Bug 1722898
| Summary: | Logging data from all projects are stored to .orphaned indexes with Elasticsearch | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Rich Megginson <rmeggins> |
| Component: | Logging | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | Anping Li <anli> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.1.0 | CC: | anli, aos-bugs, jcantril, rludva, rmeggins, xtian |
| Target Milestone: | --- | ||
| Target Release: | 4.1.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | 4.1.4 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: Fluentd is unable to correctly determine the docker log
driver. It thinks the log driver is journald when it is json-file.
Fluentd then looks for the `CONTAINER_NAME` field in the record to
hold the kubernetes metadata and it is not present.
Consequence: Fluentd is not able to add kubernetes metadata to
records. Records go to the .orphaned index. Fluentd spews lots
of errors like this:
[error]: record cannot use elasticsearch index na me type project_full: record is missing kubernetes field
Fix: Fluentd should not rely on reading the docker configuration file
to determine if the record contains kubernetes metadata. It should
look at both the record tag and the record data and use whatever
kubernetes metadata it finds there.
Result: Fluentd can correctly add kubernetes metadata and assign
records to the correct indices no matter which log driver docker
is using.
Records read from files under /var/log/containers/*.log will have
a fluentd tag like kubernetes.var.log.containers.**. This applies
both to CRI-O and docker file logs. Kubernetes records read from
journald with CONTAINER_NAME will have a tag like
journal.kubernetes.**. There is no CRI-O journald log driver yet,
and it is not clear how those records will be represented, but
hopefully they will follow the same CONTAINER_NAME convention, in
which case they will Just Work.
|
Story Points: | --- |
| Clone Of: | 1722380 | Environment: | |
| Last Closed: | 2019-07-04 09:01:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1722380, 1724263 | ||
| Bug Blocks: | |||
|
Comment 1
Rich Megginson
2019-06-25 16:11:09 UTC
The log weren't send to .orphaned indexes, move bug to verfied. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1635 |