Reference documents:
Monitoring Kubernetes clusters using grayog and Prometheus
Prometheus2 #22
Grafana #40
Telegraf #41
Graylog #47
Elasticsearch #49
Mongodb #59
Apache2
Multi node openstack charms Deployment Guide 0.0.1-36-graylog actual - 1
Multi node openstack charms Deployment Guide 0.0.1-37-grayog actual-2
Multi node openstack charms Deployment Guide 0.0.1-38-grayog actual-3
Multi node openstack charms Deployment Guide 0.0.1-39-graylog-4-filebeat
Rsyslog #18
Rsyslog Forwarder Ha #20
Multi node OpenStack Charms Deployment Guide 0.0.1 Dev223 – 26 – establish relationships across model s and build rsyslog log server
Multi node OpenStack Charms Deployment Guide 0.0.1 Dev223 – 25 – rsyslog server build actual
Next section, ubuntu20.04 deploy k8s-4 using juju+maas environment - monitor k8s cluster using grayog and Prometheus2 - 1 - deploy rsyslog module:
This section deploys the graylog module to receive the logs forwarded by the rsyslog forward ha application of the k8s module and the logs forwarded by the filebeat application of the rsyslog module.
Author: llama charmers stable, candidate
Support: Xenial Bionic Focal
Use command:
juju deploy cs:graylog-47
describe
Install the Graylog log management system. A fully functional system needs to be connected to elastic search and mongodb. https://www.graylog.org/
Series: xenial › bionic › focal ›
label: misc ›
summary
This charm uses the snap package to install Graylog.
Usage:
juju deploy cs:~graylog-charmers/graylog juju run-action --wait graylog/X show-admin-password
Grayog needs to run MongoDB and Elasticsearch to use.
juju deploy cs:~mongodb-charmers/mongodb juju relate graylog:mongodb mongodb:database juju deploy cs:~elasticsearch-charmers/elasticsearch juju relate graylog:elasticsearch elasticsearch:client
Then you can browse to http://ip-address:9000 And log in as user "admin". By default, the password is a random value, so you must run Juju run action -- wait grayog / X show admin password to allow administrators to access the installation.
Reverse agency relationship
Graylog supports the use of http relationships to advertise its ports to applications acting as reverse proxies. The port of the webUI passes through the all of the relationship_ The relationship in the services variable is exposed.
Note: for graylog version 2, API ports are also exposed through http relationships. Graylog version 3 hardcoded / API / location and used the default port (9000) for webUI and API.
For more details on using this feature, see Apache2 Charming reverse proxy description.
Sample Graylog 2 vhost template for Apache 2 Charm:
$ cat graylog-vhost.tmpl
<Location "/">
RequestHeader set X-Graylog-Server-URL "http://{{servername}}/api/"
ProxyPass http://{{graylog_web}}/
ProxyPassReverse http://{{graylog_web}}/
</Location>
<Location "/api/">
ProxyPass http://{{graylog_api}}/api/
ProxyPassReverse http://{{graylog_api}}/api/
</Location>
Sample Graylog 3 vhost template for Apache 2 Charm:
$ cat graylog-vhost.tmpl
<Location "/">
RequestHeader set X-Graylog-Server-URL "http://{{servername}}/"
ProxyPass http://{{graylog_web}}/
ProxyPassReverse http://{{graylog_web}}/
</Location>
Now deploy and configure apache2 as your Graylog reverse proxy:
juju deploy apache2 juju config apache2 "enable_modules='headers proxy_html proxy_http'" juju config apache2 "vhost_http_template=$(base64 ./graylog-vhost.tmpl)" juju expose apache2 juju relate apache2:reverseproxy graylog:website
Visit http: / / to access the Graylog Web interface.
Extended use
Both MongoDB and Elasticsearch applications can be expanded or reduced. Graylog will reconfigure itself as needed. Grayog charm does not yet support clustering of multiple units.
to configure
Depending on the Elasticsearch charm used, the cluster name may not be passed to Graylog. In this case, Elasticsearch should be set_ cluster_ Name configuration options.
