Merge pull request #7191 from mburke5678/BZ-1526262

Clarified support for journald per BZ

Author: mburke5678

install_config/aggregate_logging.adoc

@@ -42,15 +42,23 @@ administrators can view all logs, but application developers can only view logs
 for projects they have permission to view. The stack components communicate
 securely.
 
-[NOTE]
-====
-xref:../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing
-Docker Container Logs] discusses the use of `json-file` logging driver options
+Aggregated logging is supported using the `json-file` or `journald` driver in Docker. 
+The Docker log driver is set to `journald` as the default for all nodes. See
+xref:fluentd-upgrade-source[Updating Fluentd's Log Source After a Docker Log
+Driver Update] for more information about switching between `json-file` and `journald`.
+Fluentd automatically determines which log driver (`journald` or `json-file`) the container runtime is using. 
+
+When the log driver is set to `journald`, Fluentd reads journald logs. When set to `json-file` Fluentd reads from *_/var/log/containers_*. 
+
+See xref:../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing
+Docker Container Logs] for information on `json-file` logging driver options
 to manage container logs and prevent filling node disks.
 
-Aggregated logging is only supported using the `journald` driver in Docker. See
-xref:fluentd-upgrade-source[Updating Fluentd's Log Source After a Docker Log
-Driver Update] for more information.
+
+[IMPORTANT]
+====
+If Docker log-driver is set to journald, there is no log rate throttling with the `journald` driver. 
+As a result, there is a risk of denial-of-service attacks from rogue containers.
 ====
 
 [[aggregate-logging-pre-deployment-configuration]]
@@ -1764,6 +1772,57 @@ $ curl --key /etc/elasticsearch/secret/admin-key \
 ----
 ====
 
+[[fluentd-update-source]]
+== Changing the Aggregated Logging Driver
+
+By default, aggregated logging uses the `journald` log driver 
+xref:../install_config/install/advanced_install.adoc#configuring-host-variables[unless `json-file` was specified during installation]. You can change the log driver between `journald` and `json-file` as needed.
+
+[IMPORTANT]
+====
+When using the `json-file` driver, ensure that your Docker version is Docker version *docker-1.12.6-55.gitc4618fb.el7_4 now*
+or later.
+====
+
+Fluentd determines the driver Docker is using by checking the *_/etc/docker/daemon.json_* and *_/etc/sysconfig/docker_* files.
+
+You can determine which driver Docker is using with the `docker info` command:
+
+----
+# docker info | grep Logging
+
+Logging Driver: journald
+----
+
+To change between `json-file` and `journald` after installation:
+ 
+. Modify either the *_/etc/sysconfig/docker_* or *_/etc/docker/daemon.json_* files.
++
+For example:
++
+[source,json]
+----
+# cat /etc/sysconfig/docker
+OPTIONS=' --selinux-enabled --log-driver=json-file --log-opt max-size=1M --log-opt max-file=3 --signature-verification=False'
+
+cat /etc/docker/daemon.json
+{
+"log-driver": "json-file",
+"log-opts": {
+"max-size": "1M",
+"max-file": "1"
+}
+}
+----
+
+. Restart the Docker service:
++
+----
+systemctl restart docker
+----
+
+. Update the xref:fluentd-upgrade-source[Fluentd log source].
+
 [[fluentd-upgrade-source]]
 == Updating Fluentd's Log Source After a Docker Log Driver Update
 

install_config/install/advanced_install.adoc

@@ -511,10 +511,16 @@ which may cause invalid configurations. Example usage:
 *{'image-gc-high-threshold': ['90'],'image-gc-low-threshold': ['80']}*.
 
 |`openshift_docker_options`
-|This variable configures additional `docker` options within
+a|This variable configures additional `docker` options within
 *_/etc/sysconfig/docker_*, such as options used in
-xref:../../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing Container Logs]. Example usage: *"--log-driver json-file --log-opt max-size=1M
---log-opt max-file=3"*. Do not use when
+xref:../../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing Container Logs]. 
+Use `json-file` or `journald`. The default is `journald`. 
+Example usage: 
+----
+"--log-driver json-file --log-opt max-size=1M --log-opt max-file=3"
+"--log-driver journald" 
+----
+Do not use when
 xref:advanced-install-docker-system-container[running `docker` as a system container].
 
 |`openshift_schedulable`

install_config/install/host_preparation.adoc

@@ -579,13 +579,6 @@ container is running) can increase to a problematic size. You can manage this by
 configuring Docker's `json-file` logging driver to restrict the size and number
 of log files.
 
-[IMPORTANT]
-====
-Aggregated logging is only supported using the `journald` driver in Docker. See
-xref:../../install_config/aggregate_logging.adoc#fluentd-upgrade-source[Updating
-Fluentd's Log Source After a Docker Log Driver Update] for more information.
-====
-
 [options="header"]
 |===