Changes

* The grok-exporter configuration will be placed into a in OpenShfit ConfigMap and the rsyslog workspace must be an OpenShift volume (writing into the a containers file system in runtime is really inefficient)

* The rsyslog server running in the grok-exporter pod will both write the received HAproxy access logs into the file ('''/var/log/messages''' (- emptyDir type volume) and sends them to '''stdout ''' as wellfor central log processing.

* The grok-exporter program reads '''/var/log/messages''', and generates prometheus Prometheus metrics from the HAproxy access-logs.* The Promethues have Prometheus scrape config has to be configured to use extended with a '''kubernetes_sd_configs''' to section. Prometheus must collect the metrics directly collect metric from the grok-exporter pods, not through the Kubernetes service to bypass load-balancing

Grok-exporter is a tool that can process logs based on regular expressions and covert convert them into to one of the 4 basic prometheus Prometheus metrics:

Grok-exporter is based on the implementation of '''logstash-grok'' ', and grok-exporter is using patterns and functions defined in for logstash.

* '''webhook''': This solution could also be used with logstash used as rsyslog server. Logstash can send the logs to the grok-exporter webhook with the logstash plugin "http-output"* '''stdin''': With rsyslog, stdin can also be used. This requires the use of the '''omprog''' program, that can read data from stockets sockets and pas the content read pass on data through stdin: https://www.rsyslog.com/doc/v8-stable/configuration/modules/omprog.html

We To achieve the same goal with fluentd, we would need three fluentd plugins (I haven't tried this):

The other alternative solution would be google's '''mtail''', which is said to be more efficient in processing logs than the grok engine.<br>

* grok: Location of the grok patterns. Pattern definition will be are stored in /grok/patterns folderby default.

* help: This will be is the help text for the metric.* match: Describes the structure of the log string in a regular expression styleformat. Here you can use pre-defined grok patterns:

Grok assumes that each element is separated by a single space in the source log files. In the match section, you have to write a regular expression using grok building blocks. Each building block has the format: '''%{PATTERN_NAME}''' where PATTERN_NAME must be an existing predefined grok pattern. The most common type is '''%{DATA}''', which refers to an arbitrary data structure that contains no withe-space. There are several compound patterns that are build up from basic grok patterns. We can assign the regular expression result groups to named variables that can be used as the value of the Prometheus metric or as label values. The variable name must be placed inside the curly bracket of the pattern separated by a semicolon from the patter name. :

We are going to demonstrate it with an end-to-end a full, metric definition example: in the following section <br>

And there is given the following metric rule definition in the grok config:

And here Here is the finale metric provided by the grok-exporter metrics endpoint:

For a counter-type metric, we don't need to determine the value of the metric, because as it will just simply count the number of matches of the regular expression. In contrast, for all other types, we have to specify the value. This should It has be defined in the '''value''' section of the metric definition. We also have to reference here a variable defined Variables can be referenced in the match section like same way as we did saw it in in the label definition. The variable must be referenced chapter, in go-template style. Here is an example. The following two log lines are given:

We can apply functions to the values ​​of the metric labels. Functions were introduced in grok-exporter version 0.2.7. We can apply functions to metric value and to the value of its labels. String manipulation functions and arithmetic functions are also available. The following two arguments arithmetic functions are supported:

Functions have the following syntax: <pre> {{FUNCTION_NAME ATTR1 ATTR2}} </pre> where ATTR1 and ATTR2 can be either a natural number or a variable name. The variable name must start with a dot. Here is an example using the multiply function for on the the 'grok_example_lines' metrics metric definition form the example above:

* '''patterns_dir: ./patterns''' -> Base directory of the Pattern pattern definitions in the docker image

{{warning | do Do not forget to set the value of '''readall''' to 'false' in a live environment as it can significantly degrade performance}}

There are several online grok testing tools. These can be help to compile the required grok expression very effectively. Try this: https://grokdebug.herokuapp.com/

The second problem is that they are all based on ubuntu image, that makes it very difficult to get rsyslog to log on to stdout(ubunto doesn't support loggin to stdout), which required by the Kubernetets centralized log collector for retaining HAproxy logssystem. We are going to port the original grok Dockerfile to '''centos 7''' base image and will add rsyslog installation to the new image.

All necessary files are available on under my git-hub: https://github.com/berkiadam/haproxy-metrics/tree/master/grok-exporter-centos <br>I also created an ubuntu based solution, which is an extension of the original docker-hub solutionversion, which can also be found on git-hub in the '''grok-exporter-ubuntu folder'''. In the rest of this chapter, we are going to use the centOS version.

We will modify the official '''palobo/grok_exporter''' Dockerfile, we will extend it with the rsyslog installation and port it to centos: https://github.com/berkiadam/haproxy-metrics/tree/master/grok- CentOS-exporter

{{note | It is important to use grok-exporter version 0.2.7 or higher of the grok-exporter, as we use grok-functions were introduced in the metrics definitionsthis version}}

The '''rsyslog.conf''' file must be accompanied by include at least the following, which allows you to receive logos that enables receiving logs on port 514 on over both UDP and TCP (see zip above for details), and that write all . The logs are written to stdout and to /var/log/messages.

