[toolforge,infra] Centralized logging for Toolforge infrastructure logs
Open, MediumPublicFeature
Actions

Assigned To

None

Authored By

	valhallasw
	May 1 2015, 9:59 PM

Description

One log to rule them all.

It would be good to have logstash for at least tools-ops logs, which includes

basic system logging (dmesg / systemd)
k8s logs (maybe not tools, but kube-system/toolforge components at least)
toolforge component deployment actions
maintain-harbor (that might be logging to the worker's local filesystem currently, we might not need to do that anymore if we can pull the logs directly from k8s, T383081: Persist important toolforge k8s components logs)

Systemd would include most (if not all) the VM services (ssh, puppet, redis, nginx, ...).

Being able then to search through it (kibana style) would help enormously to debug issues, specially for k8s components that might have the logs only in the pods or locally on the workers.

Details

Related Changes in GitLab:

	Title	Reference	Author	Source Branch	Dest Branch
	logging: Deploy tools Loki buckets	repos/cloud/toolforge/tofu-provisioning!55	taavi	main-If5631649c079906d83e832a7a92149039289c0e8	main

Customize query in GitLab

Related Objects
Search...

Status	Subtype	Assigned	Task
Open	Feature	None	T97861 [toolforge,infra] Centralized logging for Toolforge infrastructure logs
Resolved		taavi	T386480 [o11y,logging,infra] Deploy Loki to store Toolforge tool log data
Resolved		taavi	T396574 Provision object storage volumes for Loki
Resolved		Andrew	T396594 Create OpenStack role that allows object storage access only
Resolved		dcaro	T397339 Request creation of toolsbeta-logging VPS project
Resolved		None	T397446 Request creation of tools-logging VPS project
Resolved		Andrew	T398447 Increase tools-logging object storage quotas

Event Timeline

valhallasw created this task.May 1 2015, 9:59 PM

valhallasw raised the priority of this task from to Medium.

valhallasw updated the task description. (Show Details)

valhallasw added a project: Toolforge.

valhallasw added subscribers: coren, scfc, Aklapper, yuvipanda.

10:09 valhallasw`cloud: created toolsbeta-logstash to play around with logstash and figure out what we need for tools (phab:T97861)
10:25 valhallasw`cloud: set Hiera variable "elasticsearch::cluster_name": toolsbeta-logstash-eqiad
10:30 valhallasw`cloud: pulled new changes into puppetmaster to get https://github.com/wikimedia/operations-puppet/commit/4afd23d8e2905a84ef211ad92e8314173eb743ba in
10:37 valhallasw`cloud: that doesn't seem to be applied... setting has_ganglia: false manually in wikitech hiera
11:11 valhallasw`cloud: commenting out include ::elasticsearch::ganglia in role::logstash seems to work. I think we have to write our own tools logstash roles anyway in the end, as the role::logstash code contains e.g. mediawiki specific code

Unfortunately, logstash doesn't actually start and crashes with

Errno::EBADF: Bad file descriptor - Bad file descriptor
          close at org/jruby/RubyIO.java:2097
        connect at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/connection.rb:173
           each at org/jruby/RubyArray.java:1613
        connect at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/connection.rb:139
        connect at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/agent.rb:406
           call at org/jruby/RubyProc.java:271
          fetch at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/pool.rb:48
        connect at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/agent.rb:403
        execute at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/agent.rb:319
           get! at /opt/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/agent.rb:217
       register at /opt/logstash/lib/logstash/outputs/elasticsearch_http.rb:117
           each at org/jruby/RubyArray.java:1613
   outputworker at /opt/logstash/lib/logstash/pipeline.rb:220
  start_outputs at /opt/logstash/lib/logstash/pipeline.rb:152

Which was because elasticsearch wasn't started. OK, that starts logstash, but that doesn't actually give us an interface yet...

valhallasw added a subscriber: • bd808.May 8 2015, 7:41 PM

valhallasw moved this task from Backlog to Ready to be worked on on the Toolforge board.May 10 2015, 8:43 PM

intracer subscribed.Oct 24 2015, 4:56 PM

Restricted Application added a project: Cloud-Services. · View Herald TranscriptOct 24 2015, 4:56 PM

tom29739 subscribed.Apr 4 2016, 3:38 PM

valhallasw mentioned this in T127367: [toolforge,jobs-api,webservice,storage] Provide modern, non-NFS log solution for Toolforge tools.May 27 2016, 4:36 PM

• Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:51 PM

Framawiki subscribed.Jun 7 2018, 7:04 PM

herron added a parent task: T198756: Audit log producers across the infrastructure and plan their transition to centralized logging..Jul 5 2018, 5:14 PM

Unlinking from T198756 as Toolforge is out of scope for the current goals, though the design/implementation can be equally applied to Toolforge as well.

JeanFred subscribed.Aug 29 2019, 8:36 AM

JeanFred awarded a token.Aug 29 2019, 10:09 AM

• Bstorm added a project: cloud-services-team (Kanban).Mar 10 2020, 6:45 PM

Random note that, at this point, one of the only multitenant solutions for this kind of thing that is open source seems to be https://grafana.com/docs/loki/latest/overview/

• Bstorm added a subtask: T152235: Simple logrotate service for users of Tools as stopgap before central logging.Oct 16 2020, 6:07 PM

• Bstorm added a parent task: T122508: Prevent overly-large log files.Oct 16 2020, 6:10 PM

• Bstorm closed this task as a duplicate of T127367: [toolforge,jobs-api,webservice,storage] Provide modern, non-NFS log solution for Toolforge tools.

Re-opening this as it isn't really a duplicate. Instead both this and the other one should be under another task.

cc observability for visibility

Hello, Is there something for us (o11y) here or should we just stay in the loop for potential collaboration? Subscribing and radar for now.

• lmata moved this task from Inbox to Radar on the observability board.Oct 19 2020, 3:13 PM

• nskaggs subscribed.Oct 21 2020, 9:26 PM

This is something to discuss and potentially collaborate on. I'll follow-up with you.

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 7:32 PM

fnegri moved this task from Kanban to Inbox on the cloud-services-team board.

Don-vip awarded a token.Jan 7 2024, 12:32 PM

Don-vip subscribed.

dcaro moved this task from Ready to be worked on to Workspace for triaging whenever needed on the Toolforge board.Feb 21 2024, 10:17 AM

dcaro renamed this task from Provide centralized logging (logstash) for Toolforge to [toolforge.infra] Provide centralized logging (logstash) for Toolforge.Feb 21 2024, 10:20 AM

dcaro reopened this task as Open.

dcaro closed this task as a duplicate of T141500: [toolforge.infra] Setup centralized logging for the infra (ELK possibly).

dcaro merged a task: T141500: [toolforge.infra] Setup centralized logging for the infra (ELK possibly).

dcaro added subscribers: yuvipanda, EBernhardson.

dcaro moved this task from Workspace for triaging whenever needed to Ready to be worked on on the Toolforge board.Feb 21 2024, 4:02 PM

dcaro closed subtask T152235: Simple logrotate service for users of Tools as stopgap before central logging as Resolved.Jul 11 2024, 2:57 PM

Count_Count subscribed.Sep 5 2024, 10:37 AM

• bd808 changed the subtype of this task from "Task" to "Feature Request".Jan 13 2025, 11:13 PM

dcaro renamed this task from [toolforge.infra] Provide centralized logging (logstash) for Toolforge to [toolforge.infra] Provide centralized logging (logstash) for Toolforge platform.Jan 15 2025, 3:05 PM

dcaro updated the task description. (Show Details)Jan 15 2025, 3:09 PM

taavi renamed this task from [toolforge.infra] Provide centralized logging (logstash) for Toolforge platform to [toolforge.infra] Provide centralized logging for Toolforge platform.Jan 15 2025, 3:10 PM

dcaro updated the task description. (Show Details)Jan 15 2025, 3:23 PM

Just so I understand the relationship between this and T127367... this is specifically about logs for admins/infra components, and T127367 is about logs for tools themselves?

In T97861#10546357, @Andrew wrote:

Just so I understand the relationship between this and T127367... this is specifically about logs for admins/infra components, and T127367 is about logs for tools themselves?

