diff --git a/logging/cluster-logging-loki.adoc b/logging/cluster-logging-loki.adoc index 5cb9e0e2fa9a..4bca6a01fa5d 100644 --- a/logging/cluster-logging-loki.adoc +++ b/logging/cluster-logging-loki.adoc @@ -14,6 +14,8 @@ include::modules/loki-deployment-sizing.adoc[leveloffset=+1] include::modules/cluster-logging-loki-deploy.adoc[leveloffset=+1] +include::modules/logging-creating-new-group-cluster-admin-user-role.adoc[leveloffset=+1] + include::modules/logging-loki-gui-install.adoc[leveloffset=+1] //// include::modules/logging-loki-restart-hardening.adoc[leveloffset=+1] diff --git a/modules/cluster-logging-loki-deploy.adoc b/modules/cluster-logging-loki-deploy.adoc index 1054ef65c053..3b35616cbff7 100644 --- a/modules/cluster-logging-loki-deploy.adoc +++ b/modules/cluster-logging-loki-deploy.adoc @@ -142,4 +142,4 @@ endif::[] .. Under Console plugin, click *Disabled*. .. Select *Enable* and then *Save*. This change restarts the `openshift-console` pods. .. After the pods restart, you will receive a notification that a web console update is available, prompting you to refresh. -.. After refreshing the web console, click *Observe* from the left main menu. A new option for *Logs* is available. +.. After refreshing the web console, click *Observe* from the left main menu. A new option for *Logs* is available. \ No newline at end of file diff --git a/modules/logging-creating-new-group-cluster-admin-user-role.adoc b/modules/logging-creating-new-group-cluster-admin-user-role.adoc new file mode 100644 index 000000000000..9abbbfe29dd9 --- /dev/null +++ b/modules/logging-creating-new-group-cluster-admin-user-role.adoc @@ -0,0 +1,32 @@ +// Module included in the following assemblies: + +// cluster-logging-loki.adoc + +:_mod-docs-content-type: PROCEDURE +[id="logging-creating-new-group-cluster-admin-user-role_{context}"] += Creating a new group for the cluster-admin user role + +include::snippets/logging-clusteradmin-access-logs-snip.adoc[] + +Use the following procedure to create a new group for users with `cluster-admin` permissions. + +.Procedure + +. Enter the following command to create a new group: ++ +[source,terminal] +---- +$ oc adm groups new cluster-admin +---- +. Enter the following command to add the desired user to the `cluster-admin` group: ++ +[source,terminal] +---- +$ oc adm groups add-users cluster-admin +---- +. Enter the following command to add `cluster-admin` user role to the group: ++ +[source,terminal] +---- +$ oc adm policy add-cluster-role-to-group cluster-admin cluster-admin +---- diff --git a/snippets/logging-clusteradmin-access-logs-snip.adoc b/snippets/logging-clusteradmin-access-logs-snip.adoc new file mode 100644 index 000000000000..794061c1e10e --- /dev/null +++ b/snippets/logging-clusteradmin-access-logs-snip.adoc @@ -0,0 +1,13 @@ +// Text snippet included in the following assemblies: +// +// +// Text snippet included in the following modules: +// +// * modules/logging-creating-new-group-cluster-admin-user-role.adoc +// +:_mod-docs-content-type: SNIPPET + +[IMPORTANT] +==== +Querying application logs for multiple namespaces as a `cluster-admin` user, where the sum total of characters of all of the namespaces in the cluster is greater than 5120, results in the error `Parse error: input size too long (XXXX > 5120)`. For better control over access to logs in LokiStack, make the `cluster-admin` user a member of the `cluster-admin` group. If the `cluster-admin` group does not exist, create it and add the desired users to it. +==== \ No newline at end of file