本篇介紹如何使用OpenShift Logging 6.x 搭配Loki 實現Log-based Alert
- OpenShift 4.16+
- Logging Operator 6+
- Loki Operator 6+
- Cluster Observability Operator
邏輯架構大致如下
1. 參考 https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.3/html/installing_logging/installing-logging#installing-loki-and-logging-gui_installing-logging
安裝
- Logging Operator 6+
- Loki Operator 6+
- Cluster Observability Operator
並建立LokiStack, 需留意要安裝在手冊內指定的Namespace
並且在spec.rules啟用rules功能
rules內的selector用來規範loki rule 查詢哪些符合標準的alertingRule
LokiStack
```yaml=
apiVersion: loki.grafana.com/v1
kind: LokiStack
metadata:
annotations:
name: lokistack-sample
namespace: openshift-logging
spec:
hashRing:
type: memberlist
limits:
global:
queries:
queryTimeout: 3m
managementState: Managed
rules:
enabled: true
selector:
matchLabels:
openshift.io/cluster-monitoring: 'true'
size: 1x.extra-small
storage:
schemas:
- effectiveDate: '2020-10-11'
version: v11
secret:
credentialMode: static
name: logging-loki-s3
type: s3
storageClassName: gp2-csi
tenants:
mode: openshift-logging
```
完成安裝 Cluster logging operator後,建立clusterlogforwarder
**需留意要特別在spec.inputs.infrastructure內指定來源,要加上node, 才會有journal log**
Cluster Log forwarder
```yaml=
apiVersion: observability.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: instance
namespace: openshift-logging
spec:
inputs:
- infrastructure:
sources:
- node # <------- 一定要有這一段
- container
name: infra-logs
type: infrastructure
managementState: Managed
outputs:
- lokiStack:
authentication:
token:
from: serviceAccount
target:
name: lokistack-sample
namespace: openshift-logging
name: lokistack-out
tls:
ca:
configMapName: openshift-service-ca.crt
key: service-ca.crt
type: lokiStack
pipelines:
- inputRefs:
- application
- infra-logs
name: infra-app-logs
outputRefs:
- lokistack-out
serviceAccount:
name: logging-collector
```
建立Loki的AlertingRule
**一定要加上label, 且要與rule內的selector吻合**
AlertingRule
這個規則會過濾所有Lokistack內 `log_type=infrastructure`的log , 選出含有 `soft lockup` 的log , 用json格式轉換後 ,最後只列出 `log_source=node`的log
只要一天內出現一次就會發出告警
```yaml=
apiVersion: loki.grafana.com/v1
kind: AlertingRule
metadata
labels:
openshift.io/cluster-monitoring: 'true
name: loki-operator-alerts-01
namespace: openshift-logging
spec:
groups:
- interval: 1m
name: soft-lockup-alert
rules:
- alert: SoftLockupDetected
annotations:
description: |
Watchdog BUG: soft lockup found in logs on node - {{ $labels.k8s_node_name }} .
Full message - {{ $labels.message }}
summary: Soft lockup detected in kernel logs
expr: |
count_over_time(
{ log_type=~"infrastructure" } |~ "soft lockup" | json | log_source="node"
[1d]
) > 0
for: 0s
labels:
severity: critical
tenantID: infrastructure
```
套用完成後會在OpenShift內的Alert頁面看到
我們可以手動在節點上手動產生符合條件的log
```yaml=
[lab-user@bastion ~]$ oc debug node/ip-10-0-53-13.ap-southeast-1.compute.internal
Temporary namespace openshift-debug-kq82v is created for debugging node...
Starting pod/ip-10-0-53-13ap-southeast-1computeinternal-debug-xkj22 ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.53.13
If you don't see a command prompt, try pressing enter.
sh-5.1# chroot /host
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
sh-5.1# logger -t kernel "watchdog: BUG: soft lockup - CPU#$((RANDOM % 32)) stuck for $((RANDOM % 500 + 100))s! [kube-rbac-proxy:$((RANDOM % 9000 + 1000))]"
```
成功觸發
## 參考資料
Custom logging alerts -
https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.3/html/logging_alerts/custom-logging-alerts-1#configuring-logging-loki-ruler_custom-logging-
Cluster Log forwarder example - https://github.com/openshift/cluster-logging-operator/blob/0bbb53dc1ebbfa9838339ea5667d3982fd3f2095/docs/reference/samples/observability.inputs-app-audit-infra.yaml#L4
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet