Skip to content

Commit 90d2000

Browse files
authored
Merge pull request #7924 from openshift-cherrypick-robot/cherry-pick-7191-to-enterprise-3.9
[enterprise-3.9] Clarified support for journald per BZ
2 parents dc110ff + 36da120 commit 90d2000

File tree

3 files changed

+75
-17
lines changed

3 files changed

+75
-17
lines changed

install_config/aggregate_logging.adoc

Lines changed: 66 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -42,15 +42,23 @@ administrators can view all logs, but application developers can only view logs
4242
for projects they have permission to view. The stack components communicate
4343
securely.
4444

45-
[NOTE]
46-
====
47-
xref:../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing
48-
Docker Container Logs] discusses the use of `json-file` logging driver options
45+
Aggregated logging is supported using the `json-file` or `journald` driver in Docker.
46+
The Docker log driver is set to `journald` as the default for all nodes. See
47+
xref:fluentd-upgrade-source[Updating Fluentd's Log Source After a Docker Log
48+
Driver Update] for more information about switching between `json-file` and `journald`.
49+
Fluentd automatically determines which log driver (`journald` or `json-file`) the container runtime is using.
50+
51+
When the log driver is set to `journald`, Fluentd reads journald logs. When set to `json-file` Fluentd reads from *_/var/log/containers_*.
52+
53+
See xref:../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing
54+
Docker Container Logs] for information on `json-file` logging driver options
4955
to manage container logs and prevent filling node disks.
5056

51-
Aggregated logging is only supported using the `journald` driver in Docker. See
52-
xref:fluentd-upgrade-source[Updating Fluentd's Log Source After a Docker Log
53-
Driver Update] for more information.
57+
58+
[IMPORTANT]
59+
====
60+
If Docker log-driver is set to journald, there is no log rate throttling with the `journald` driver.
61+
As a result, there is a risk of denial-of-service attacks from rogue containers.
5462
====
5563

5664
[[aggregate-logging-pre-deployment-configuration]]
@@ -1763,6 +1771,57 @@ $ curl --key /etc/elasticsearch/secret/admin-key \
17631771
----
17641772
====
17651773

1774+
[[fluentd-update-source]]
1775+
== Changing the Aggregated Logging Driver
1776+
1777+
By default, aggregated logging uses the `journald` log driver
1778+
xref:../install_config/install/advanced_install.adoc#configuring-host-variables[unless `json-file` was specified during installation]. You can change the log driver between `journald` and `json-file` as needed.
1779+
1780+
[IMPORTANT]
1781+
====
1782+
When using the `json-file` driver, ensure that your Docker version is Docker version *docker-1.12.6-55.gitc4618fb.el7_4 now*
1783+
or later.
1784+
====
1785+
1786+
Fluentd determines the driver Docker is using by checking the *_/etc/docker/daemon.json_* and *_/etc/sysconfig/docker_* files.
1787+
1788+
You can determine which driver Docker is using with the `docker info` command:
1789+
1790+
----
1791+
# docker info | grep Logging
1792+
1793+
Logging Driver: journald
1794+
----
1795+
1796+
To change between `json-file` and `journald` after installation:
1797+
1798+
. Modify either the *_/etc/sysconfig/docker_* or *_/etc/docker/daemon.json_* files.
1799+
+
1800+
For example:
1801+
+
1802+
[source,json]
1803+
----
1804+
# cat /etc/sysconfig/docker
1805+
OPTIONS=' --selinux-enabled --log-driver=json-file --log-opt max-size=1M --log-opt max-file=3 --signature-verification=False'
1806+
1807+
cat /etc/docker/daemon.json
1808+
{
1809+
"log-driver": "json-file",
1810+
"log-opts": {
1811+
"max-size": "1M",
1812+
"max-file": "1"
1813+
}
1814+
}
1815+
----
1816+
1817+
. Restart the Docker service:
1818+
+
1819+
----
1820+
systemctl restart docker
1821+
----
1822+
1823+
. Update the xref:fluentd-upgrade-source[Fluentd log source].
1824+
17661825
[[fluentd-upgrade-source]]
17671826
== Updating Fluentd's Log Source After a Docker Log Driver Update
17681827

install_config/install/advanced_install.adoc

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -463,10 +463,16 @@ which may cause invalid configurations. Example usage:
463463
*{'image-gc-high-threshold': ['90'],'image-gc-low-threshold': ['80']}*.
464464

465465
|`openshift_docker_options`
466-
|This variable configures additional `docker` options within
466+
a|This variable configures additional `docker` options within
467467
*_/etc/sysconfig/docker_*, such as options used in
468-
xref:../../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing Container Logs]. Example usage: *"--log-driver json-file --log-opt max-size=1M
469-
--log-opt max-file=3"*. Do not use when
468+
xref:../../install_config/install/host_preparation.adoc#managing-docker-container-logs[Managing Container Logs].
469+
Use `json-file` or `journald`. The default is `journald`.
470+
Example usage:
471+
----
472+
"--log-driver json-file --log-opt max-size=1M --log-opt max-file=3"
473+
"--log-driver journald"
474+
----
475+
Do not use when
470476
xref:advanced-install-docker-system-container[running `docker` as a system container].
471477

472478
|`openshift_schedulable`

install_config/install/host_preparation.adoc

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -582,13 +582,6 @@ container is running) can increase to a problematic size. You can manage this by
582582
configuring Docker's `json-file` logging driver to restrict the size and number
583583
of log files.
584584

585-
[IMPORTANT]
586-
====
587-
Aggregated logging is only supported using the `journald` driver in Docker. See
588-
xref:../../install_config/aggregate_logging.adoc#fluentd-upgrade-source[Updating
589-
Fluentd's Log Source After a Docker Log Driver Update] for more information.
590-
====
591-
592585
[options="header"]
593586
|===
594587

0 commit comments

Comments
 (0)