Changes

There are several online grok testing tools. These can be help to compile the required grok expression very effectively. Try this: https://grokdebug.herokuapp.com/

The second problem is that they are all based on ubuntu image, that makes it very difficult to get rsyslog to log to stdout(ubunto doesn't support loggin to stdout), which required by the Kubernetets centralized log collector system for retaining HAproxy logs. We are going to port the original grok Dockerfile to '''centos 7''' base image and will add rsyslog installation to the new image.

All necessary files are available on under my git-hub: https://github.com/berkiadam/haproxy-metrics/tree/master/grok-exporter-centos <br>I also created an ubuntu based solution, which is an extension of the original docker-hub solutionversion, which can also be found on git-hub in the '''grok-exporter-ubuntu folder'''. In the rest of this chapter, we are going to use the centOS version.

We will modify the official '''palobo/grok_exporter''' Dockerfile, we will extend it with the rsyslog installation and port it to centos: https://github.com/berkiadam/haproxy-metrics/tree/master/grok- CentOS-exporter

{{note | It is important to use grok-exporter version 0.2.7 or higher of the grok-exporter, as we use grok-functions were introduced in the metrics definitionsthis version}}

The '''rsyslog.conf''' file must be accompanied by include at least the following, which allows you to receive logos that enables receiving logs on port 514 on over both UDP and TCP (see zip above for details), and that write all . The logs are written to stdout and to /var/log/messages.

First, we will build the docker image with the local docker daemon so that we can run it locally for testing. Later we will build this it directly on the minishfit VM, since we will only be able to upload it to the minishfit docker registry from therethe VM. Since , at the and, as we will be uploading upload the image to a remote (not local) docker repository, it is important to follow the naming conventions:

We will upload the image to the docker registry running on the minishift, so it is important to specify the address and port of the minishfit-docker registry and the OpenShift namespace where the image will be placeddeployed.

The resulting image can be easily tested by running a native, local dockerlocally. Create a haproxy test log file ('''haproxy.log''') with the following content in it. This will be processed by the grok-exporterduring the test, as if it had been provided by haproxy.

Put the grok config file '''config.yml''' created specified above in the same folder. In the config.yml file, change the input.path to '''/grok/haproxy.log''' so that where the grok-exporter processes our test log filecontent is. Then start it the container with a following '''docker run' 'command:

After starting, check in log Check the logs and confirm that the grok and rsyslog are actually both have started:

Metrics are then available in the browser at http: // localhost: 9144 / metrics:

As a second step, verify that the '''rsyslog' 'running in the docker container can receive these remote log messages. To do this, first enter the container with the exec command and look for check the content of the /var/log/messages file:in f (follow) mode.

Now, from on the mother host machine, use the '''logger''' command to send a log message to the container running rsyslog server on port 514:

We would like have to to upload the completed docker our custom grok Docker image to the minishfit's own registry. To do thisso, you need to build the image with the minishfit VM 's local docker daemon, since you can only access the minishfit registry from therethe VM so uploading images is only possible from the VMs local registry. <br>Details at can be found here: [[Openshift_basics # Minishfit_docker_registry | ➲Image push to minishift docker registriy]]

 In order We need special rights for accessing the '''' admin '' user to have minishift registry even from the right to upload VM running the image to minishfit cluster. In the minisfhit registry example we always log in the '''default' 'namespace where the router is runningto minishfit as admin user, you need so we are going to get extend the''' cluster- admin ''' rights. It is important to log in user with '''the cluster-u system: admin''' and not just' 'oc login' 'role, as you will not have the right that has sufficient rights for uploading images to issue the command''' oc adm '''minishift registry. In For extending our user roles we have to log into the same waysystem namespace, we will refer to so always include the user namespace name in the 'oc login''--as''' parametercommand.

# oc login -u system: admin

{{note | If we get this error '''Error from server (NotFound): the server could not find the requested resource'' ', it probably means that our oc client''' oc '''is older than OpenShift version}}

Build it in the image on the minishfit VM as well:

Log in Push the image to the minisfhit docker registry and type '''push'''.:

== Kubernet Required Kubernetes objects ==

For grokthe HAproxy-exporter we will create a serviceAccount, a deployment, a service and a comifMap where we will store the grok-exporter configuration. In addition, we will modify extend the object '''SecurityContextConstraintsanyuid''' named anyuidSecurityContextConstraints object, because the rsyslog server requires the grok-exporter container to run in privileged mode.

=== Create the ServiceAccount ===The haproxy-exporter needs its own serviceAccount, which we will allow to run the privileged (root) container. This is what the rsyslog server needs.

