml + └── roles + ├── clean-td-agent + │ └── tasks + │ └── main.yml + └── td-agent + ├── files + │ └── td-agent.conf + └── tasks + └── main.yml + +Summary of roles +----------------- +====================== ====================== +Roles Description +====================== ====================== +``td-agent`` Install Td-agent & change configuration file +``clean-td-agent`` Unistall Td-agent +====================== ====================== + +Configurable Parameters +------------------------ +====================================================== ====================== ====================== +File (ansible-client/roles/) Parameter Description +====================================================== ====================== ====================== +``td-agent/files/td-agent.conf`` host Fluentd-server IP +``td-agent/files/td-agent.conf`` port Fluentd-Server Port +====================================================== ====================== ====================== + +Ansible Server-side +==================== + +Ansible File Organisation +-------------------------- +Files Structure:: + + ansible-server + ├── ansible.cfg + ├── group_vars + │ └── all.yml + ├── hosts + ├── playbooks + │ └── setup.yaml + └── roles + ├── clean-logging + │ └── tasks + │ └── main.yml + ├── k8s-master + │ └── tasks + │ └── main.yml + ├── k8s-pre + │ └── tasks + │ └── main.yml + ├── k8s-worker + │ └── tasks + │ └── main.yml + ├── logging + │ ├── files + │ │ ├── elastalert + │ │ │ ├── ealert-conf-cm.yaml + │ │ │ ├── ealert-key-cm.yaml + │ │ │ ├── ealert-rule-cm.yaml + │ │ │ └── elastalert.yaml + │ │ ├── elasticsearch + │ │ │ ├── elasticsearch.yaml + │ │ │ └── user-secret.yaml + │ │ ├── fluentd + │ │ │ ├── fluent-cm.yaml + │ │ │ ├── fluent-service.yaml + │ │ │ └── fluent.yaml + │ │ ├── kibana + │ │ │ └── kibana.yaml + │ │ ├── namespace.yaml + │ │ ├── nginx + │ │ │ ├── nginx-conf-cm.yaml + │ │ │ ├── nginx-key-cm.yaml + │ │ │ ├── nginx-service.yaml + │ │ │ └── nginx.yaml + │ │ ├── persistentVolume.yaml + │ │ └── storageClass.yaml + │ └── tasks + │ └── main.yml + └── nfs + └── tasks + └── main.yml + +Summary of roles +----------------- +====================== ====================== +Roles Description +====================== ====================== +``k8s-pre`` Pre-requisite for installing K8s, like installing docker & K8s, disable swap etc. +``k8s-master`` Reset K8s & make a master +``k8s-worker`` Join woker nodes with token +``logging`` EFK & elastalert setup in K8s +``clean logging`` Remove EFK & elastalert setup from K8s +``nfs`` Start a NFS server to store Elasticsearch data +====================== ====================== + +Configurable Parameters +------------------------ +========================================================================= ============================================ ====================== +File (ansible-server/roles/) Parameter name Description +========================================================================= ============================================ ====================== +**Role: logging** +``logging/files/persistentVolume.yaml`` storage Increase or Decrease Storage size of Persistent Volume size for each VM +``logging/files/kibana/kibana.yaml`` version To Change the Kibana Version +``logging/files/kibana/kibana.yaml`` count To increase or decrease the replica +``logging/files/elasticsearch/elasticsearch.yaml`` version To Change the Elasticsearch Version +``logging/files/elasticsearch/elasticsearch.yaml`` nodePort To Change Service Port +``logging/files/elasticsearch/elasticsearch.yaml`` storage Increase or Decrease Storage size of Elasticsearch data for each VM +``logging/files/elasticsearch/elasticsearch.yaml`` nodeAffinity -> values (hostname) In which VM Elasticsearch master or data pod will run (change the hostname to run the Elasticsearch master or data pod on a specific node) +``logging/files/elasticsearch/user-secret.yaml`` stringData Add Elasticsearch User & its roles (`Elastic Docs <https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-users-and-roles.html#k8s_file_realm>`_) +``logging/files/fluentd/fluent.yaml`` replicas To increase or decrease the replica +``logging/files/fluentd/fluent-service.yaml`` nodePort To Change Service Port +``logging/files/fluentd/fluent-cm.yaml`` index_template.json -> number_of_replicas To increase or decrease replica of data in Elasticsearch +``logging/files/fluentd/fluent-cm.yaml`` fluent.conf Server port & other Fluentd Configuration +``logging/files/nginx/nginx.yaml`` replicas To increase or decrease the replica +``logging/files/nginx/nginx-service.yaml`` nodePort To Change Service Port +``logging/files/nginx/nginx-key-cm.yaml`` kibana-access.key, kibana-access.pem Key file for HTTPs Connection +``logging/files/nginx/nginx-conf-cm.yaml`` - Nginx Configuration +``logging/files/elastalert/elastalert.yaml`` replicas To increase or decrease the replica +``logging/files/elastalert/ealert-key-cm.yaml`` elastalert.key, elastalert.pem Key file for HTTPs Connection +``logging/files/elastalert/ealert-conf-cm.yaml`` run_every How often ElastAlert will query Elasticsearch +``logging/files/elastalert/ealert-conf-cm.yaml`` alert_time_limit If an alert fails for some reason, ElastAlert will retry sending the alert until this time period has elapsed +``logging/files/elastalert/ealert-conf-cm.yaml`` es_host, es_port Elasticsearch Serivce name & port in K8s +``logging/files/elastalert/ealert-rule-cm.yaml`` http_post_url Alert Receiver IP (`Elastalert Rule Config <https://elastalert.readthedocs.io/en/latest/ruletypes.html>`_) +**Role: nfs** +``nfs/tasks/main.yml`` line Path of NFS storage +========================================================================= ============================================ ====================== diff --git a/docs/lma/logs/images/elasticsearch.png b/docs/lma/logs/images/elasticsearch.png Binary files differnew file mode 100644 index 00000000..f0b876f5 --- /dev/null +++ b/docs/lma/logs/images/elasticsearch.png diff --git a/docs/lma/logs/images/fluentd-cs.png b/docs/lma/logs/images/fluentd-cs.png Binary files differnew file mode 100644 index 00000000..513bb3ef --- /dev/null +++ b/docs/lma/logs/images/fluentd-cs.png diff --git a/docs/lma/logs/images/fluentd-ss.png b/docs/lma/logs/images/fluentd-ss.png Binary files differnew file mode 100644 index 00000000..4e9ab112 --- /dev/null +++ b/docs/lma/logs/images/fluentd-ss.png diff --git a/docs/lma/logs/images/nginx.png b/docs/lma/logs/images/nginx.png Binary files differnew file mode 100644 index 00000000..a0b00514 --- /dev/null +++ b/docs/lma/logs/images/nginx.png diff --git a/docs/lma/logs/images/setup.png b/docs/lma/logs/images/setup.png Binary files differnew file mode 100644 index 00000000..267685fa --- /dev/null +++ b/docs/lma/logs/images/setup.png diff --git a/docs/lma/logs/userguide.rst b/docs/lma/logs/userguide.rst new file mode 100644 index 00000000..b410ee6c --- /dev/null +++ b/docs/lma/logs/userguide.rst @@ -0,0 +1,348 @@ +================= +Table of Contents +================= +.. contents:: +.. section-numbering:: + +Setup +====== + +Prerequisites +------------------------- +- Require 3 VMs to setup K8s +- ``$ sudo yum install ansible`` +- ``$ pip install openshift pyyaml kubernetes`` (required for ansible K8s module) +- Update IPs in all these files (if changed) + ====================================================================== ====================== + Path Description + ====================================================================== ====================== + ``ansible-server/group_vars/all.yml`` IP of K8s apiserver and VM hostname + ``ansible-server/hosts`` IP of VMs to install + ``ansible-server/roles/logging/files/persistentVolume.yaml`` IP of NFS-Server + ``ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml`` IP of alert-receiver + ====================================================================== ====================== + +Architecture +-------------- +.. image:: images/setup.png + +Installation - Clientside +------------------------- + +Nodes +````` +- **Node1** = 10.10.120.21 +- **Node4** = 10.10.120.24 + +How installation is done? +````````````````````````` +- TD-agent installation + ``$ curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent3.sh | sh`` +- Copy the TD-agent config file in **Node1** + ``$ cp tdagent-client-config/node1.conf /etc/td-agent/td-agent.conf`` +- Copy the TD-agent config file in **Node4** + ``$ cp tdagent-client-config/node4.conf /etc/td-agent/td-agent.conf`` +- Restart the service + ``$ sudo service td-agent restart`` + +Installation - Serverside +------------------------- + +Nodes +````` +Inside Jumphost - POD12 + - **VM1** = 10.10.120.211 + - **VM2** = 10.10.120.203 + - **VM3** = 10.10.120.204 + + +How installation is done? +````````````````````````` +**Using Ansible:** + - **K8s** + - **Elasticsearch:** 1 Master & 1 Data node at each VM + - **Kibana:** 1 Replicas + - **Nginx:** 2 Replicas + - **Fluentd:** 2 Replicas + - **Elastalert:** 1 Replica (get duplicate alert, if increase replica) + - **NFS Server:** at each VM to store elasticsearch data at following path + - ``/srv/nfs/master`` + - ``/srv/nfs/data`` + +How to setup? +````````````` +- **To setup K8s cluster and EFK:** Run the ansible-playbook ``ansible/playbooks/setup.yaml`` +- **To clean everything:** Run the ansible-playbook ``ansible/playbooks/clean.yaml`` + +Do we have HA? +```````````````` +Yes + +Configuration +============= + +K8s +--- +Path of all yamls (Serverside) +```````````````````````````````` +``ansible-server/roles/logging/files/`` + +K8s namespace +````````````` +``logging`` + +K8s Service details +```````````````````` +``$ kubectl get svc -n logging`` + +Elasticsearch Configuration +--------------------------- + +Elasticsearch Setup Structure +````````````````````````````` +.. image:: images/elasticsearch.png + +Elasticsearch service details +````````````````````````````` +| **Service Name:** ``logging-es-http`` +| **Service Port:** ``9200`` +| **Service Type:** ``ClusterIP`` + +How to get elasticsearch