Yep, it might not have started like that but currently that's the split. This one is for the toolforge platform itself (used by toolforge roots), the other task is for the tools, used by toolforge users.

dcaro renamed this task from [toolforge.infra] Provide centralized logging for Toolforge platform to [toolforge,infra] Provide centralized logging for Toolforge platform.Feb 12 2025, 10:15 PM

taavi renamed this task from [toolforge,infra] Provide centralized logging for Toolforge platform to [toolforge,infra] Cntralized logging for Toolforge infrastructure logs.May 23 2025, 2:32 PM

taavi removed a project: observability.

taavi removed a subtask: T152235: Simple logrotate service for users of Tools as stopgap before central logging.May 23 2025, 2:34 PM

taavi removed parent tasks: T122508: Prevent overly-large log files, T90534: Make toolforge reliable enough (tracking).

taavi added a subtask: T386480: [o11y,logging,infra] Deploy Loki to store Toolforge tool log data.May 23 2025, 2:36 PM

taavi claimed this task.Jun 24 2025, 11:53 AM

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/55

logging: Deploy remaining Loki buckets

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/834

logging: loki: Add second Loki instance for infrastructure logs

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/835

logging: alloy: Add routing for infrastructure logs

dcaro renamed this task from [toolforge,infra] Cntralized logging for Toolforge infrastructure logs to [toolforge,infra] Centralized logging for Toolforge infrastructure logs.Jun 25 2025, 8:15 AM

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/836

logging: alloy: Allow running on the entire cluster

@taavi hey, can you update this task with your plans on using loki for this? And how does it fit in the overall picture for centralized infra logs?

I'm concerned that maybe loki is not simple/stable enough to use for infra things, specially as we would want to use those when k9s fails/has issues xd

Yes. My plan is to feed logs of everything running inside Kubernetes cluster itself to a Loki instance hosted in there. That primarily includes the various components (which need the cluster to work to function in the first place, plus have a bunch of metadata from the cluster API that we want to include in the logs again placing a dependency on the K8s api to work for any solution).

It doesn't give a general solution for logging things that run outside the cluster (nor for the cluster infrastructure itself), but it doesn't make the logging solution for that any worse. And I think that those two problems will need relatively different solutions anyways, for example VM logs IHMO should be handled via the rsyslog daemon running on each VM (which in fact doesn't work for Loki).

Hmm, does this mean that you foresee having two centralized places for logs? It's better than not having any, but I would prefer having only one place xd

As far as I understand, having container logs from k8s pushed into rsyslog is actually possible (probably as a nicer implementation of T383081: Persist important toolforge k8s components logs), can't we use that then to log everything we want there instead of having two solutions?

I'm not saying that we should not split it in two, but I would like to understand more in detail the rationale before doing so, as I think that it loses some of it's value and potentially complicates the system (by having two very different ways of collecting, storing and exposing logs).

I agree that in an ideal world with infinite engineering resources, it would be great to have some system to collect all the Toolforge infrastructure logs, both from hosts and from in K8s, instead of separate systems for that. Unfortunately we do not currently live in such an ideal world.

I would much prefer to re-use the work I'm doing for tool logging in Loki here to get at least a partial solution that gives us centralized logging for a major, well-defined part of our operational logs (which also happens to be the part where the logs are most quickly lost if you do nothing, as that ticket demonstrates), instead of doing nothing now and having absolutely no central logging until we engineer a full solution that catches all the logs.

(T383081: Persist important toolforge k8s components logs seems like a partial dupe of this, so unless you have objections I'll merge that here!)

I'm not convinced that we are in such dire situation for the extra complexity to be worth maintaining, can we discuss it in a decision request?

That'd help both make sure we explore the major options and consequences, and align ourselves.

In the meantime, this does not have to stop or modify the work on the tools logging, it should be independent. So we can continue with that, and it will also help to get experience with loki and the setup and inform the infra decision.

T383081: Persist important toolforge k8s components logs is a temporary hack to persist to some extent the logs of some of the critical components we have, it's not meant to be a centralized solution in any way (it just persists the logs is syslog of the worker/controller, nothing else), so I think it's not really a duplicate.