these aren't the logs...kibana - authentication elastic shield - provides security for entire...
TRANSCRIPT
![Page 1: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/1.jpg)
These aren't the logs you're looking for
Alicja Kwasniewska, Intel Eric Lemoine, MirantisMichal Jastrzebski, Intel
![Page 2: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/2.jpg)
Alicja Kwasniewska Eric Lemoine Michal Jastrzebski
![Page 3: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/3.jpg)
Agenda
KollaLogging
in dockers
Hacking Rsyslog
Central logging service
Elk or Ehk? Demo
![Page 4: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/4.jpg)
KollaDocker containers Ansible playbooks
![Page 5: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/5.jpg)
Kolla
● Production-ready Docker containers and deployment tools foroperating OpenStack clouds
● Both out of the box configuration and possibility for complete customization
● Images built in the kollaglue namespace for every tagged release, but you can also build images on your own
Docker containers
Deployment tools
Out of the boxconfiguration
Kollaglue
Customization
![Page 6: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/6.jpg)
Logging in
docker containers
![Page 7: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/7.jpg)
Docker logs● What? Anything that is written out to the container’s standard output/error● Logging capabilities available in the Docker are exposed as drivers
Default
● How to get path to this file? docker inspect -f "{{.LogPath}}" containerName● The docker logs command retrieves logs present at the time of execution.
NOTE: available only for containers with json-file and journald logging drivers
json syslog journald gelf fluentd
![Page 8: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/8.jpg)
Hacking
rsyslog
![Page 9: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/9.jpg)
Previous solution based on rsyslog
● Hacky● Shared /dev/log● Not meant for containers● New versions of docker breaks● Syslog doesn’t work well with tracebacks● Removed in both Liberty and Mitaka
![Page 10: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/10.jpg)
Central logging serviceadvantages
“One Ring to rule them all, One Ring to find them...”
![Page 11: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/11.jpg)
Which node? Which
container? Where should
I look first?
![Page 12: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/12.jpg)
No need to search many places !
→ data stored in one location and accessed from single interface
![Page 13: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/13.jpg)
One more second and I will find the right place in one of the
10000+ lines...
“Developer looking at production logs after a regression with downtime” oil canvas, circa 1580; source: http://classicprogrammerpaintings.tumblr.com
![Page 14: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/14.jpg)
No need to search for one line in million !
→ interface provides filtering options and visual representation of data using graphs and charts
![Page 15: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/15.jpg)
Kolla Central logging serviceNew feature in Mitaka
![Page 16: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/16.jpg)
How it works?
Heka Feed data Elasticsearch View Kibana/var/lib/kolla/...
Search
Interact
HekaFeed data
/var/lib/kolla/...
Heka Feed data
/var/lib/kolla/...
![Page 17: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/17.jpg)
HekaUnified data processing
![Page 18: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/18.jpg)
Introduction to HekaStream processing software
● Open source● Developed by Mozilla● Used in production (by Mozilla)● Written in Go● http://hekad.readthedocs.org
![Page 19: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/19.jpg)
Why Heka?
→“Unified Data Processing”
One tool for all the data:
● Ops data/metrics● Business data● Logging output● Error
reports/tracebacks
Ops data/ metrics
Business data
Logging output
Error reports/ tracebacks
![Page 20: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/20.jpg)
Heka PipelinePlugins at each stage of the pipeline
![Page 21: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/21.jpg)
Heka Highlights
● Lightweight● Flexible● Configurable● Easily and safely extendable
Lightweight Flexible
Configurable Easily and safely
extendable
![Page 22: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/22.jpg)
ELK or EHK?
![Page 23: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/23.jpg)
Logstash vs HekaWhy did we choose Heka over Logstash?
● Avoid running a JVM on each node● Heka is faster and more lightweight*● Heka is very flexible (plugins defined w/ code)
* https://github.com/elemoine/heka-logstash-comparison
![Page 24: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/24.jpg)
→ EHK
![Page 25: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/25.jpg)
ElasticsearchOpen-source text search and analytics engine
![Page 26: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/26.jpg)
Introduction to Elasticsearch
● Open source product from Elastic group - https://github.com/elastic/elasticsearch
● Highly-scalable full-text search and analytics engine● Used by applications with complex search requirements● Written in Java
![Page 27: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/27.jpg)
Elasticsearch Highlights
HighlyScalable
HighlyAvailable
RESTfulAPI
Full-TextSearch
Document-oriented
![Page 28: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/28.jpg)
KibanaOpen-source analytics and visualization platform
![Page 29: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/29.jpg)
Introduction to Kibana
● Open source product from Elastic group - https://github.com/elastic/kibana
● Written mainly in JavaScript, comes with Node.js server app ● Server component has a built-in proxy to Elasticsearch (designed to
work with Elasticsearch)
![Page 30: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/30.jpg)
Kibana concepts
● Allows to search, view, and interact with data stored in Elasticsearch indices● Possibility to analyse and visualize data in a variety of charts, tables, and
maps
Search
Interact
View
Visualize
Analyse
![Page 31: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/31.jpg)
![Page 32: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/32.jpg)
![Page 33: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/33.jpg)
Kibana - authentication
Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…
Nginx - use it as proxy with simple auth mechanism for Kibana
HAProxy - add HTTP Basic authentication with ACL that uses the http_auth criterion and http-request auth rule
ShieldFrom Elastic
GroupNginx HAProxy
HTTP Basic authentication with ACL
![Page 34: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/34.jpg)
Deploy
EHK with Kolla
![Page 35: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/35.jpg)
3 easy steps
Build images with one
command
Adapt configuration
files and enable central logging
Deploy Kolla with one
command
For details please watch webinar presented by Steven Dake - link provided at the last slide
![Page 36: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/36.jpg)
Demo →
![Page 37: These aren't the logs...Kibana - authentication Elastic Shield - provides security for entire stack, including Kibana plugin for session support and login screen, but requires a license…](https://reader033.vdocument.in/reader033/viewer/2022042223/5ec97e9c0dc9db071513f7e7/html5/thumbnails/37.jpg)
Thank you for your attentionAlicja Kwasniewska [email protected]
Eric Lemoine [email protected] Michal Jastrzebski [email protected]
Irc: #openstack-kolla Webinar: https://vimeopro.com/midokura/345kl392