First, we will build the docker image with the local docker daemon so that we can run it locally for testing. Later we will build this it directly on the minishfit VM, since we will only be able to upload it to the minishfit docker registry from therethe VM. Since , at the and, as we will be uploading upload the image to a remote (not local) docker repository, it is important to follow the naming conventions:

We will upload the image to the docker registry running on the minishift, so it is important to specify the address and port of the minishfit-docker registry and the OpenShift namespace where the image will be placeddeployed.

The resulting image can be easily tested by running a native, local dockerlocally. Create a haproxy test log file ('''haproxy.log''') with the following content in it. This will be processed by the grok-exporterduring the test, as if it had been provided by haproxy.

Put the grok config file '''config.yml''' created specified above in the same folder. In the config.yml file, change the input.path to '''/grok/haproxy.log''' so that where the grok-exporter processes our test log filecontent is. Then start it the container with a following '''docker run' 'command:

After starting, check in log Check the logs and confirm that the grok and rsyslog are actually both have started:

Metrics are then available in the browser at http: // localhost: 9144 / metrics:

As a second step, verify that the '''rsyslog' 'running in the docker container can receive these remote log messages. To do this, first enter the container with the exec command and look for check the content of the /var/log/messages file:in f (follow) mode.

Now, from on the mother host machine, use the '''logger''' command to send a log message to the container running rsyslog server on port 514:

We would like have to to upload the completed docker our custom grok Docker image to the minishfit's own registry. To do thisso, you need to build the image with the minishfit VM 's local docker daemon, since you can only access the minishfit registry from therethe VM so uploading images is only possible from the VMs local registry. <br>Details at can be found here: [[Openshift_basics # Minishfit_docker_registry | ➲Image push to minishift docker registriy]]

 In order We need special rights for accessing the '''' admin '' user to have minishift registry even from the right to upload VM running the image to minishfit cluster. In the minisfhit registry example we always log in the '''default' 'namespace where the router is runningto minishfit as admin user, you need so we are going to get extend the''' cluster- admin ''' rights. It is important to log in user with '''the cluster-u system: admin''' and not just' 'oc login' 'role, as you will not have the right that has sufficient rights for uploading images to issue the command''' oc adm '''minishift registry. In For extending our user roles we have to log into the same waysystem namespace, we will refer to so always include the user namespace name in the 'oc login''--as''' parametercommand.

# oc login -u system: admin

{{note | If we get this error '''Error from server (NotFound): the server could not find the requested resource'' ', it probably means that our oc client''' oc '''is older than OpenShift version}}

Build it in the image on the minishfit VM as well:

Log in Push the image to the minisfhit docker registry and type '''push'''.:

== Kubernet Required Kubernetes objects ==

For grokthe HAproxy-exporter we will create a serviceAccount, a deployment, a service and a comifMap where we will store the grok-exporter configuration. In addition, we will modify extend the object '''SecurityContextConstraintsanyuid''' named anyuidSecurityContextConstraints object, because the rsyslog server requires the grok-exporter container to run in privileged mode.

=== Create the ServiceAccount ===The haproxy-exporter needs its own serviceAccount, which we will allow to run the privileged (root) container. This is what the rsyslog server needs.

===Objektumok definiálásaAddition Kubernetes objects===

Because of the Haproxy-exporter runs an rsyslog server in grok-exporter, it is important that the its container runs must be run in privileged mode. To do this, you need to add the serviceAcccount belonging to the haproxyHAproxy-exporter serviceAcccount to the SCC named ''' anyuid '' to enable running on behalf of the root'. So you we don't need the '''privileged '' SCC because the container principle wants to start as root, we don't need to force it by OpenShift configuration, we just have to allow it. OtherwiseWithout running as root, rsyslog will not be able to create sockets.{{warning | Admin admin rolebindg for developer user mynamespace is not enough to handle SCCs. You need to log in as an admin to do this: oc login -u system: admin}}

 To The haproxy-exporter service-account must be added to the 'anyuid' 'SCC, users''' sectionof the ' serviceAccount anyuid'' must be added SCC in the following format:

</ Sourcesource>

Since this is an existing '''scc''' and we just want to make apply some minor changes to it, we can edit it locally'on the fly' with the 'oc edit' command:

=== create the objects ===

=== Testing === Testing

Find the haproxy-exporter pod and look at check logs of the pod log:

Then enter the container and test the rsyslog functionserver:

Now, let's list the contents of the / var / log / messages folder:

Exit the container and retrieve the pod logs again to see if the log has been sent to stdoutas well:

=== Setting the environment variables ===For In the HAproxyrouters, we will set the address of the rsyslog server running in the haporxy-exporter pod via our environment variablevariables. To do this, we Let's check first list the haproxy-exporter service.

HAproxy stores the rsyslog server address in the environment variable '''ROUTER_SYSLOG_ADDRESS''' (part of Deployment)environment variable. We can rewrite overwrite this at runtime with the command '''oc set env'''command. After rewriting the variable, the pod will restart automatically.

{{note | In minishift, in the router container containers the name resolution does not work with name resolution for servicesKubernetes service names, because it is not doesn't use the Kubernetes cluster DNS server address but the minishfit VM. Therefore, all you have to do is enter the service's IP address instead of its name. In OpenShift, we enter have to use the name of the service}}

Then, in the As a second step, change the HAproxy log level in to debug to HAproxy, because you it only have produces access to the log in debug level.

{{warning | Performance test must be carried out to see how much is the extra load a haproxy has when running the haproxy in debug mode}}

As a result of modifying the above modification of the two environment variables, the configuration of HAproxy in the router container in file '''/var/lib/haproxy/conf/haproxy.config''' has changed to:

The important thing This is that the IP address of the haproxy-exporter service address , and the log level '''is debug' 'have appeared in the log parameter.

=== Testing the rsyslog server ===Generate some traffic through haproxy, then go back to the haproxy-exporter container and list the contents content of the messages file.

# kubectl exec -it haproxy-exporter-744d84f5df-9fj9m / bin / bash -n default

# tail -f / var / log / messages

=== Testing the grok-exporter component ===Please download open the grokgork-exporter metrics at http: // <pod IP>: 9144 / metrics. Either You can open this URL either in the haproxy-exporter pod itself with a on localhost call or in any other pod using the haporxy-exporter pod 's IP address. In the example below, I enter the test-app. We need have to see the '''haproxy_http_request_duration_seconds_bucket ''' histogram among the metrics.

# kubectl exec -it test-app-57574c8466-qbtg8 / bin / bash -n mynamespace

</ Sourcesource> 

We want the haproxy-exporter pods to be scalable. This requires that the prometheus Prometheus does not retrieve scrape the metrics through the service (because it does service loadbalancing), but addresses from the pods directly. To do this, the prometheus So Prometheus must get through the Kubernetes API query the '''Endpoint''' of definition assigned to the haproxy-epxporterexporter service from the Kubernetes API, which contains the list of ip IP addresses for the service's podcastspods. We will use the '''kubernetes_sd_configs'' element of prometheusto achieve his. (This requires that Prometheus to be able to communicate with the Kubernetes API. For details, see [[Prometheus_on_Kubernetes]])

When using '''kubernetes_sd_configs''' we Prometheus always get gets a list of a specific Kubernetes object objects from the server API (node, service, endpoints, pod) and then look up the resource it identifies those resources according to its configuration from which we want it wants to collect the metrics. We do this by going to In the '''' relabel_configs''' section and then applying of Prometheus configuration we will define filter conditions to for identifying the tags of the given Kubernetes resourceneeded resources. In this case, we want to find the endpoint belonging to the haproxy-exporterservice, because it allows Prometheus to find all the pods for the service. So, based on the tagsKubernetes labels, we will want to find the endpoint that is called '''' 'haproxy-exporter-service''' and also has a port called '''metrics'' port through which Prometheus can retrieve scrape the metrics. The In Prometheus, the default scrape URL is '''/ metrics''', so you we don't have to define it separately, it is used by grok-exporterimplicitly.

We look are looking for two tags labels in the Endpoints list:

The config-map that describes proetheus.yaml, that is, prometheus.yaml, should be completed extended with the following:

We will wait Wait for Prometheus to read the configuration file again:

Then, on the http://mon.192.168.42.185.nip.io/targets screen, verify that Prometheus reaches can scrape the haproxy-exporter target:

=== scaling haproxy-exporter scaling ===

== Metric varieties types ==

=== haproxy_http_request_duration_seconds_bucket === haproxy_http_request_duration_seconds_bucket

=== haproxy_http_request_duration_seconds_bucket_count === haproxy_http_request_duration_seconds_bucket_count

The total number of requests is the number of requests in that histogram

=== haproxy_http_request_duration_seconds_sum === haproxy_http_request_duration_seconds_sum

The sum of the response times in a given histogram. Based on the previous example, there were a total of 5 requests and kserving the summ serving time added up to was 13 s.

Starting with OpenShift 3.11, it is possible to define fire up a router that will openShfit automatically launch contain a side car rsyslog container in the router pod and configure HAproxy to send logs to the rsyslog server via an emptyDir volume , which writes them to stdout by default. The configuration of rsyslog is in a configMap.

You can create a router with syslogserver using the '''--extended-logging''' switch with in the command '''' 'oc adm router'''command.

Turn on the debug level loging in HAproxy:

You can see that the '''/ var / lib / rsyslog /''' folder is mounted in both containers. You will create the The rsyslog.sock file will be created here in your HAproxy configuration file.

When we enter the router container, we can see that the configuration has already been lickedmodified:

If you want to reconfigure rsyslog to send logs to eg e.g, logstash then you only need to rewrite the configMap. By default, it rsyslog only writes to stdout what you get.