default username & password? +````````````````````````````````````````````````````` +- User1 (custom user): + | **Username:** ``elasticsearch`` + | **Password:** ``password123`` +- User2 (by default created by Elastic Operator): + | **Username:** ``elastic`` + | To get default password: + | ``$ PASSWORD=$(kubectl get secret -n logging logging-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')`` + | ``$ echo $PASSWORD`` + +How to increase replica of any index? +```````````````````````````````````````` +| $ curl -k -u "elasticsearch:password123" -H 'Content-Type: application/json' -XPUT "https://10.10.120.211:9200/indexname*/_settings" -d ' +| { +| "index" : { +| "number_of_replicas" : "2" } +| }' + +Index Life +``````````` +**30 Days** + +Kibana Configuration +-------------------- + +Kibana Service details +```````````````````````` +| **Service Name:** ``logging-kb-http`` +| **Service Port:** ``5601`` +| **Service Type:** ``ClusterIP`` + +Nginx Configuration +-------------------- +IP +```` +https://10.10.120.211:32000 + +Nginx Setup Structure +````````````````````` +.. image:: images/nginx.png + +Ngnix Service details +````````````````````` +| **Service Name:** ``nginx`` +| **Service Port:** ``32000`` +| **Service Type:** ``NodePort`` + +Why NGINX is used? +``````````````````` +`Securing ELK using Nginx <https://logz.io/blog/securing-elk-nginx/>`_ + +Nginx Configuration +```````````````````` +**Path:** ``ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml`` + +Fluentd Configuration - Clientside (Td-agent) +--------------------------------------------- + +Fluentd Setup Structure +```````````````````````` +.. image:: images/fluentd-cs.png + +Log collection paths +````````````````````` +- ``/tmp/result*/*.log`` +- ``/tmp/result*/*.dat`` +- ``/tmp/result*/*.csv`` +- ``/tmp/result*/stc-liveresults.dat.*`` +- ``/var/log/userspace*.log`` +- ``/var/log/sriovdp/*.log.*`` +- ``/var/log/pods/**/*.log`` + +Logs sends to +````````````` +Another fluentd instance of K8s cluster (K8s Master: 10.10.120.211) at Jumphost. + +Td-agent logs +````````````` +Path of td-agent logs: ``/var/log/td-agent/td-agent.log`` + +Td-agent configuration +```````````````````````` +| Path of conf file: ``/etc/td-agent/td-agent.conf`` +| **If any changes is made in td-agent.conf then restart the td-agent service,** ``$ sudo service td-agent restart`` + +Config Description +```````````````````` +- Get the logs from collection path +- | Convert to this format + | { + | msg: "log line" + | log_path: “/file/path” + | file: “file.name” + | host: “pod12-node4” + | } +- Sends it to fluentd + +Fluentd Configuration - Serverside +---------------------------------- + +Fluentd Setup Structure +```````````````````````` +.. image:: images/fluentd-ss.png + +Fluentd Service details +```````````````````````` +| **Service Name:** ``fluentd`` +| **Service Port:** ``32224`` +| **Service Type:** ``NodePort`` + +Logs sends to +````````````` +Elasticsearch service (https://logging-es-http:9200) + +Config Description +```````````````````` +- **Step 1** + - Get the logs from Node1 & Node4 +- **Step 2** + ======================================== ====================== + log_path add tag (for routing) + ======================================== ====================== + ``/tmp/result.*/.*errors.dat`` errordat.log + ``/tmp/result.*/.*counts.dat`` countdat.log + ``/tmp/result.*/stc-liveresults.dat.tx`` stcdattx.log + ``/tmp/result.*/stc-liveresults.dat.rx`` stcdatrx.log + ``/tmp/result.*/.*Statistics.csv`` ixia.log + ``/tmp/result.*/vsperf-overall*`` vsperf.log + ``/tmp/result.*/vswitchd*`` vswitchd.log + ``/var/log/userspace*`` userspace.log + ``/var/log/sriovdp*`` sriovdp.log + ``/var/log/pods*`` pods.log + ======================================== ====================== + +- **Step 3** + Then parse each type using tags. + - error.conf: to find any error + - time-series.conf: to parse time series data + - time-analysis.conf: to calculate time analyasis +- **Step 4** + ================================ ====================== + host add tag (for routing) + ================================ ====================== + ``pod12-node4`` node4 + ``worker`` node1 + ================================ ====================== +- **Step 5** + ================================ ====================== + Tag elasticsearch + ================================ ====================== + ``node4`` index “node4*” + ``node1`` index “node1*” + ================================ ====================== + +Elastalert +---------- + +Send alert if +`````````````` +- Blacklist + - "Failed to run test" + - "Failed to execute in '30' seconds" + - "('Result', 'Failed')" + - "could not open socket: connection refused" + - "Input/output error" + - "dpdk|ERR|EAL: Error - exiting with code: 1" + - "Failed to execute in '30' seconds" + - "dpdk|ERR|EAL: Driver cannot attach the device" + - "dpdk|EMER|Cannot create lock on" + - "dpdk|ERR|VHOST_CONFIG: * device not found" +- Time + - vswitch_duration > 3 sec + +How to configure alert? +```````````````````````` +- Add your rule in ``ansible/roles/logging/files/elastalert/ealert-rule-cm.yaml`` (`Elastalert Rule Config <https://elastalert.readthedocs.io/en/latest/ruletypes.html>`_) + | name: anything + | type: <check-above-link> #The RuleType to use + | index: node4* #index name + | realert: + | minutes: 0 #to get alert for all cases after each interval + | alert: post #To send alert as HTTP POST + | http_post_url: "http://url" + +- Mount this file to elastalert pod in ``ansible/roles/logging/files/elastalert/elastalert.yaml``. + +Alert Format +```````````` +{"type": "pattern-match", "label": "failed", "index": "node4-20200815", "log": "error-log-line", "log-path": "/tmp/result/file.log", "reson": "error-message" } + +Data Management +=============== + +Elasticsearch +------------- + +Where data is stored now? +````````````````````````` +Data is stored in NFS server with 1 replica of each index (default). Path of data are following: + - ``/srv/nfs/data (VM1)`` + - ``/srv/nfs/data (VM2)`` + - ``/srv/nfs/data (VM3)`` + - ``/srv/nfs/master (VM1)`` + - ``/srv/nfs/master (VM2)`` + - ``/srv/nfs/master (VM3)`` +If user wants to change from NFS to local storage +`````````````````````````````````````````````````` +Yes, user can do this, need to configure persistent volume. (``ansible-server/roles/logging/files/persistentVolume.yaml``) + +Do we have backup of data? +```````````````````````````` +1 replica of each index + +When K8s restart, the data is still accessible? +````````````````````````````````````````````````````` +Yes (If data is not deleted from /srv/nfs/data) + +Troubleshooting +=============== +If no logs receiving in Elasticsearch +-------------------------------------- +- Check IP & port of server-fluentd in client config. +- Check client-fluentd logs, ``$ sudo tail -f /var/log/td-agent/td-agent.log`` +- Check server-fluentd logs, ``$ sudo kubectl logs -n logging <fluentd-pod-name>`` + +If no notification received +--------------------------- +- Search your "log" in Elasticsearch. +- Check config of elastalert +- Check IP of alert-receiver + +Reference +========= +- `Elastic cloud on K8s <https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html>`_ +- `HA Elasticsearch on K8s <https://www.elastic.co/blog/high-availability-elasticsearch-on-kubernetes-with-eck-and-gke>`_ +- `Fluentd Configuration <https://docs.fluentd.org/configuration/config-file>`_ +- `Elastalert Rule Config <https://elastalert.readthedocs.io/en/latest/ruletypes.html>`_
\ No newline at end of file diff --git a/tools/lma/ansible-client/playbooks/setup.yaml b/tools/lma/ansible-client/playbooks/setup.yaml new file mode 100644 index 00000000..c79ee347 --- /dev/null +++ b/tools/lma/ansible-client/playbooks/setup.yaml @@ -0,0 +1,28 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#setup td-agent +- name: setup td-agent + hosts: all + roles: + - td-agent + +- name: setup collectd + hosts: all + vars_prompt: + - name: host_name + prompt: "Enter host_name for collectd configuration" + private: no + roles: + - collectd diff --git a/tools/lma/ansible-client/roles/clean-td-agent/tasks/main.yml b/tools/lma/ansible-client/roles/clean-td-agent/tasks/main.yml new file mode 100644 index 00000000..7c59c698 --- /dev/null +++ b/tools/lma/ansible-client/roles/clean-td-agent/tasks/main.yml @@ -0,0 +1,28 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +#TD-agent uninstallation +- name: TD-agent Uninstallation + yum: + name: td-agent + state: absent + +- name: removing folder + file: + path: "{{ item }}" + state: absent + with_items: + - /etc/td-agent/ + - /var/log/td-agent/ diff --git a/tools/lma/ansible-client/roles/td-agent/files/td-agent.conf b/tools/lma/ansible-client/roles/td-agent/files/td-agent.conf new file mode 100644 index 00000000..9d656e65 --- /dev/null +++ b/tools/lma/ansible-client/roles/td-agent/files/td-agent.conf @@ -0,0 +1,63 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +<source> + @type tail + path /tmp/result*/*.log, /tmp/result*/*.dat, /tmp/result*/*.csv, /tmp/result*/stc-liveresults.dat.*, /var/log/userspace*.log, /var/log/sriovdp/*.log.*, /var/log/pods/**/*.log + path_key log_path +# read_from_head true + + <parse> + @type regexp + expression ^(?<msg>.*)$ + </parse> + + tag log.test +</source> + +<filter log.test> + @type record_transformer + enable_ruby + <record> + host "#{Socket.gethostname}" + </record> +</filter> + + +<filter log.test> + @type parser + key_name log_path + reserve_data true + <parse> + @type regexp + expression /.*\/(?<file>.*)/ + </parse> +</filter> + +<match log.test> + @type copy + + <store> + @type forward + send_timeout 10s + <server> + host 10.10.120.211 + port 32224 + </server> + </store> + + <store> + @type stdout + </store> +</match>
\ No newline at end of file diff --git a/tools/lma/ansible-client/roles/td-agent/tasks/main.yml b/tools/lma/ansible-client/roles/td-agent/tasks/main.yml new file mode 100644 index 00000000..c7f50765 --- /dev/null +++ b/tools/lma/ansible-client/roles/td-agent/tasks/main.yml @@ -0,0 +1,30 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#TD-agent setup +- name: TD-agent installation + shell: curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent4.sh | sh + +#replace the config file +- name: Replace the content of my file + copy: + src: ../files/td-agent.conf + dest: /etc/td-agent/td-agent.conf + +#start the service +- name: Starting and Enabling the TD-agent services + service: + name: td-agent + state: started + enabled: yes diff --git a/tools/lma/ansible-server/playbooks/setup.yaml b/tools/lma/ansible-server/playbooks/setup.yaml new file mode 100644 index 00000000..1f5ed1f5 --- /dev/null +++ b/tools/lma/ansible-server/playbooks/setup.yaml @@ -0,0 +1,44 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#Pre-requisites for k8s and NFS server +- name: Pre-requisites for k8s in all the nodes + hosts: all + roles: + - k8s-pre + - nfs + +#master setup for k8s +- name: master setup for k8s + hosts: master + roles: + - k8s-master + +#worker setup for k8s +- name: worker setup for k8s + hosts: worker-nodes + roles: + - k8s-worker + +#EFK setup in k8s +- name: EFK setup in k8s + hosts: master + roles: + - logging + +#PAG setup in k8s +- name: PAG setup in k8s + hosts: master + roles: + - monitoring diff --git a/tools/lma/ansible-server/roles/clean-logging/tasks/main.yml b/tools/lma/ansible-server/roles/clean-logging/tasks/main.yml new file mode 100644 index 00000000..259065ed --- /dev/null +++ b/tools/lma/ansible-server/roles/clean-logging/tasks/main.yml @@ -0,0 +1,193 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#Deleting EFK setup from k8s cluster + +#check kubelet is running or not +- name: check for kubelet + shell: "systemctl status kubelet" + register: _svc_kubelet + failed_when: _svc_kubelet.rc != 0 and ("could not be found" not in _svc_kubelet.stderr) + +#*********************************************************************************************************** +#copy all yaml to /tmp/files/ +#*********************************************************************************************************** +- name: copy all yaml to /tmp/files/ + copy: + src: ../../logging/files/ + dest: /tmp/files/ + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Stop elastalert +#*********************************************************************************************************** +- name: Delete elastalert config configmap + k8s: + state: absent + src: /tmp/files/elastalert/ealert-conf-cm.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete elastalert key configmap + k8s: + state: absent + src: /tmp/files/elastalert/ealert-key-cm.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete elastalert rule configmap + k8s: + state: absent + src: /tmp/files/elastalert/ealert-rule-cm.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete elastalert pod + k8s: + state: absent + src: /tmp/files/elastalert/elastalert.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Stop fluentd +#*********************************************************************************************************** + +- name: Delete fluentd service + k8s: + state: absent + src: /tmp/files/fluentd/fluent-service.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete fluentd configmap + k8s: + state: absent + src: /tmp/files/fluentd/fluent-cm.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete fluentd pod + k8s: + state: absent + src: /tmp/files/fluentd/fluent.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Stop nginx +#*********************************************************************************************************** +- name: Delete nginx service + k8s: + state: absent + src: /tmp/files/nginx/nginx-service.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete nginx configmap + k8s: + state: absent + src: /tmp/files/nginx/nginx-conf-cm.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete nginx key configmap + k8s: + state: absent + src: /tmp/files/nginx/nginx-key-cm.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +- name: Delete nginx pod + k8s: + state: absent + src: /tmp/files/nginx/nginx.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Stop Kibana +#*********************************************************************************************************** +- name: Stopping Kibana + k8s: + state: absent + src: /tmp/files/kibana/kibana.yaml + namespace: logging + ignore_errors: yes + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Stop Elasticsearch +#*********************************************************************************************************** +- name: Stopping Elasticsearch + k8s: + state: absent + src: /tmp/files/elasticsearch/elasticsearch.yaml + namespace: logging + ignore_errors: yes + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Stop Elasticsearch operator +#*********************************************************************************************************** +- name: Stopping Elasticsearch operator + shell: kubectl delete -f https://download.elastic.co/downloads/eck/1.2.0/all-in-one.yaml + ignore_errors: yes + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Delete Persistent Volume +#*********************************************************************************************************** +- name: Deleting Persistent Volume + k8s: + state: absent + src: /tmp/files/persistentVolume.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Delete Storage Class +#*********************************************************************************************************** +- name: Deleting Storage Class + k8s: + state: absent + src: /tmp/files/storageClass.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#IF KUBELET IS RUNNING, THEN +#Delete Namespace +#*********************************************************************************************************** +- name: Deleting Namespace + k8s: + state: absent + src: /tmp/files/namespace.yaml + namespace: logging + when: "_svc_kubelet.rc == 0" + +#*********************************************************************************************************** +#removing /tmp/files +#*********************************************************************************************************** +- name: Removing /tmp/files + file: + path: "/tmp/files" + state: absent diff --git a/tools/lma/ansible-server/roles/k8s-master/tasks/main.yml b/tools/lma/ansible-server/roles/k8s-master/tasks/main.yml new file mode 100644 index 00000000..edc8f10b --- /dev/null +++ b/tools/lma/ansible-server/roles/k8s-master/tasks/main.yml @@ -0,0 +1,49 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#pull k8s images +- name: Pulling images required for setting up a Kubernetes cluster + shell: kubeadm config images pull + +#reset k8s +- name: Resetting kubeadm + shell: kubeadm reset -f + +#init k8s +- name: Initializing Kubernetes cluster + shell: kubeadm init --apiserver-advertise-address {{ad_addr}} --pod-network-cidr={{pod_cidr}} + +#Copying required files +- name: Copying required files + shell: | + mkdir -p $HOME/.kube + sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config + sudo chown $(id -u):$(id -g) $HOME/.kube/config + +#get token +- name: Storing token for future purpose. + shell: kubeadm token create --print-join-command + register: token + +#save token to join worker +- name: Storing token for worker + local_action: copy content={{ token.stdout }} dest={{ token_file }} + +#install calico +- name: Install Network Add-on + command: kubectl apply -f https://docs.projectcalico.org/v3.11/manifests/calico.yaml + +#Taint master +- name: Taint master + command: kubectl taint nodes --all node-role.kubernetes.io/master- diff --git a/tools/lma/ansible-server/roles/k8s-pre/tasks/main.yml b/tools/lma/ansible-server/roles/k8s-pre/tasks/main.yml new file mode 100644 index 00000000..95526a28 --- /dev/null +++ b/tools/lma/ansible-server/roles/k8s-pre/tasks/main.yml @@ -0,0 +1,72 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- + +#Disabling Swap +- name: Disabling Swap on all nodes + shell: swapoff -a + +#Commenting Swap entries +- name: Commenting Swap entries in /etc/fstab + replace: + path: /etc/fstab + regexp: '(^/.*swap*)' + replace: '# \1' + +#Stopping firewalld +- name: 'Stopping firewall' + service: + name: firewalld + state: stopped + enabled: no + +#Disabling SELinux +- name: Disabling SELinux on all nodes + shell: | + setenforce 0 + sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config + +#installing docker +- name: Installing Docker + shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + +#Adding K8s repo +- name: Adding repository details in Kubernetes repo file. + blockinfile: + path: /etc/yum.repos.d/kubernetes.repo + block: | + [kubernetes] + name=Kubernetes + baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 + enabled=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +#installing K8s ans docker +- name: Installing K8s + yum: + name: ['kubeadm', 'kubectl', 'kubelet', 'docker-ce'] + state: present + +#Starting docker and kubelet services +- name: Starting and Enabling the required services + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: + - docker + - kubelet diff --git a/tools/lma/ansible-server/roles/k8s-worker/tasks/main.yml b/tools/lma/ansible-server/roles/k8s-worker/tasks/main.yml new file mode 100644 index 00000000..89d2b373 --- /dev/null +++ b/tools/lma/ansible-server/roles/k8s-worker/tasks/main.yml @@ -0,0 +1,24 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#Worker + +- name: Copying token to worker nodes + copy: src={{ token_file }} dest=join_token + +- name: Joining worker nodes with kubernetes master + shell: | + kubeadm reset -f + cat join_token | tail -1 > out.sh + sh out.sh diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml new file mode 100644 index 00000000..a320ef75 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml @@ -0,0 +1,48 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastalert-config +data: + elastalert.yaml: | + # This is the folder that contains the