Page MenuHomePhabricator
Create Task
Maniphest T225125

Migrate Elasticsearch from deprecated Gelf logstash input to rsyslog Kafka logging pipeline
Closed, ResolvedPublic
Actions

Description

Elasticsearch is currently using the now deprecated logstash gelf input to ship logs to logstash.

Creating this task to track migration of Elasticsearch logging to the Kafka-logging pipeline.

Details

SubjectRepoBranchLines +/-
elasticsearch: cirrus logs to logging pipelineoperations/puppetproduction+2 -4
elasticsearch: add dependencies for JsonLayoutoperations/puppetproduction+14 -3
elasticsearch: switch relforge to new logging pipelineoperations/puppetproduction+1 -0
elasticsearch: switch relforge to new logging pipelineoperations/puppetproduction+1 -0
elasticsearch: add syslog logging optionoperations/puppetproduction+58 -18
elasticsearch: ship logs to local syslog serveroperations/puppetproduction+91 -15
Customize query in gerrit

Related Objects
Search...

Event Timeline

herron created this task.Jun 5 2019, 5:33 PM
Restricted Application added a project: Discovery-Search. · View Herald TranscriptJun 5 2019, 5:33 PM
herron added a subtask: T211125: Move service-runner to new logging infrastructure.Jun 5 2019, 5:56 PM
debt moved this task from needs triage to Ops / SRE on the Discovery-Search board.Jun 6 2019, 6:04 PM
ArielGlenn triaged this task as Medium priority.Jun 14 2019, 7:13 AM
fgiunchedi added a project: observability.Aug 19 2019, 2:29 PM
gerritbot added a comment.Aug 23 2019, 12:37 PM

Change 531922 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] elasticsearch: ship logs to syslog

https://gerrit.wikimedia.org/r/531922

gerritbot added a project: Patch-For-Review.Aug 23 2019, 12:37 PM
Mathew.onipe edited projects, added Discovery-Search (Current work); removed Discovery-Search.Aug 26 2019, 2:26 PM
Mathew.onipe claimed this task.Aug 27 2019, 5:18 PM
gerritbot added a comment.Sep 2 2019, 3:16 PM

Change 533928 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] elasticsearch: add syslog logging option

https://gerrit.wikimedia.org/r/533928

Mathew.onipe added a comment.Sep 3 2019, 3:50 PM

rsyslog Json requires the @cee token which must be provided according to standard via profile::rsyslog::udp_localhost_compat. Let's use profile::rsyslog::udp_json_logback_compat instead as it permits parsing of json from log4j without the token.

gerritbot added a comment.Sep 4 2019, 9:57 AM

Change 534399 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] elasticsearch: switch elasticsearch logging to syslog

https://gerrit.wikimedia.org/r/534399

gerritbot added a comment.Sep 4 2019, 1:49 PM

Change 531922 abandoned by Mathew.onipe:
elasticsearch: ship logs to local syslog server

Reason:
moved: https://gerrit.wikimedia.org/r/c/operations/puppet/ /534399

https://gerrit.wikimedia.org/r/531922

gerritbot added a comment.Sep 5 2019, 5:00 PM

Change 533928 merged by Gehel:
[operations/puppet@production] elasticsearch: add syslog logging option

https://gerrit.wikimedia.org/r/533928

gerritbot added a comment.Sep 6 2019, 8:40 AM

Change 534399 merged by Gehel:
[operations/puppet@production] elasticsearch: switch relforge to new logging pipeline

https://gerrit.wikimedia.org/r/534399

Maintenance_bot removed a project: Patch-For-Review.Sep 6 2019, 9:10 AM
Mathew.onipe added a comment.Sep 6 2019, 11:19 AM

JsonLayout requires other dependencies for log4j. This include jackson databind. See https://logging.apache.org/log4j/2.x/runtime-dependencies.html.
Two options:

  1. Rebuild log4j with this dependencies
  2. Fall back to shipping logs with PatternLayout.
gerritbot added a comment.Sep 9 2019, 11:53 AM

Change 535157 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] elasticsearch: add dependencies for JsonLayout

https://gerrit.wikimedia.org/r/535157

gerritbot added a project: Patch-For-Review.Sep 9 2019, 11:53 AM
gerritbot added a comment.Sep 9 2019, 11:57 AM

