Jump to: navigation, search

Difference between revisions of "Monasca/Logging"

(Background Current Monasca API)
(Monasca Log Agent - Logstash: Fix Logstash Output Plugin link)
 
(23 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
This page documents the Monasca Logging solution that is in progress.
 
This page documents the Monasca Logging solution that is in progress.
  
 +
== Log Management - Client Side ==
 +
=== Monasca Log Agent - Logstash ===
 +
Monitors one or more log files, adds meta information (e.g. dimensions), authenticates with KeyStone and sends the logs (in a bulk) to the Monasca Log API.<br />
 +
Base technology: Logstash<br />
 +
Plugin: https://github.com/logstash-plugins/logstash-output-monasca_log_api<br />
  
 +
=== Monasca Log Agent - Beaver ===
 +
Monitors one file, adds meta information (e.g. dimensions), authenticates with KeyStone and sends the logs (in a bulk) to the Monasca Log API.<br />
 +
https://github.com/python-beaver/python-beaver/pull/406<br />
 +
https://github.com/python-beaver/python-beaver<br />
 +
<br />
 
<br />
 
<br />
'''Note:'''<br />
 
'''Currently we only have this page to discuss our proposals. For that reason some "metric related stuff" can be found here too. We will move or remove it whenever the discussion is finished.'''
 
<br /><br />
 
 
== Log Client ==
 
=== Monasca Agent ===
 
 
==== Collect and forward Log Data ====
 
The agent should be extended to collect log data and forward them to the Monasca Log API.
 
 
===== Victors Approach =====
 
* The (external) statsd-client send logs (as metric) with the metric type ‘l’ to the Monasca-agent.
 
* The Monasca-agent send these logs as “GAUGE” metric to the forwarder and from there to the Monasca (Metric) API.
 
 
===== DataDog =====
 
Note: The Monasca-agent is based on DataDog.
 
 
The DataDog agent can parse metrics and events from logs, so the data within can be send as metric...
 
 
===== Log Collector for the Monasca-Agent (Proposed Solution) =====
 
Implement or integrate a Logstash-like collector (e.g. Beaver) in python. Beaver is a lightweight python log file shipper that is used to send logs to an intermediate broker for further processing by Logstash.
 
 
=== Plugins ===
 
==== Logstash Output Plugin ====
 
Create a Monasca output plugin for logstash.
 
 
==== Other Output Plugins ====
 
'''TODO''' e.g. for fluentd...
 
 
== Log Management Backend ==
 
Integrate ELK stack into the existing Monasca architecture.
 
Receiving logs, authentication, processing and storing of logs.
 
 
=== Log Data Flow ===
 
[[File:DrawIO LogManagement.png|bigpx|center]]
 
  
 +
== Log Management - Server Side - Consuming Logs ==
 
=== Monasca Log API ===
 
=== Monasca Log API ===
 +
Consumes logs from the agents, authorizes them and publishes them to Kafka. <br />
 +
https://github.com/openstack/monasca-log-api<br />
 +
https://github.com/openstack/monasca-log-api/tree/master/docs<br />
  
==== Background Loggly API ====
+
=== Monasca Log Transformer ===
Loggly is a popular SaaS for managing log files. We investigated in Loggly, because we aim for logging-as-a-service functionality (midterm).
+
Consumes logs from Kafka, transforms them, and publishes them to Kafka. <br />
 
 
Examples:<br />
 
'''Plain Text'''
 
curl -H "content-type:text/plain" -d ''''Hello World'''' http://logs-01.loggly.com/inputs/TOKEN/tag/http/
 
 
'''JSON'''
 
curl -H "content-type:application/x-www-form-urlencoded" -d ''''{"message":"Hello World!", "from":"hoover"}'''' http://logs-01.loggly.com/inputs/TOKEN/tag/http/
 
 
'''Multiline'''
 
curl -H "content-type:text/plain" -d $''''Hello\nWorld'''' http://logs-01.loggly.com/inputs/TOKEN/tag/http/
 
 
 
Key takeaways:
 
* simpler
 
* authentication via a customer token in the URL. Use the X-Auth-Token for that purpose.
 
* no required structure or fields like host, name, dimensions, timestamp (user is responsible and can organize his data for his needs)
 
* the request body contains only the payload (log entry) and no meta-data (simpler for parsing the payload (e.g. special characters)).
 