rule yaml files + # Any .yaml file will be loaded as a rule + rules_folder: rules + # How often ElastAlert will query Elasticsearch + # The unit can be anything from weeks to seconds + run_every: + minutes: 1 + # ElastAlert will buffer results from the most recent + # period of time, in case some log sources are not in real time + buffer_time: + minutes: 15 + + scan_subdirectories: false + + # The Elasticsearch hostname for metadata writeback + # Note that every rule can have its own Elasticsearch host + es_host: logging-es-http + es_port: 9200 + es_username: ${ES_USERNAME} + es_password: ${ES_PASSWORD} + es_conn_timeout: 120 + verify_certs: False + use_ssl: True + client_cert: '/opt/elastalert/key/elastalert.pem' + client_key: '/opt/elastalert/key/elastalert.key' + writeback_index: elastalert_status + writeback_alias: elastalert_alerts + alert_time_limit: + days: 2 diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml new file mode 100644 index 00000000..0c606a9c --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml @@ -0,0 +1,68 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastalert-key +data: + elastalert.key: | + -----BEGIN PRIVATE KEY----- + MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC0uQ+B0gy3VB4w + 5CeWOx575lqSUuYvrGW3ILpV1gmj0ZZCMZUGvt4UvaCEaNPIAqNaHPmaslQqJb5C + PJH9pMN7vUVp3DACzmYrS4HdROHamn5gjebXs4hq43heLaIB1Kb+4F+7sEY88irK + xOevadcN35y5ld7lVUGRsj6JYcweaAeh/YZ/HaBT5RfdGF+x07NDus+mFqT8j3PD + rs2+JtEvEoWtjcxwFgloc9GkHsWZoV1AQHgyAWjmDXZtZeV0HQSkl7hWFG9vxTni + DvdrdhX0g+D+u8jWnlR4Za4jd64KbTp9C9trSHyMSRIvN5obm/H8O5MQ+sZ+NQ0X + PdK92MjbAgMBAAECggEASbRPxrpLxVjhFz91haeGvzErLxHwHvFIam9Gj0tDkzQe + +9AM3ztohzzvAhFejevFgzLd+WFRQf8yoQDi6XcQ4p5GeO38Bqj2siGRTRSSp/zq + HabBxqbJtA4hQQeLUwPPN5N6d6lke+an3RqBAuE/e8D+whGFXjJvE2SGbLEd9if2 + uzHj37sPsVi8kRvgZBDOozmt7YFzQVO/1V+4Lw6nz48M3t+hOHaUXY0Yd8nsk5A6 + kgoDQ4CGUHjtWfSrccZrYNk51Zows9/sX8axfJ94wKJSImWJcuW9PXIQhzT4exnH + sPOwY6Noy3nXRk9gcchT60fKpp+tsJZk3ezkwSpgwQKBgQDvsaYcbnIVdFZpaNKF + Tmt/w60CmfGeNozRygfi84ot7edUf93cB6WSKChcAE8fbq9Ji5USPNtfbnZfFXsI + IyTr2KHW3RkHuDEyu+Lan9JuReEH3QOG83vvN/oYA3J3hqUTCjEGkPjqnoFtdk8L + f7WH1jZvXYEMo0C48SXo+yGohQKBgQDBBGkzL928j1QB9NfiNFk70EalDsF8Im2W + n8bQ54KYspUybKD/Hmw0jIV7kdu2vhgGC4RYkn9c5qATtulbYJUgUBelaSi0vhXT + gfAuO+JIIZ50P+mkkxH/KIUyu1xWUB2jtMulqLLomdoBvfp/u51qCY6fT3WMCB+R + ouWLr2oZ3wKBgQCAuas4AaiLFRuDKKRGq0LYLsIvb3VvPmSKFjH+FETVPbrKipEf + pYup3p8uKYxUmSDSIoBAdyZpLe2sSuD0Ecu2TXU86yiSGL1zPawrNUHRrv2XN365 + bvHUGv/Y/aDvyAPHIeYKXLkRZ2ai3rK8vi1Dcitxy4mOu+36ZKezY4tD8QKBgQCd + hakJUj4nPd20fwqUnF5a1z5gRGuZkEtZiunp4ZaOYegrL8YwjraGKExjrYTfXcIj + ZNDMrDpvKfRoQnWt0mPB7DtwDiNfZmZPqBLI2Kxya6VygBqA6lncoEgcQBY6hsW5 + rbopZ0UjWTQ3CcFe71GnkUcpMuLetl51L7kgR7dShwKBgQC+vqjhe/h081JGLTo1 + tKeRUCaDA/V3VHjFKgM5g+S3/KzgU/EaB1rq3Qja1quGv0zHveca3zibdNQi1ENm + KSutWh2zQXzzvmycPmVcthhOxaKzRXDjG0mXiA0bnSgK3F2o9t4196RYhIiiSvAH + shVjZMTK04h8ciTLIqK/GtZr+g== + -----END PRIVATE KEY----- + elastalert.pem: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIJAORgkR7Y0Nk9MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV + BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg + Q29tcGFueSBMdGQwHhcNMjAwNjI4MTM1NjAwWhcNMjEwNjI4MTM1NjAwWjBCMQsw + CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh + dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + tLkPgdIMt1QeMOQnljsee+ZaklLmL6xltyC6VdYJo9GWQjGVBr7eFL2ghGjTyAKj + Whz5mrJUKiW+QjyR/aTDe71FadwwAs5mK0uB3UTh2pp+YI3m17OIauN4Xi2iAdSm + /uBfu7BGPPIqysTnr2nXDd+cuZXe5VVBkbI+iWHMHmgHof2Gfx2gU+UX3RhfsdOz + Q7rPphak/I9zw67NvibRLxKFrY3McBYJaHPRpB7FmaFdQEB4MgFo5g12bWXldB0E + pJe4VhRvb8U54g73a3YV9IPg/rvI1p5UeGWuI3euCm06fQvba0h8jEkSLzeaG5vx + /DuTEPrGfjUNFz3SvdjI2wIDAQABo1AwTjAdBgNVHQ4EFgQUFAvjohHTavHmbRbj + Yq2h3cq7UMEwHwYDVR0jBBgwFoAUFAvjohHTavHmbRbjYq2h3cq7UMEwDAYDVR0T + BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAB9oDASl4OfF/D49i3KtVzjzge4up + WssBPYKVwASh3cXfLLe3NdY9ihdCXFd/8Rus0hBGaRPIyR06sZoHRDEfJ2xrRD6g + pr4iHRfaoEWqols7+iW0cgQehvw5efEpFL1vg9zK9kOwruS4ZUhDrak6GcO/O8Jh + 6lSGmidHSHrQmfqFeTotaezwylV/uHvRZHPvk2JhQfC+vFjn5/iN/0wCeQCwYvOC + rePq2ZFdYg/0bS9BYwKsT2w1Z/AU/wIMLmbNB1af+fTBBEQlxb4rAeDb+J9EoSQ5 + MVP7jm3BVnHQCs6CA4LV4yRQNF2K6GkWem1oUg/H3S2SG8TAUlKpX/1XRw== + -----END CERTIFICATE----- diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml new file mode 100644 index 00000000..af28b6f6 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml @@ -0,0 +1,132 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastalert-rule +data: + rule-node4-vswitch.yaml: | + name: vswitch-3-sec + type: any + index: node4* + filter: + - range: + time_vswitchd: + gt: 3 #Greater than + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: threshold + label: vswitchd start time > 3 sec + http_post_payload: + index: _index + log: msg + log_path: log_path + time_vswitchd: time_vswitchd + num_hits: num_hits + num_matches: num_matches + + rule-node1-vswitch.yaml: | + name: vswitch-3-sec + type: any + index: node1* + filter: + - range: + time_vswitchd: + gt: 3 #Greater than + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: threshold + label: vswitchd start time > 3 sec + http_post_payload: + index: _index + log: msg + log_path: log_path + time_vswitchd: time_vswitchd + num_hits: num_hits + num_matches: num_matches + + rule-node4-blacklist.yaml: | + name: error-finder-node4 + type: blacklist + compare_key: alert + index: node4* + blacklist: + - "Failed to run test" + - "Failed to execute in '30' seconds" + - "('Result', 'Failed')" + - "could not open socket: connection refused" + - "Input/output error" + - "dpdk|ERR|EAL: Error - exiting with code: 1" + - "Failed to execute in '30' seconds" + - "dpdk|ERR|EAL: Driver cannot attach the device" + - "dpdk|EMER|Cannot create lock on" + - "device not found" + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: pattern-match + label: failed + http_post_payload: + index: _index + log: msg + log_path: log_path + reason: alert + num_hits: num_hits + num_matches: num_matches + rule-node1-blacklist.yaml: | + name: error-finder-node1 + type: blacklist + compare_key: alert + index: node1* + blacklist: + - "Failed to run test" + - "Failed to execute in '30' seconds" + - "('Result', 'Failed')" + - "could not open socket: connection refused" + - "Input/output error" + - "dpdk|ERR|EAL: Error - exiting with code: 1" + - "Failed to execute in '30' seconds" + - "dpdk|ERR|EAL: Driver cannot attach the device" + - "dpdk|EMER|Cannot create lock on" + - "device not found" + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: pattern-match + label: failed + http_post_payload: + index: _index + log: msg + log_path: log_path + reason: alert + num_hits: num_hits + num_matches: num_matches diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml new file mode 100644 index 00000000..9e32e2b7 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml @@ -0,0 +1,76 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: elastalert +spec: + replicas: 1 + selector: + matchLabels: + run: elastalert + template: + metadata: + labels: + run: elastalert + spec: + volumes: + - name: econfig + configMap: + name: elastalert-config + items: + - key: elastalert.yaml + path: elastalert.yaml + - name: erule + configMap: + name: elastalert-rule + items: + - key: rule-node4-vswitch.yaml + path: rule-node4-vswitch.yaml + - key: rule-node4-blacklist.yaml + path: rule-node4-blacklist.yaml + - key: rule-node1-blacklist.yaml + path: rule-node1-blacklist.yaml + - name: ekey + configMap: + name: elastalert-key + items: + - key: elastalert.key + path: elastalert.key + - key: elastalert.pem + path: elastalert.pem + initContainers: + - name: init-myservice + image: busybox:1.28 + command: ['sh', '-c', 'until nslookup logging-es-http; do echo "waiting for myservice"; sleep 2; done;'] + containers: + - name: elastalert + image: adi0509/elastalert:latest + env: + - name: ES_USERNAME + value: "elastic" + - name: ES_PASSWORD + valueFrom: + secretKeyRef: + name: logging-es-elastic-user + key: elastic + command: [ "sh", "-c"] + args: ["elastalert-create-index --config /opt/elastalert/elastalert.yaml; python -m elastalert.elastalert --config /opt/elastalert/elastalert.yaml"] + volumeMounts: + - mountPath: /opt/elastalert/ + name: econfig + - mountPath: /opt/elastalert/rules/ + name: erule + - mountPath: /opt/elastalert/key + name: ekey diff --git a/tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml b/tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml new file mode 100644 index 00000000..5b0a8476 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml @@ -0,0 +1,231 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: logging +spec: + version: 7.8.0 + http: + service: + spec: + type: NodePort + ports: + - name: https + nodePort: 31111 + port: 9200 + protocol: TCP + targetPort: 9200 + auth: + fileRealm: + - secretName: custom-user + nodeSets: + - name: vm1-master + count: 1 + config: + node.master: true + node.data: false + node.attr.zone: vm1 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm1-master + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm1 + - name: vm1-data + count: 1 + config: + node.master: false + node.data: true + node.attr.zone: vm1 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm1-data + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm1 + - name: vm2-master + count: 1 + config: + node.master: true + node.data: false + node.attr.zone: vm2 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm2-master + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm2 + - name: vm2-data + count: 1 + config: + node.master: false + node.data: true + node.attr.zone: vm2 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm2-data + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm2 + - name: vm3-master + count: 1 + config: + node.master: true + node.data: false + node.attr.zone: vm3 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm3-master + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm3 + - name: vm3-data + count: 1 + config: + node.master: false + node.data: true + node.attr.zone: vm3 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm3-data + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm3 diff --git a/tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml b/tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml new file mode 100644 index 00000000..3e71fe92 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml @@ -0,0 +1,23 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: Secret +apiVersion: v1 +metadata: + name: custom-user +stringData: + users: |- + elasticsearch:$2a$10$DzOu7/.Vo2FBDYworbUZe.LNL9tCUl18kpVZ6C/mvkKcXRzYrpmJu + users_roles: |- + kibana_admin:elasticsearch + superuser:elasticsearch diff --git a/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml new file mode 100644 index 00000000..36ff80d6 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml @@ -0,0 +1,525 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: fluentd-config +data: + index_template.json: | + { + "index_patterns": [ + "node*" + ], + "settings": { + "index.lifecycle.name": "delete_policy", + "number_of_replicas": 1 + } + } + fluent.conf: | + <source> + @type forward + port 24224 + bind 0.0.0.0 + tag log + </source> + + #tag the .dat file + <match log> + @type rewrite_tag_filter + #Trex data + <rule> + key log_path + pattern /\/tmp\/result.