To make fluentd aware of the service log files, it needs to set up a couple of variable one for the owner of the file tripleo_fluentd_groups_SERVICE_NAME and the other one to set the log files tripleo_fluentd_sources_SERVICE_NAME.
Firstly, the SERVICE_NAME should be the name that the service has on the variable service_name.
-
tripleo_fluentd_groups_SERVICE_NAME: [string, string]
-
tripleo_fluentd_sources_SERVICE_NAME: [file_hash]
-
file_hash
- tag: whatEverItSNeeded
- path: logPathFile
- format: /(?\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+)(?\d+)(?\S+)(?.*)$
- pos_file: /var/cache/fluentd/whatEverItSNeeded.pos
- type: tail
The two mandatory variables are tag and path
Let me show you one example:
From the docker/services/cinder-api.yaml
...
CinderApiLoggingSource:
type: json
default:
tag: openstack.cinder.api
path: /var/log/containers/cinder/cinder-api.log
...
outputs:
role_data:
description: Role data for the Cinder API role.
value:
service_name: {get_attr: [CinderBase, role_data, service_name]}
...
...
service_config_settings:
map_merge:
- get_attr: [CinderBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_cinder_api:
- cinder
tripleo_fluentd_sources_cinder_api:
- {get_param: CinderApiLoggingSource}
...
This generates the following:
cat /var/lib/config-data/fluentd/etc/fluentd/config.d/100-openstack-cinder_api.conf
# This file is managed by Puppet, do not edit manually.
<source>
format /(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+) (?<pid>\d+) (?<priority>\S+) (?<message>.*)$/
path /var/log/containers/cinder/cinder-api.log
pos_file /var/cache/fluentd/openstack.cinder.api.pos
tag openstack.cinder.api
@type tail
</source>
However there are services that have more than one file. It's also possible to configure fluentd to read several files.
For instance docker/services/keystone.yaml
...
KeystoneLoggingSource:
type: json
default:
tag: openstack.keystone
path: /var/log/containers/keystone/keystone.log
format: multiline
format_firstline: '/^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[(req-\S+ \S+ \S+ \S+ \S+ \S+|-)\]/'
format1: '/^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) (\[(req-(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<user_domain>\S+) (?<project_domain>\S+)|-)\])? (?<Payload>.*)?$/'
KeystoneErrorLoggingSource:
type: json
default:
tag: openstack.keystone.error
path: /var/log/containers/httpd/keystone/error_log
...
...
service_config_settings:
map_merge:
- get_attr: [KeystoneBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_keystone:
- keystone
tripleo_fluentd_sources_keystone:
- {get_param: KeystoneLoggingSource}
- {get_param: KeystoneErrorLoggingSource}
...
This generates:
cat /var/lib/config-data/fluentd/etc/fluentd/config.d/100-openstack-keystone.conf
# This file is managed by Puppet, do not edit manually.
<source>
format multiline
format1 /^(?<Timestamp>\S+ \S+) (?<Pid>\d+) (?<log_level>\S+) (?<python_module>\S+) (\[(req-(?<request_id>\S+) (?<user_id>\S+) (?<tenant_id>\S+) (?<domain_id>\S+) (?<user_domain>\S+) (? <project_domain>\S+)|-)\])? (?<Payload>.*)?$/
format_firstline /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \d+ \S+ \S+ \[(req-\S+ \S+ \S+ \S+ \S+ \S+|-)\]/
path /var/log/containers/keystone/keystone.log
pos_file /var/cache/fluentd/openstack.keystone.pos
tag openstack.keystone
@type tail
</source>
<source>
format /(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+) (?<pid>\d+) (?<priority>\S+) (?<message>.*)$/
path /var/log/containers/httpd/keystone/error_log
pos_file /var/cache/fluentd/openstack.keystone.error.pos
tag openstack.keystone.error
@type tail
</source>
As it can be see on the last example, the paramters can be overwriten. To test a new format, you can use fluentular to test it