* tags could be used to organize/filter logs easily (probably also possible with the Monasca “dimensions”)
 
 
 
==== Background Current Monasca API ====
 
 
 
Examples:<br />
 
POST /v2.0/metrics HTTP/1.1
 
Host: 192.168.10.4:8080
 
Content-Type: application/json
 
X-Auth-Token: 27feed73a0ce4138934e30d619b415b0
 
Cache-Control: no-cache
 
 
 
    "name":"name1",
 
    "dimensions":{ 
 
      "key1":"value1",
 
      "key2":"value2"
 
    },
 
    "timestamp":1405630174,
 
    "value":'''1.0'''
 
}
 
 
 
==== Background Event API ====
 
There is also an Event API in progress:<br />
 
[https://wiki.openstack.org/wiki/Monasca/Events Event API]
 
 
 
==== Proposal ====
 
===== Request Line =====
 
* POST /v2.0/log/single - Endpoint for single and multiline logs; maximum event size: 1MB<br />
 
* POST /v2.0/log/bulk - Endpoint for bulk logs (the logs must be line-separated); maximum event size: 5MB <br /><br />
 
 
 
===== Request Headers =====
 
* Content-Type (string, required) - application/json; text/plain <br />
 
* X-Auth-Token (string, required) - Keystone auth token (for authorization) <br />
 
* X-Tags: (string, optional) - A comma separated list of tags (for filtering on the dashboard) <br />
 
* X-Application-Type: (string, optional) - Type of application (to have a hint how to parse) <br />
 
* X-Application-Name: (string, optional) - Name of the application (to uniquely identify the application log) <br /><br />
 
 
 
'''Tags:'''<br />
 
Tags can be added on client side to your log event, to structure your log events and helps you later on with filtering (dashboard).
 
 
 
'''Timestamps:'''<br />
 
The priority how to determine the timestamp:<br />
 
1) Try to parse timestamp from original log data<br />
 
2) If that doesn't work:<br />
 
* RESTful API: Use receiving time as timestamp<br />
 
* future version: Syslog API: Take timestamp from syslog<br />
 
 
 
Monasca operates with UTC timezone, that means the timestamp is convert to the concurrent time in UTC.
 
 
 
'''Will be added by the API:'''<br />
 
* X-Request-Received: (long) - The timestamp in UTC when the request was received at the Monasca API <br />
 
* X-Tenant-ID: (string) - The ID of the tenant after the authentication (via token) <br />
 
  
===== Request Body =====
+
=== Monasca Log Persister ===
The original (potentially unstructured) log data.
+
Consumes logs from Kafka, prepares them for bulk storage, and stores them into Elasticsearch.<br />
  
===== Request Examples =====
+
=== Monasca Log Metrics ===
 +
Consumes logs from Kafka, creates metrics for logs with severity CRITICAL, ERROR, WARNING, and publishes them to Kafka.<br />
  
'''Single Event - Plain Text:'''
+
=== Monasca Log Storage===
POST /v2.0/log/single HTTP/1.1
+
All logs are stored in Elasticsearch.<br />
Content-Type: text/plain
 
X-Auth-Token: 27feed73a0ce4138934e30d619b415b0
 
X-Tags: production
 
X-Application-Type: apache
 
X-Application-Name: WebServer01
 
 
Hello World
 
 
 
 
 
'''Single Event - JSON'''
 
POST /v2.0/log/single HTTP/1.1
 
Content-Type: application/json
 
X-Auth-Token: 27feed73a0ce4138934e30d619b415b0
 
X-Tags: production
 
X-Application-Type: apache
 
X-Application-Name: WebServer01
 
 
{"message":"Hello World!", "from":"hoover"}
 
 
 
 
 
'''Single Event - Multiline'''
 
POST /v2.0/log/single HTTP/1.1
 
Content-Type: text/plain
 
X-Auth-Token: 27feed73a0ce4138934e30d619b415b0
 
X-Tags: production
 
X-Application-Type: apache
 
X-Application-Name: WebServer01
 
 
Hello\nWorld
 
 
 
 
 
'''Bulk of Events - Plain Text'''
 
POST /v2.0/log/bulk HTTP/1.1
 
Content-Type: text/plain
 
X-Auth-Token: 27feed73a0ce4138934e30d619b415b0
 
X-Tags: production
 
X-Application-Type: apache
 
X-Application-Name: WebServer01
 
 
Hello\nWorld
 
 
 
===== Response Status Code =====
 
204 - No Content
 
 
 
===== Response Body =====
 
This request does not return a response body.
 
 
 
=== Log Transformer ===
 
Consumes events from Kafka, transforms them, and publishes to Kafka.
 
 
 
=== Log Persister ===
 
Consumes events from Kafka, prepares them for bulk storage, and stores them into Elasticsearch.
 
 
 
== Log Management Frontend ==
 
=== Monasca Log API ===
 
Visualization of logs.
 
 
 
'''TODO'''<br />
 
 
<br />
 
<br />
 
<br />
 
<br />
 +
 +
== Log Management - Server Side - Visualizing Logs ==
 +
=== Monasca  Kibana Server ===
 +
Authorization with KeyStone and visualization of logs (stored in elasticsearch).<br />
 +
Base technology: Kibana <br />
 +
Plugins:<br />
 +
https://github.com/FujitsuEnablingSoftwareTechnologyGmbH/fts-keystone<br />
 +
https://github.com/FujitsuEnablingSoftwareTechnologyGmbH/keystone-v3-client<br />
 
<br />
 
<br />
 
<br />
 
<br />
  
== Metric related and other Stuff ==
+
== Log Data Flow ==
 +
The following diagram visualizes the integration of logs in the processing pipeline of Monasca. We indicated some short cuts we want to take as a first step. Also, we indicated some advanced functionality (multi-tenancy) that we plan for the future.<br />
  
=== Tags ===
+
[[File:DrawIO LogManagement.png|bigpx|center]]
Introduce "tags" like in the proposal of the Log API. The tags will be needed for the container monitoring where the workload/applications are very dynamic and are not related to a static host anymore (e.g. kubernetes/docker cluster).
 
 
 
=== Monasca Agent ===
 
Additionally needed functionality.
 
 
 
==== The Monasca Agent should monitor the OpenStack Hypervisor (basic VM metrics like CPU, RAM only) ====
 
Sources:
 
* Nova
 
Supported by agent?
 
* KVM
 
Supported by agent?
 
* VMware vSphere
 
vSphere is not supported by agent. A new plugin must be developed (blueprint...).
 
* VMware ESXi
 
Probably not supported by agent?
 
 
 
User:
 
* OpenStack administrator
 
* OpenStack user (multi tenancy! Can agent add the tenant ID per VM?)
 
 
 
==== Monasca Ceilometer Plugin should forward Metrics ====
 
Data Flow:
 
Hypervisor --> Nova --> Ceilometer --> Monasca-Ceilometer-Plugin --> Monasca
 
 
 
* KVM
 
KVM sends metrics to Nova, but Ceilometer (currently?) doesn't poll that data. Monasca-Ceilometer-Plugin is not in "product status", that means no metrics are forwarded to Monasca.
 
 
 
* VMware vSphere
 
Although Nova provides support for VMware vCenter Server, Ceilometer does not. It does not collect metrics of virtual machines deployed on VMware virtualization platform. It will be necessary to extend this support in Ceilometer. The aim is to implement a polling agent that queries samples from VMware vCenter Server.<br />
 
[https://wiki.openstack.org/wiki/Ceilometer/blueprints/vmware-vcenter-server Ceilometer/blueprints/vmware-vcenter-server]
 
<br />
 
 
 
==== OpenStack Hypervisor/VM Monitoring ====
 
===== The Monasca Agent should monitor each created VM (logs and metrics) =====
 
* Install agent (automatically) on each created VM.
 
Metrics as well as logs can be forwarded to Monasca.
 
 
 
==== Windows Support ====
 
The Monasca agent should run on Windows also.
 
 
 
Note: The Monasca-agent is based on DataDog. DataDog supports Windows since November 9th, 2012, but currently the Monasca agent runs on Ubuntu only.
 

Latest revision as of 11:25, 1 August 2017

This page documents the Monasca Logging solution that is in progress.

Log Management - Client Side

Monasca Log Agent - Logstash

Monitors one or more log files, adds meta information (e.g. dimensions), authenticates with KeyStone and sends the logs (in a bulk) to the Monasca Log API.
Base technology: Logstash
Plugin: https://github.com/logstash-plugins/logstash-output-monasca_log_api

Monasca Log Agent - Beaver

Monitors one file, adds meta information (e.g. dimensions), authenticates with KeyStone and sends the logs (in a bulk) to the Monasca Log API.
https://github.com/python-beaver/python-beaver/pull/406
https://github.com/python-beaver/python-beaver


Log Management - Server Side - Consuming Logs

Monasca Log API

Consumes logs from the agents, authorizes them and publishes them to Kafka.
https://github.com/openstack/monasca-log-api
https://github.com/openstack/monasca-log-api/tree/master/docs

Monasca Log Transformer

Consumes logs from Kafka, transforms them, and publishes them to Kafka.

Monasca Log Persister

Consumes logs from Kafka, prepares them for bulk storage, and stores them into Elasticsearch.

Monasca Log Metrics

Consumes logs from Kafka, creates metrics for logs with severity CRITICAL, ERROR, WARNING, and publishes them to Kafka.

Monasca Log Storage

All logs are stored in Elasticsearch.


Log Management - Server Side - Visualizing Logs

Monasca Kibana Server

Authorization with KeyStone and visualization of logs (stored in elasticsearch).
Base technology: Kibana
Plugins:
https://github.com/FujitsuEnablingSoftwareTechnologyGmbH/fts-keystone
https://github.com/FujitsuEnablingSoftwareTechnologyGmbH/keystone-v3-client


Log Data Flow

The following diagram visualizes the integration of logs in the processing pipeline of Monasca. We indicated some short cuts we want to take as a first step. Also, we indicated some advanced functionality (multi-tenancy) that we plan for the future.

bigpx