*\/.*counts.dat/ + tag countdat.${tag} + </rule> + <rule> + key log_path + pattern /\/tmp\/result.*\/.*errors.dat/ + tag errordat.${tag} + </rule> + #Spirent data + <rule> + key log_path + pattern /\/tmp\/result.*\/stc-liveresults.dat.tx/ + tag stcdattx.${tag} + </rule> + <rule> + key log_path + pattern /\/tmp\/result.*\/stc-liveresults.dat.rx/ + tag stcdatrx.${tag} + </rule> + #Ixia data + <rule> + key log_path + pattern /\/tmp\/result.*\/.*Statistics.csv/ + tag ixia.${tag} + </rule> + #log files + <rule> + key log_path + pattern /vsperf-overall/ + tag vsperf.${tag} + </rule> + <rule> + key log_path + pattern /vswitchd/ + tag vswitchd.${tag} + </rule> + <rule> + key log_path + pattern /\/var\/log\/userspace/ + tag userspace.${tag} + </rule> + <rule> + key log_path + pattern /\/var\/log\/sriovdp/ + tag sriovdp.${tag} + </rule> + <rule> + key log_path + pattern /\/var\/log\/pods/ + tag pods.${tag} + </rule> + </match> + + #to find error + @include error.conf + + #to parse time-series data + @include time-series.conf + + #to calculate time analysis + @include time-analysis.conf + + #give tag 'node1' if host is worker and tag 'node4' if host is pod12-node4 + <match **.log> + @type rewrite_tag_filter + <rule> + key host + pattern /pod12-node4/ + tag node4 + </rule> + <rule> + key host + pattern /worker/ + tag node1 + </rule> + </match> + + + <filter node1> + @type elasticsearch_genid + hash_id_key _hash1 + </filter> + + #send the node1 log to node1 index in elasticsearch + <match node1> + @type copy + <store> + @type elasticsearch + host logging-es-http + port 9200 + scheme https + ssl_verify false + user "#{ENV['FLUENT_ELASTICSEARCH_USER']}" + password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}" + logstash_format true + logstash_prefix node1 + logstash_dateformat %Y%m%d + flush_interval 1s + id_key _hash1 + remove_keys _hash1 + + enable_ilm true + application_name ${tag} + index_date_pattern "" + ilm_policy_id delete_policy + template_name delpol-test + template_file /fluentd/etc/index_template.json + ilm_policy { + "policy": { + "phases": { + "delete": { + "min_age": "3m", + "actions": { + "delete": {} + } + } + } + } + } + </store> + <store> + @type stdout + </store> + </match> + + <filter node4> + @type elasticsearch_genid + hash_id_key _hash4 + </filter> + + #send the node4 log to node4 index in elasticsearch + <match node4> + @type copy + <store> + @type elasticsearch + host logging-es-http + port 9200 + scheme https + ssl_verify false + user "#{ENV['FLUENT_ELASTICSEARCH_USER']}" + password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}" + logstash_format true + logstash_prefix node4 + logstash_dateformat %Y%m%d + flush_interval 1s + id_key _hash4 + remove_keys _hash4 + + enable_ilm true + application_name ${tag} + index_date_pattern "" + ilm_policy_id delete_policy + template_name delpol-test + template_file /fluentd/etc/index_template.json + ilm_policy { + "policy": { + "phases": { + "delete": { + "min_age": "3m", + "actions": { + "delete": {} + } + } + } + } + } + </store> + <store> + @type stdout + </store> + </match> + error.conf: | + <filter vsperf.log> + @type parser + reserve_data true + key_name msg + emit_invalid_record_to_error false + <parse> + @type regexp + expression /(?<alert_time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}).*(?<alert>Failed to run test|Failed to execute in '30' seconds|\('Result', 'Failed'\)|could not open socket: connection refused|Input\/output error)/ + </parse> + </filter> + + <filter vswitchd.log> + @type parser + reserve_data true + key_name msg + emit_invalid_record_to_error false + <parse> + @type regexp + expression /(?<alert_time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z).*(?<alert>dpdk\|ERR\|EAL: Error - exiting with code: 1|Failed to execute in '30' seconds|dpdk\|ERR\|EAL: Driver cannot attach the device|dpdk\|EMER\|Cannot create lock on)/ + </parse> + </filter> + <filter vswitchd.log> + @type parser + reserve_data true + key_name msg + emit_invalid_record_to_error false + <parse> + @type regexp + expression /(?<alert_time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z).*dpdk\|ERR\|VHOST_CONFIG:.*(?<alert>device not found)/ + </parse> + </filter> + time-series.conf: | + #parse *counts.dat + <filter countdat.log> + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + <parse> + @type regexp + expression /^(?<ts>[\.\d]*),(?<rx_port>\d*),(?<tx_port>\d*),(?<rx_pkts>[\.\d]*),(?<tx_pkts>[\.\d]*),(?<rx_pps>[\.\d]*),(?<tx_pps>[\.\d]*),(?<rx_bps_num>[\.\d]*),(?<rx_bps_den>[\.\d]*),(?<tx_bps_num>[\.\d]*),(?<tx_bps_den>[\.\d]*)$/ + types rx_port:integer,tx_port:integer,rx_pkts:float,tx_pkts:float,rx_pps:float,tx_pps:float,rx_bps_num:float,rx_bps_den:float,tx_bps_num:float,tx_bps_den:float + </parse> + </filter> + + #parse *errors.dat + <filter errordat.log> + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + <parse> + @type regexp + expression /^(?<ts>[\.\d]*),(?<dropped>[\.\d]*),(?<ooo>[\.\d]*),(?<dup>[\.\d]*),(?<seq_too_high>[\.\d]*),(?<seq_too_low>[\.\d]*)$/ + types ts:integer,dropped:integer,ooo:integer,dup:integer,seq_too_high:integer,seq_too_low:integer + </parse> + </filter> + + #parse stc-liveresults.dat.tx + <filter stcdattx.log> + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + <parse> + @type regexp + expression /^(?<ts>[\.\d]*),(?<StrId>[\.\d]*),(?<BlkId>[\.\d]*),(?<FrCnt>[\.\d]*),(?<FrRate>[\.\d]*),(?<ERxFrCnt>[\.\d]*),(?<OctCnt>[\.\d]*),(?<OctRate>[\.\d]*),(?<bitCnt>[\.\d]*),(?<bitRate>[\.\d]*)$/ + types ts:integer,StrId:integer,BlkId:integer,FrCnt:integer,FrRate:integer,ERxFrCnt:integer,OctCnt:integer,OctRate:integer,bitCnt:integer,bitRate:integer + </parse> + </filter> + + #parse stc-liveresults.dat.rx + <filter stcdatrx.log> + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + <parse> + @type regexp + expression /^(?<ts>[\.\d]*),(.*, |)(?<RxPrt>.*),(?<DrpFrCnt>[\.\d]*),(?<SeqRnLen>[\.\d]*),(?<AvgLat>.*),(?<DrpFrRate>[\.\d]*),(?<FrCnt>[\.\d]*),(?<FrRate>[\.\d]*),(?<MaxLat>[\.\d]*),(?<MinLat>[\.\d]*),(?<OctCnt>[\.\d]*),(?<OctRate>[\.\d]*)$/ + types ts:integer,DrpFrCnt:integer,SeqRnLen:integer,FrCnt:integer,FrRate:integer,MaxLat:integer,MinLat:integer,OctCnt:integer,OctRate:integer + </parse> + </filter> + time-analysis.conf: | + # 1. Test Duration - Duration Between: first line and last line. + # 2. Setup Duration - Duration Between: Creating result directory TO Class found --- + # 3. Traffic Duration - Duration between From Starting traffic at 0.1 Gbps speed TO Traffic Results + # 4. Iteration Durations -- Example: Duration between - Starting traffic at 10.0 Gbps TO Starting traffic at 5.0 Gbps speed + # 5. Reporting Duration - Duration between From Traffic Results TO Write results to file + # 6. Vswitchd start Duration- Duration between From Starting vswitchd... TO send_traffic with + + <match vsperf.log> + @type rewrite_tag_filter + <rule> + key msg + pattern /Creating result directory:/ + tag firstline.${tag} + </rule> + <rule> + key msg + pattern /Write results to file/ + tag lastline.${tag} + </rule> + + <rule> + key msg + pattern /Class found/ + tag setupend.${tag} + </rule> + <rule> + key msg + pattern /Starting traffic at 0.1 Gbps speed/ + tag trafficstart.${tag} + </rule> + <rule> + key msg + pattern /Traffic Results/ + tag trafficend.${tag} + </rule> + <rule> + key msg + pattern /Starting traffic at 10.0 Gbps/ + tag iterationstart.${tag} + </rule> + <rule> + key msg + pattern /Starting traffic at 5.0 Gbps speed/ + tag iterationend.${tag} + </rule> + <rule> + key msg + pattern /Starting vswitchd/ + tag vswitchstart.${tag} + </rule> + <rule> + key msg + pattern /send_traffic/ + tag vswitch.${tag} + </rule> + <rule> + key msg + pattern ^.*$ + tag logs.${tag} + </rule> + </match> + + ############################################################################################# + #save the starting log and append that log in ending log + ############################################################################################# + <filter firstline.**> + @type record_transformer + enable_ruby true + <record> + msg ${$vswitch_start="";$reportstart="";$firstline="";$traffic_start="";$iteration_start="";$firstline = record["msg"];return record["msg"];} + </record> + </filter> + <filter lastline.**> + @type record_transformer + enable_ruby true + <record> + newmsg ${record["msg"]+" | "+$firstline + " | "+ $reportstart} + </record> + </filter> + + <filter setupend.**> + @type record_transformer + enable_ruby true + <record> + newmsg ${record["msg"]+" "+$firstline} + </record> + </filter> + + <filter trafficstart.**> + @type record_transformer + enable_ruby true + <record> + msg ${if $traffic_start.eql?("");$traffic_start=record["msg"];end;return record["msg"];} + </record> + </filter> + <filter trafficend.