===Objektumok definiálásaAddition Kubernetes objects===

Because of the Haproxy-exporter runs an rsyslog server in grok-exporter, it is important that the its container runs must be run in privileged mode. To do this, you need to add the serviceAcccount belonging to the haproxyHAproxy-exporter serviceAcccount to the SCC named ''' anyuid '' to enable running on behalf of the root'. So you we don't need the '''privileged '' SCC because the container principle wants to start as root, we don't need to force it by OpenShift configuration, we just have to allow it. OtherwiseWithout running as root, rsyslog will not be able to create sockets.{{warning | Admin admin rolebindg for developer user mynamespace is not enough to handle SCCs. You need to log in as an admin to do this: oc login -u system: admin}}

 To The haproxy-exporter service-account must be added to the 'anyuid' 'SCC, users''' sectionof the ' serviceAccount anyuid'' must be added SCC in the following format:

Since this is an existing '''scc''' and we just want to make apply some minor changes to it, we can edit it locally'on the fly' with the 'oc edit' command:

=== create the objects ===

=== Testing === Testing

Find the haproxy-exporter pod and look at check logs of the pod log:

Then enter the container and test the rsyslog functionserver:

Now, let's list the contents of the / var / log / messages folder:

Exit the container and retrieve the pod logs again to see if the log has been sent to stdoutas well:

=== Setting the environment variables ===For In the HAproxyrouters, we will set the address of the rsyslog server running in the haporxy-exporter pod via our environment variablevariables. To do this, we Let's check first list the haproxy-exporter service.

HAproxy stores the rsyslog server address in the environment variable '''ROUTER_SYSLOG_ADDRESS''' (part of Deployment)environment variable. We can rewrite overwrite this at runtime with the command '''oc set env'''command. After rewriting the variable, the pod will restart automatically.

{{note | In minishift, in the router container containers the name resolution does not work with name resolution for servicesKubernetes service names, because it is not doesn't use the Kubernetes cluster DNS server address but the minishfit VM. Therefore, all you have to do is enter the service's IP address instead of its name. In OpenShift, we enter have to use the name of the service}}

Then, in the As a second step, change the HAproxy log level in to debug to HAproxy, because you it only have produces access to the log in debug level.

{{warning | Performance test must be carried out to see how much is the extra load a haproxy has when running the haproxy in debug mode}}

As a result of modifying the above modification of the two environment variables, the configuration of HAproxy in the router container in file '''/var/lib/haproxy/conf/haproxy.config''' has changed to:

The important thing This is that the IP address of the haproxy-exporter service address , and the log level '''is debug' 'have appeared in the log parameter.

=== Testing the rsyslog server ===Generate some traffic through haproxy, then go back to the haproxy-exporter container and list the contents content of the messages file.

# kubectl exec -it haproxy-exporter-744d84f5df-9fj9m / bin / bash -n default

# tail -f / var / log / messages

=== Testing the grok-exporter component ===Please download open the grokgork-exporter metrics at http: // <pod IP>: 9144 / metrics. Either You can open this URL either in the haproxy-exporter pod itself with a on localhost call or in any other pod using the haporxy-exporter pod 's IP address. In the example below, I enter the test-app. We need have to see the '''haproxy_http_request_duration_seconds_bucket ''' histogram among the metrics.

We want the haproxy-exporter pods to be scalable. This requires that the prometheus Prometheus does not retrieve scrape the metrics through the service (because it does service loadbalancing), but addresses from the pods directly. To do this, the prometheus So Prometheus must get through the Kubernetes API query the '''Endpoint''' of definition assigned to the haproxy-epxporterexporter service from the Kubernetes API, which contains the list of ip IP addresses for the service's podcastspods. We will use the '''kubernetes_sd_configs'' element of prometheusto achieve his. (This requires that Prometheus to be able to communicate with the Kubernetes API. For details, see [[Prometheus_on_Kubernetes]])

When using '''kubernetes_sd_configs''' we Prometheus always get gets a list of a specific Kubernetes object objects from the server API (node, service, endpoints, pod) and then look up the resource it identifies those resources according to its configuration from which we want it wants to collect the metrics. We do this by going to In the '''' relabel_configs''' section and then applying of Prometheus configuration we will define filter conditions to for identifying the tags of the given Kubernetes resourceneeded resources. In this case, we want to find the endpoint belonging to the haproxy-exporterservice, because it allows Prometheus to find all the pods for the service. So, based on the tagsKubernetes labels, we will want to find the endpoint that is called '''' 'haproxy-exporter-service''' and also has a port called '''metrics'' port through which Prometheus can retrieve scrape the metrics. The In Prometheus, the default scrape URL is '''/ metrics''', so you we don't have to define it separately, it is used by grok-exporterimplicitly.

We look are looking for two tags labels in the Endpoints list:

The config-map that describes proetheus.yaml, that is, prometheus.yaml, should be completed extended with the following:

We will wait Wait for Prometheus to read the configuration file again:

Then, on the http://mon.192.168.42.185.nip.io/targets screen, verify that Prometheus reaches can scrape the haproxy-exporter target:

=== scaling haproxy-exporter scaling ===

== Metric varieties types ==

=== haproxy_http_request_duration_seconds_bucket === haproxy_http_request_duration_seconds_bucket

=== haproxy_http_request_duration_seconds_bucket_count === haproxy_http_request_duration_seconds_bucket_count

The total number of requests is the number of requests in that histogram

=== haproxy_http_request_duration_seconds_sum === haproxy_http_request_duration_seconds_sum

The sum of the response times in a given histogram. Based on the previous example, there were a total of 5 requests and kserving the summ serving time added up to was 13 s.