Log input
An optional configuration option log_inputs enables us to specify additional log inputs. This requires a yaml list as input. Yaml can contain four values: name, type, and bind_address and bind_port, and can contain multiple inputs. For example, to enable Syslog UDP input, yaml might be as follows:
- name: SyslogUDP type: Syslog UDP bind_address: 0.0.0.0 bind_port: 514
upgrade
Graylog can upgrade to different snapshot versions by setting channel configuration options. For example, use the following to switch to the latest version 3 edge snap.
juju config graylog channel='3/edge'
Note: when upgrading from Graylog version 2 to version 3, see Upgrade Guide To ensure that your environment meets the minimum requirements.
If the new channel configuration option causes a new snap to be installed, it will be installed in / var / snap / graylog / common / server Back up the previous configuration file on the graylog unit in conf. $prev. This may be useful if you need to restore graylog to a previous version in the future.
The following is the actual configuration process:
See
Multi node openstack charms Deployment Guide 0.0.1-36-graylog actual - 1
Multi node openstack charms Deployment Guide 0.0.1-37-grayog actual-2
Multi node openstack charms Deployment Guide 0.0.1-38-grayog actual-3
Multi node openstack charms Deployment Guide 0.0.1-39-graylog-4-filebeat
Configure virtual machine on mass
For nat conversion, you need to fix the grayog, elastic search and Apache 2 ip addresses. Therefore, you need to compose three virtual machines in maas and edit tag and ip. For specific steps, see Multi node OpenStack Charms Deployment Guide 0.0.1 Dev223 – 2-install MAAS
| Node name | label | Number of vCPU | Number of network cards | Memory g number | Number of hard disks | Hard disk g | ip |
|---|---|---|---|---|---|---|---|
| elasticsearch.maas | elasticsearch | 2 | 1 | 8 | 1 | 80 | 10.0.9.3 |
| apache2.maas | apache2 | 2 | 1 | 8 | 1 | 60 | 10.0.9.18 |
| graylog.maas | graylog | 2 | 1 | 8 | 1 | 60 | 10.0.9.13 |
Configure NAT
See:
Ubuntu 20.04 firewall UFW for NAT conversion, IP camouflage, port redirection, port mapping
Write graylog - Vhost tmpl
vim graylog-vhost.tmpl
<Location "/">
RequestHeader set X-Graylog-Server-URL "http://{{servername}}/api/"
ProxyPass http://{{graylog_web}}/
ProxyPassReverse http://{{graylog_web}}/
<Location "/api/">
ProxyPass http://{{graylog_api}}/api/
ProxyPassReverse http://{{graylog_api}}/api/
Deploy graylog
#Deploy related applications, apache2, grayog, elasticsearch, mongodb juju deploy cs:elasticsearch --constraints tags=elasticsearch --series focal --config apt-repository="deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" --debug juju deploy cs:graylog-47--constraints tags=graylog --series focal --debug juju deploy cs:mongodb --to lxd:0 --series focal --debug juju deploy cs:apache2 --constraints tags=apache2 --series focal --debug #Build relationships juju relate graylog:mongodb mongodb:database juju relate graylog:elasticsearch elasticsearch:client #to configure juju config apache2 "enable_modules='headers proxy_html proxy_http'" juju config apache2 "vhost_http_template=$(base64 ./graylog-vhost.tmpl)" juju expose apache2 juju relate apache2:reverseproxy graylog:website #Get graylog password juju run-action --wait graylog/0 show-admin-password
Debugging Apache 2
You need to enter the Apache 2 / 0 unit for execution
juju ssh apache2/0
Enable agent module
sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_balancer sudo a2enmod lbmethod_byrequests
Restart Apache 2
sudo service apache2 restart
To view Apache 2 status:
systemctl status apache2.service
Enable header function
sudo a2enmod headers
Restart Apache 2 again and check the status
sudo service apache2 restart systemctl status apache2.service
Configure graylog
First, configure the address mapping in the nat gateway. The public ip:50080 is mapped to the intranet address of the graylog server: 80
juju config graylog web_endpoint_uri=http://NAT gateway public network ip:50080/api/
then:
http://nat Gateway public network ip:9000/api/
The long-awaited graylog page appears:
Import rsyslog log:
See:
Multi node openstack charms Deployment Guide 0.0.1-38-graylog actual - 3
Switch to the module where rsyslog forward HA is used
juju switch k8s juju config rsyslog forward_host="10.0.9.13" #The ip address or domain name of graylog/0 juju config rsyslog forward_protocol="tcp" juju config rsyslog forward_port="514"