**> + @type record_transformer + enable_ruby true + <record> + newmsg ${if $reportstart.eql?("");$reportstart=record["msg"];end;return record["msg"]+" "+$traffic_start;} + </record> + </filter> + + <filter iterationstart.**> + @type record_transformer + enable_ruby true + <record> + msg ${if $iteration_start.eql?("");$iteration_start=record["msg"];end;return record["msg"];} + </record> + </filter> + <filter iterationend.**> + @type record_transformer + enable_ruby true + <record> + newmsg ${record["msg"]+" "+$iteration_start} + </record> + </filter> + + <filter vswitchstart.**> + @type record_transformer + enable_ruby true + <record> + msg ${$vswitch_start=record["msg"];return record["msg"];} + </record> + </filter> + <filter vswitch.**> + @type record_transformer + enable_ruby true + <record> + newmsg ${record["msg"]+" "+$vswitch_start} + </record> + </filter> + ############################################################################################# + #parse time from the log + ############################################################################################# + <filter setupend.**> + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + <parse> + @type regexp + expression /^(?<setupend>.*) : Class found: Trex. (?<setupstart>.*) : .*$/ + </parse> + </filter> + <filter iterationend.**> + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + <parse> + @type regexp + expression /^(?<iterationend>.*) : Starting traffic at 5.0 Gbps speed (?<iterationstart>.*) : Starting traffic at 10.0 Gbps speed$/ + </parse> + </filter> + <filter vswitch.**> + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + <parse> + @type regexp + expression /^(?<vswitch>.*) : send_traffic with <.*> (?<vswitchstart>.*) : Starting vswitchd...$/ + </parse> + </filter> + <filter trafficend.**> + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + <parse> + @type regexp + expression /^(?<trafficend>.*) : Traffic Results: (?<trafficstart>.*) : Starting traffic at 0.1 Gbps speed/ + </parse> + </filter> + <filter lastline.**> + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + <parse> + @type regexp + expression /^(?<lastline>.*) : Write results to file: .* \| (?<firstline>.*) : Creating result directory: .* \| (?<reportstart>.*) : Traffic Results:$/ + </parse> + </filter> + ############################################################################################# + #calculate time + ############################################################################################# + <filter setupend.**> + @type record_transformer + enable_ruby + <record> + setup_duration ${ require 'time';Time.parse(record["setupend"])-Time.parse(record["setupstart"]); } + </record> + </filter> + <filter iterationend.**> + @type record_transformer + enable_ruby + <record> + iteration_duration ${ require 'time';Time.parse(record["iterationend"])-Time.parse(record["iterationstart"]); } + </record> + </filter> + <filter vswitch.**> + @type record_transformer + enable_ruby + <record> + vswitch_duration ${ require 'time';Time.parse(record["vswitch"])-Time.parse(record["vswitchstart"]); } + </record> + </filter> + <filter trafficend.**> + @type record_transformer + enable_ruby + <record> + traffic_duration ${ require 'time';Time.parse(record["trafficend"])-Time.parse(record["trafficstart"]); } + </record> + </filter> + <filter lastline.**> + @type record_transformer + enable_ruby + <record> + test_duration ${ require 'time';Time.parse(record["lastline"])-Time.parse(record["firstline"]); } + </record> + <record> + report_duration ${ require 'time';Time.parse(record["lastline"])-Time.parse(record["reportstart"]); } + </record> + </filter> + ############################################################################################# diff --git a/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml new file mode 100644 index 00000000..9a43b82f --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml @@ -0,0 +1,34 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: fluentd + labels: + run: fluentd +spec: + type: NodePort + ports: + - name: tcp + port: 32224 + targetPort: 24224 + protocol: TCP + nodePort: 32224 + - name: udp + port: 32224 + targetPort: 24224 + protocol: UDP + nodePort: 32224 + selector: + run: fluentd diff --git a/tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml new file mode 100644 index 00000000..3830f682 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml @@ -0,0 +1,65 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fluentd +spec: + replicas: 2 + selector: + matchLabels: + run: fluentd + template: + metadata: + labels: + run: fluentd + spec: + volumes: + - name: fconfig + configMap: + name: fluentd-config + items: + - key: fluent.conf + path: fluent.conf + - key: error.conf + path: error.conf + - key: time-series.conf + path: time-series.conf + - key: time-analysis.conf + path: time-analysis.conf + - key: index_template.json + path: index_template.json + initContainers: + - name: init-myservice + image: busybox:1.28 + command: ['sh', '-c', 'until nslookup logging-es-http; do echo "waiting for myservice"; sleep 2; done;'] + containers: + - name: fluentd + image: adi0509/fluentd:latest + env: + - name: FLUENT_ELASTICSEARCH_USER + value: "elastic" + - name: FLUENT_ELASTICSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: logging-es-elastic-user + key: elastic + ports: + - containerPort: 24224 + protocol: TCP + - containerPort: 24224 + protocol: UDP + volumeMounts: + - name: fconfig + mountPath: /fluentd/etc/ diff --git a/tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml b/tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml new file mode 100644 index 00000000..5ec6937e --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml @@ -0,0 +1,23 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: logging +spec: + version: 7.8.0 + count: 1 + elasticsearchRef: + name: logging + namespace: logging diff --git a/tools/lma/ansible-server/roles/logging/files/namespace.yaml b/tools/lma/ansible-server/roles/logging/files/namespace.yaml new file mode 100644 index 00000000..6964af5c --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/namespace.yaml @@ -0,0 +1,17 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + name: logging diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml new file mode 100644 index 00000000..f5a11e80 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml @@ -0,0 +1,36 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + default.conf: | + server { + listen 80; + ssl on; + ssl_certificate /etc/ssl/certs/kibana-access.pem; + ssl_certificate_key /etc/ssl/private/kibana-access.key; + + location / { + proxy_pass https://logging-kb-http:5601; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + } + } diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml new file mode 100644 index 00000000..93d7d6ec --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml @@ -0,0 +1,68 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-key +data: + kibana-access.key: | + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDI92SBrcEdzxqS + rt883bVcj4F4RuKtm+AjjOEhbFUd3XOp5Wa5NzyYQSTP9ZJHG0dYiTAKOJBVcgbc + YRMNUAzHAIskf1q2/SvwyLNRMJLkBD5HHjbnEcuKQm/+nPdzkfvo2zfRNTDPKS83 + HqFQ779hT8ZLkSzoPuR0QD17ZNWYVMZv/r9wqnjX8U/k5AjrJOIxuaO9nGAgv2Pu + Qm6wuU8UBEaMRgPVHQ3ztflQr9QPr/S6HU0cl4Gu+Nwid6iC1RVYxANNq7E7wRvq + GMKRS5cA9Nlnu/b7IEI4LSx5yeTSDzwmZKTNnUWi2cpqk30M4G4cUokoz9bP+62I + YWEh3B8HAgMBAAECggEBAI1luzqepTSzBhBUp88sczGX6tFUlqLt/Ism0TPyBAVK + TdopBNima6T4mM0VDIGpSM6bX8ihObRU0Uz3pC8GtqbB1CSu0oXTpbn5jGlAkumJ + rsPdF2YHGD3ENwZfLKANA8A3lZNGKHxpjsXqcDgBJ5dxSKTclUsnDRhaJqgOL1bI + d9QCXdA1vbpxHDJWSo73E7omv3AyHi3HxMWU4gzyerUFSMFGqm0W5dPeeresNE3a + bv9/46YdykufuRuJZqsUDLCgUUcJPhbE5iOrB4iv8oaDqT0onxwzRQTSgidPxbp2 + EmjVHpFCACltOKSqELM4+PQFCk8xUBya8HWD5UHrVDkCgYEA4y3WwmhtLUT/g3G3 + cowvmxjgPl6xqkqTA7Xcdc3sk+6/jS1kayT5TL1qfpd1QL/K617jva9mfSMZ8ei9 + Y7M/2QkSb0uHKulGR0+if+7sT0L8OYO/OE7c+HTZmZK4hD1CCJN2M34D9Qo2fzQ6 + 4v+AO1wGiAtiNev0YIBKYNSco+sCgYEA4nY8m93XuC19z991sFRvE0UBeKcN2esg + TwY9UuYHJ56s+6UozkUgZArwYFW8LWFeIjkrrKELBNDsmJtTZ006TyUWxY/ccdjV + fJZTLV3niv6IQzy74aOmXV2vtNjxyBlllT9mvig6T0t0TvAtolsuSVHBL09zxcy4 + wN4pGIfqllUCgYBYLq/hMKXIX7MK87YwqYfFHWfV7e3q2x2r4AjeVXuShKcoBsmm + 6Wg3yIKw9tuVsZzzthaSx6XxxxFIHH5/V9Hdzi6wstGZ74jPH3NFU5m4vpinPqOY + GMyfSMQ6X4BuHFUofQzxueWRVVCIGd8Nw/2jjPogDsMliRyH5OR6J61R1wKBgEa6 + 8SEpf7fJlZL4UzS4mlylX9lEK+JVOqkT5NFggPmR6KtMIVuTYZN9iyg7fuOZlqIP + wyFOxzdA3bSoRrtr9ntDtUINNaflNoCMHvx7aNcTupFthazqxQpCOZ+9Zn691+lu + fPOFcvjTM0d4YnhkDCfgPfs90IYF8+phOOqtgMplAoGBAI+mcaUH7ADYxlONCi1E + gNHRvHJRBdQBaydKUfPxbe3vS5QJb8Gb5RU46vDl3w+YHUVwUi+Hj68zuKExXxhD + 9CGTAQIejtHWScZ1Djl3bcvNa/czHyuNVsGwvJ3fy1JzpxRmUUMPSdJ90A1n57Tk + LFEmZhwaj7YF869wfKngQ57d + -----END PRIVATE KEY----- + kibana-access.pem: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIJAIQzf1mxHsvgMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV + BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg + Q29tcGFueSBMdGQwHhcNMjAwNjI1MTY1NzQ3WhcNMjEwNjI1MTY1NzQ3WjBCMQsw + CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh + dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + yPdkga3BHc8akq7fPN21XI+BeEbirZvgI4zhIWxVHd1zqeVmuTc8mEEkz/WSRxtH + WIkwCjiQVXIG3GETDVAMxwCLJH9atv0r8MizUTCS5AQ+Rx425xHLikJv/pz3c5H7 + 6Ns30TUwzykvNx6hUO+/YU/GS5Es6D7kdEA9e2TVmFTGb/6/cKp41/FP5OQI6yTi + MbmjvZxgIL9j7kJusLlPFARGjEYD1R0N87X5UK/UD6/0uh1NHJeBrvjcIneogtUV + WMQDTauxO8Eb6hjCkUuXAPTZZ7v2+yBCOC0secnk0g88JmSkzZ1FotnKapN9DOBu + HFKJKM/Wz/utiGFhIdwfBwIDAQABo1AwTjAdBgNVHQ4EFgQUrz/R+M2XkTTfjrau + VVBW6+pdatgwHwYDVR0jBBgwFoAUrz/R+M2XkTTfjrauVVBW6+pdatgwDAYDVR0T + BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAyIhJLwg9oTil0Rb1zbYQb0Mr0UYz + rlS4f8QkxygkGLAZ8q9VkR+NpKfqhYDSHofGg5Yg5/p54NRJh5M4ASuM7N9AK0LH + KbCvS+YRNWhmo+7H7zjDNkV8FbzG41nkt9jQjaKFF7GdKr4HkWvupMX6PwsAZ0jI + b2Y6QzFQP9wF0QoBHrK42u3eWbfYv2IIDd6xsV90ilKRDtKkCiI4dyKGK46YDyZB + 3eqJ08Pm67HDbxQLydRXkNJvd33PASRgE/VOh44n3xWG+Gu4IMz7EO/4monyuv1Q + V2v1A9NV+ZnAq4PT7WJY7fWYavDUr+kwxMAGNQkG/Cg3X4FYrRwrq6gk7Q== + -----END CERTIFICATE----- diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml new file mode 100644 index 00000000..8aea53dd --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml @@ -0,0 +1,28 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + run: nginx +spec: + type: NodePort + ports: + - port: 8000 + targetPort: 80 + protocol: TCP + nodePort: 32000 + selector: + run: nginx diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml new file mode 100644 index 00000000..fdf5c835 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml @@ -0,0 +1,58 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + replicas: 2 + selector: + matchLabels: + run: nginx + template: + metadata: + labels: + run: nginx + spec: + volumes: + - name: nconfig + configMap: + name: nginx-config + items: + - key: default.conf + path: default.conf + - name: nkey + configMap: + name: nginx-key + items: + - key: kibana-access.key + path: kibana-access.key + - key: kibana-access.pem + path: kibana-access.pem + initContainers: + - name: init-myservice + image: busybox:1.28 + command: ['sh', '-c', 'until nslookup logging-kb-http; do echo "waiting for myservice"; sleep 2; done;'] + containers: + - name: nginx + image: nginx + volumeMounts: + - mountPath: /etc/nginx/conf.d/ + name: nconfig + - mountPath: /etc/ssl/certs/ + name: nkey + - mountPath: /etc/ssl/private/ + name: nkey + ports: + - containerPort: 80 diff --git a/tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml b/tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml new file mode 100644 index 00000000..c1a96077 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml @@ -0,0 +1,105 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-master-vm1 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm1-master + nfs: + server: 10.10.120.211 + path: "/srv/nfs/master" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-data-vm1 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm1-data + nfs: + server: 10.10.120.211 + path: "/srv/nfs/data" + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-master-vm2 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm2-master + nfs: + server: 10.10.120.203 + path: "/srv/nfs/master" + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-data-vm2 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm2-data + nfs: + server: 10.10.120.203 + path: "/srv/nfs/data" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-master-vm3 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm3-master + nfs: + server: 10.10.120.204 + path: "/srv/nfs/master" + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-data-vm3 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm3-data + nfs: + server: 10.10.120.204 + path: "/srv/nfs/data" diff --git a/tools/lma/ansible-server/roles/logging/files/storageClass.yaml b/tools/lma/ansible-server/roles/logging/files/storageClass.yaml new file mode 100644 index 00000000..a2f1e3aa --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/storageClass.yaml @@ -0,0 +1,73 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#storage class for VM1 master +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm1-master +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM1 data +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm1-data +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM2 master +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm2-master +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM2 data +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm2-data +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM3 master +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm3-master +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM3 data +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm3-data +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true diff --git a/tools/lma/ansible-server/roles/logging/tasks/main.yml b/tools/lma/ansible-server/roles/logging/tasks/main.yml new file mode 100644 index 00000000..dcbf4d4d --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/tasks/main.yml @@ -0,0 +1,165 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#EFK setup in k8s cluster + +#*********************************************************************************************************** +#copy all yaml to /tmp/files/ +#*********************************************************************************************************** +- name: copy all yaml to /tmp/files/ + copy: + src: ../files/ + dest: /tmp/files/ + +#*********************************************************************************************************** +#Creating Namespace +#*********************************************************************************************************** +- name: Creating Namespace + k8s: + state: present + src: /tmp/files/namespace.yaml + namespace: logging + +#*********************************************************************************************************** +#creating Storage Class +#*********************************************************************************************************** +- name: creating Storage Class + k8s: + state: present + src: /tmp/files/storageClass.yaml + namespace: logging + +#*********************************************************************************************************** +#creating Persistent Volume +#*********************************************************************************************************** +- name: creating Persistent Volume + k8s: + state: present + src: /tmp/files/persistentVolume.yaml + namespace: logging + +#*********************************************************************************************************** +#add user +#*********************************************************************************************************** +- name: add user + k8s: + state: present + src: /tmp/files/elasticsearch/user-secret.yaml + namespace: logging + +#*********************************************************************************************************** +#Starting Elasticsearch operator +#*********************************************************************************************************** +- name: Starting Elasticsearch operator + shell: kubectl apply -f https://download.elastic.co/downloads/eck/1.2.0/all-in-one.yaml + ignore_errors: yes + +#*********************************************************************************************************** +#Starting Elasticsearch +#*********************************************************************************************************** +- name: Starting Elasticsearch + k8s: + state: present + src: /tmp/files/elasticsearch/elasticsearch.yaml + namespace: logging + +#*********************************************************************************************************** +#Starting Kibana +#*********************************************************************************************************** +- name: Starting Kibana + k8s: + state: present + src: /tmp/files/kibana/kibana.yaml + namespace: logging + +#*********************************************************************************************************** +#Starting nginx +#*********************************************************************************************************** +- name: creating nginx configmap + k8s: + state: present + src: /tmp/files/nginx/nginx-conf-cm.yaml + namespace: logging + +- name: creating nginx key configmap + k8s: + state: present + src: /tmp/files/nginx/nginx-key-cm.yaml + namespace: logging + +- name: creating nginx pod + k8s: + state: present + src: /tmp/files/nginx/nginx.yaml + namespace: logging + +- name: creating nginx service + k8s: + state: present + src: /tmp/files/nginx/nginx-service.yaml + namespace: logging +#*********************************************************************************************************** +#Starting fluentd +#*********************************************************************************************************** +- name: creating fluentd configmap + k8s: + state: present + src: /tmp/files/fluentd/fluent-cm.yaml + namespace: logging + +- name: creating fluentd pod + k8s: + state: present + src: /tmp/files/fluentd/fluent.yaml + namespace: logging + +- name: creating fluentd service + k8s: + state: present + src: /tmp/files/fluentd/fluent-service.yaml + namespace: logging +#*********************************************************************************************************** +#Starting elastalert +#*********************************************************************************************************** +- name: creating elastalert config configmap + k8s: + state: present + src: /tmp/files/elastalert/ealert-conf-cm.yaml + namespace: logging + +- name: creating elastalert key configmap + k8s: + state: present + src: /tmp/files/elastalert/ealert-key-cm.yaml + namespace: logging + +- name: creating elastalert rule configmap + k8s: + state: present + src: /tmp/files/elastalert/ealert-rule-cm.yaml + namespace: logging + +- name: creating elastalert pod + k8s: + state: present + src: /tmp/files/elastalert/elastalert.yaml + namespace: logging + +#*********************************************************************************************************** +#removing /tmp/files +#*********************************************************************************************************** +- name: Removing /tmp/files + file: + path: "/tmp/files" + state: absent diff --git a/tools/lma/ansible-server/roles/nfs/tasks/main.yml b/tools/lma/ansible-server/roles/nfs/tasks/main.yml new file mode 100644 index 00000000..2380ea74 --- /dev/null +++ b/tools/lma/ansible-server/roles/nfs/tasks/main.yml @@ -0,0 +1,42 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#create Dir /srv/nfs +- name: Create Directory for elasticserch + file: path="/srv/nfs/{{item}}" state=directory + with_items: + - ['data', 'master'] + +- name: Create Directory for grafana + file: path="/usr/share/monitoring_data/grafana" state=directory + +#installing NFS +- name: Installing NFS server utils + yum: + name: nfs-utils + state: present + +#update /etc/export file +- name: Edit /etc/export file for NFS + lineinfile: path=/etc/exports line="{{item.line}}" + with_items: + - {line: "/srv/nfs/master *(rw,sync,no_root_squash,no_subtree_check)"} + - {line: "/srv/nfs/data *(rw,sync,no_root_squash,no_subtree_check)"} + - {line: "/usr/share/monitoring_data/grafana *(rw,sync,no_root_squash,no_subtree_check)"} + +#starting NFS service +- name: 'starting NFS service' + service: + name: nfs + state: restarted diff --git a/tools/lma/logs/dockerfile/elastalert/Dockerfile b/tools/lma/logs/dockerfile/elastalert/Dockerfile new file mode 100644 index 00000000..3304ad17 --- /dev/null +++ b/tools/lma/logs/dockerfile/elastalert/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM python:alpine +RUN apk --update upgrade && \ + apk add gcc libffi-dev musl-dev python3-dev openssl-dev tzdata libmagic && \ + rm -rf /var/cache/apk/* +RUN pip install elastalert &&\ + apk del gcc libffi-dev musl-dev python3-dev openssl-dev +RUN mkdir -p /opt/elastalert && \ + mkdir -p /opt/elastalert/rules &&\ +WORKDIR /opt/elastalert
\ No newline at end of file diff --git a/tools/lma/logs/dockerfile/fluentd/Dockerfile b/tools/lma/logs/dockerfile/fluentd/Dockerfile new file mode 100644 index 00000000..19dea0f8 --- /dev/null +++ b/tools/lma/logs/dockerfile/fluentd/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Adarsh yadav, Aditya Srivastava +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM fluent/fluentd:v1.11.0-debian-1.0 +USER root +RUN gem sources --add https://rubygems.org/ +RUN apt-get update \ + && gem install fluent-plugin-elasticsearch \ + && gem install elasticsearch-xpack\ + && gem install fluent-plugin-rewrite-tag-filter\ + && gem install fluent-plugin-dio +USER fluent
\ No newline at end of file diff --git a/tools/lma/logs/jupyter-notebooks/Trend-Analysis.ipynb b/tools/lma/logs/jupyter-notebooks/Trend-Analysis.ipynb new file mode 100644 index 00000000..1bc770a1 --- /dev/null +++ b/tools/lma/logs/jupyter-notebooks/Trend-Analysis.ipynb @@ -0,0 +1,308 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Trend Analysis\n", + "##### Contributor:\n", + "\n", + "- Adarsh Yadav <adiyadav0509@gmail.com> " + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "import pandas as pd\n", + "import matplotlib.pyplot as plt\n", + "import seaborn as sns\n", + "import matplotlib.dates as mdates\n", + "import numpy as np\n", + "import io \n", + "\n", + "from elasticsearch import Elasticsearch\n", + "from elasticsearch_dsl import Search\n", + "from elasticsearch.connection import create_ssl_context\n", + "import csv\n", + "import ssl\n", + "import urllib3\n", + "import os" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Enter foldername and index" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "#Give folder name\n", + "# foldername = \"results_2020-06-12_06-47-56\"\n", + "foldername = \"result-test1\"\n", + "#Give index name - \"node1*\" or \"node4*\"\n", + "index = \"node4*\"" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "ssl_context = create_ssl_context()\n", + "ssl_context.check_hostname = False\n", + "ssl_context.verify_mode = ssl.CERT_NONE\n", + "urllib3.disable_warnings()\n", + "client = Elasticsearch(['https://elasticsearch:password123@10.10.120.211:31111'],verify_certs=False,ssl_context=ssl_context)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Trex" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "filename = \"/tmp/\"+foldername+\"/trex-liveresults-counts.dat\"\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"ts\").query(\"match_phrase\", log_path=filename)\n", + "\n", + "trex = pd.DataFrame()\n", + "trex_data = dict()\n", + "for hits in s.scan():\n", + " trex_data['ts'] = hits.ts\n", + " trex_data['rx_pkts'] = hits.rx_pkts\n", + " trex_data['rx_port'] = hits.rx_port\n", + " trex_data['tx_port'] = hits.tx_port\n", + " trex = trex.append(trex_data, ignore_index=True)\n", + "if not trex.empty:\n", + " #convert 'ts' to datetime\n", + " trex['ts'] = pd.to_datetime(trex['ts'],unit='s')\n", + " trex_grp = trex.groupby('rx_port')\n", + " trex_rx_0 = trex_grp.get_group(0.0) \n", + " trex_rx_1 = trex_grp.get_group(1.0) \n" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "if not trex.empty:\n", + " fig, ax = plt.subplots(2,figsize=(16, 10))\n", + " ax[0].plot(trex_rx_0['ts'],\n", + " trex_rx_0['rx_pkts'],\n", + " 'tab:orange')\n", + " ax[0].title.set_text(\"At rx_port=0 & tx_port=1\")\n", + " ax[0].set(xlabel=\"timestamp\")\n", + " ax[0].set(ylabel=\"rx_pkts\")\n", + "\n", + " ax[1].plot(trex_rx_1['ts'],\n", + " trex_rx_1['rx_pkts'],\n", + " 'tab:green')\n", + " ax[1].title.set_text(\"At rx_port=1 & tx_port=0\")\n", + " ax[1].set(xlabel=\"timestamp\")\n", + " ax[1].set(ylabel=\"rx_pkts\")\n", + "\n", + " #change date format\n", + " myFmt = mdates.DateFormatter('%Y-%m-%d %H:%M:%S')\n", + " for i in range(2):\n", + " ax[i].xaxis.set_major_formatter(myFmt) \n", + " plt.show()\n", + "else:\n", + " print(\"No data Found\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Spirent" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "filename = \"/tmp/\"+foldername+\"/stc-liveresults.dat.rx\"\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"ts\").query(\"match_phrase\", log_path=filename)\n", + "\n", + "spirent = pd.DataFrame()\n", + "spirent_data = dict()\n", + "for hits in s.scan():\n", + " spirent_data['ts'] = hits.ts\n", + " spirent_data['RxPrt'] = hits.RxPrt\n", + " spirent_data['FrCnt'] = hits.FrCnt\n", + " spirent = spirent.append(spirent_data, ignore_index=True)\n", + "if not spirent.empty:\n", + " #convert 'ts' to datetime\n", + " spirent['ts'] = pd.to_datetime(spirent['ts'],unit='s')\n", + " spirent_grp = spirent.groupby('RxPrt')\n", + " spirent_rx_1 = spirent_grp.get_group('Port //1/1') \n", + " spirent_rx_2 = spirent_grp.get_group('Port //1/2') " + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "if not spirent.empty:\n", + " fig, ax = plt.subplots(2,figsize=(16, 10))\n", + " ax[0].plot(spirent_rx_1['ts'],\n", + " spirent_rx_1['FrCnt'],\n", + " 'tab:orange')\n", + " ax[0].title.set_text(\"At RxPrt=//1/1\")\n", + " ax[0].set(xlabel=\"timestamp\")\n", + " ax[0].set(ylabel=\"FrCnt\")\n", + "\n", + " ax[1].plot(spirent_rx_2['ts'],\n", + " spirent_rx_2['FrCnt'],\n", + " 'tab:green')\n", + " ax[1].title.set_text(\"At RxPrt=//1/2\")\n", + " ax[1].set(xlabel=\"timestamp\")\n", + " ax[1].set(ylabel=\"FrCnt\")\n", + "\n", + " #change date format\n", + " myFmt = mdates.DateFormatter('%Y-%m-%d %H:%M:%S')\n", + " for i in range(2):\n", + " ax[i].xaxis.set_major_formatter(myFmt) \n", + " plt.show()\n", + "else:\n", + " print(\"No data Found\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Ixia" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "filename = \"/tmp/\"+foldername+\"/Traffic Item Statistics.csv\"\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"msg\").query(\"match_phrase\", log_path=filename)\n", + "\n", + "for hits in s.scan():\n", + " with open('./ixia-traffic.csv', 'a+') as f:\n", + " f.write(hits.msg+\"\\n\")\n", + " \n", + "ixia = pd.DataFrame()\n", + "if os.path.exists('./ixia-traffic.csv'):\n", + " ixia = pd.read_csv('./ixia-traffic.csv')\n", + " os.remove(f.name)\n", + " f.close()\n", + "if not ixia.empty:\n", + " ixia = ixia[['~ElapsedTime','Traffic Item 1:Frames Delta','Traffic Item 1:Loss %']].astype(float)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "if not ixia.empty:\n", + " fig, ax = plt.subplots(2,figsize=(16, 10))\n", + " ax[0].plot(ixia['~ElapsedTime'],\n", + " ixia['Traffic Item 1:Frames Delta'],\n", + " 'tab:orange')\n", + " ax[0].set(xlabel=\"Elapsed Time\")\n", + " ax[0].set(ylabel=\"Frames Delta\")\n", + "\n", + " ax[1].plot(ixia['~ElapsedTime'],\n", + " ixia['Traffic Item 1:Loss %'],\n", + " 'tab:green')\n", + " ax[1].set(xlabel=\"Elapsed Time\")\n", + " ax[1].set(ylabel=\"Loss %\")\n", + "\n", + " plt.show()\n", + "else:\n", + " print(\"No data Found\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Time Analysis" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "filename = \"/tmp/\"+foldername+\"/\"\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"setup_duration\").query(\"match_phrase\", log_path=filename)\n", + "for hits in s.scan():\n", + " print(\"Setup duration: \", hits.setup_duration,\"s\")\n", + "\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"iteration_duration\").query(\"match_phrase\", log_path=filename)\n", + "for hits in s.scan():\n", + " print(\"Iteration duration: \", hits.iteration_duration,\"s\")\n", + "\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"traffic_duration\").query(\"match_phrase\", log_path=filename)\n", + "for hits in s.scan():\n", + " print(\"Traffic duration: \", hits.traffic_duration,\"s\")\n", + "\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"test_duration\").query(\"match_phrase\", log_path=filename)\n", + "for hits in s.scan():\n", + " print(\"Test duration: \", hits.test_duration,\"s\")\n", + "\n", + "s = Search(index=index).using(client).query(\"exists\", field=\"report_duration\").query(\"match_phrase\", log_path=filename)\n", + "for hits in s.scan():\n", + " print(\"Report duration: \", hits.report_duration,\"s\")\n", + " \n", + "s = Search(index=index).using(client).query(\"exists\", field=\"vswitch_duration\").query(\"match_phrase\", log_path=filename)\n", + "for hits in s.scan():\n", + " print(\"Vswitch starting duration: \", hits.vswitch_duration,\"s\")" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.6.8" + } + }, + "nbformat": 4, + "nbformat_minor": 4 +} diff --git a/tools/lma/yamllintrc b/tools/lma/yamllintrc new file mode 100644 index 00000000..9714a565 --- /dev/null +++ b/tools/lma/yamllintrc @@ -0,0 +1,25 @@ +# Copyright 2020 Tieto +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +extends: relaxed + +rules: + empty-lines: + max-start: 1 + max-end: 1 + colons: + max-spaces-after: 1 + max-spaces-before: 1 + line-length: + max: 250 |