Change 535158 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] elasticsearch: switch relforge to new logging pipeline

https://gerrit.wikimedia.org/r/535158

Mathew.onipe moved this task from Incoming to Needs review on the Discovery-Search (Current work) board.Sep 10 2019, 1:50 PM
Mathew.onipe moved this task from Needs review to Blocked/Waiting on the Discovery-Search (Current work) board.Sep 24 2019, 5:45 PM
Mathew.onipe added a comment.Sep 24 2019, 5:49 PM

We should talk to elastic to see how we can move this forward.
Currently, we require jackson-databind 2.8.11 and jackson-annotation 2.8.11 for JsonLayout to work when using SyslogAppender. Version 2.8.6 is provided by debian for this packages. We should use the correct version to make sure everything work as expected.

Gehel moved this task from Blocked/Waiting to Waiting on the Discovery-Search (Current work) board.Oct 1 2019, 5:33 PM
Ottomata closed subtask T225129: Move eventgate logs to new logging infrastructure as Resolved.Dec 4 2019, 2:49 PM
gerritbot added a comment.Feb 6 2020, 9:33 AM

Change 570374 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] elasticsearch: cirrus logs to logging pipeline

https://gerrit.wikimedia.org/r/570374

gerritbot added a comment.Feb 6 2020, 1:58 PM

Change 570374 abandoned by Filippo Giunchedi:
elasticsearch: cirrus logs to logging pipeline

Reason:
Abandoning this for now, after a chat with gehel. ES7 comes with native json logging, thus likely not worth the effort of attempting json logging for ES6.

https://gerrit.wikimedia.org/r/570374

fgiunchedi subscribed.Feb 6 2020, 2:23 PM

Status update: out of the box json logging support has been introduced in elasticsearch 7 (https://github.com/elastic/elasticsearch/issues/8786). Whereas for previous versions we'd need to bring in jackson-databind, which comes with its own set of challenges (e.g. https://github.com/elastic/elasticsearch/issues/22103). Thus I'm of the opinion that waiting for the elasticsearch 7 upgrade on cirrus/relforge/cloudelastic will be easier.

fgiunchedi moved this task from Inbox to Backlog on the observability board.Apr 6 2020, 12:36 PM
Gehel removed Mathew.onipe as the assignee of this task.Apr 20 2020, 5:38 PM
Gehel edited projects, added Discovery-Search; removed Patch-For-Review, Discovery-Search (Current work).
Gehel added a subscriber: Mathew.onipe.
fgiunchedi mentioned this in T227080: Deprecate all non-Kafka logstash inputs.Oct 6 2020, 7:52 AM
Pchelolo closed subtask T211125: Move service-runner to new logging infrastructure as Resolved.May 25 2021, 8:50 PM
lmata edited projects, added SRE Observability; removed observability.Jul 12 2021, 2:22 AM
Maintenance_bot added a project: observability.Jul 12 2021, 2:48 AM
lmata moved this task from Inbox to Backlog on the SRE Observability board.Jul 15 2021, 4:09 AM
lmata edited projects, added Observability-Logging; removed SRE Observability.Aug 9 2021, 2:32 AM
Maintenance_bot edited projects, added SRE Observability; removed Observability-Logging.Aug 9 2021, 2:46 AM
lmata edited projects, added Observability-Metrics; removed SRE Observability.Aug 9 2021, 3:22 AM
Maintenance_bot edited projects, added SRE Observability; removed Observability-Metrics.Aug 9 2021, 3:48 AM
herron added a comment.Aug 30 2021, 6:41 PM

With the elastic SSPL changes that happened this year (T272111 T272238 etc.) is ES7 still a part of the roadmap for moving these logs away from gelf?

herron mentioned this in T288620: Document path forward and Retire remaining non-Kafka Logstash inputs.Sep 8 2021, 4:56 PM
herron added a comment.Dec 7 2021, 8:38 PM

These logs have been migrated to kafka-logging with the deployment of gelf_relay in T288620. Resolving!

herron closed this task as Resolved.Dec 7 2021, 8:39 PM
herron claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits