syslog changes Multi NPU platforms #4738
Conversation
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
| @@ -238,7 +242,9 @@ start() { | |||
| redis_dir=`echo $redis_dir_list | cut -d " " -f $id` | |||
| REDIS_MNT=" -v $redis_dir:$redis_dir:rw " | |||
| fi | |||
|
|
|||
| # Containers in the docker network will use the syslog-driver as log-driver. This is mainly applicable for Multi NPU system | |||
| LOG_OPTS="--log-driver=syslog --log-opt syslog-address=udp://127.0.0.1:514 --log-opt syslog-format=rfc5424 \ | |||
There was a problem hiding this comment.
Should there be a check to make sure docker_image_run_opt does not have--log-driver=json-file ?
There was a problem hiding this comment.
@SuvarnaMeenakshi syslogs will not work if the log-driver is json on containers running the docker bridge network, so I think we can ignore --log-driver=json-file in this case.
There was a problem hiding this comment.
Could you giver proof or reference that "syslogs will not work if the log-driver is json on containers running the docker bridge network"? #Closed
There was a problem hiding this comment.
Logs
docker logs for swss running in namespace asic0.
admin@sonic:~$ docker logs swss0 | grep orchagent
2020-06-10 00:45:01,434 INFO spawned: 'orchagent' with pid 36
2020-06-10 00:45:02,439 INFO success: orchagent entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
same logs not available in syslog file
admin@sonic:~$ sudo zgrep -i orchagent /var/log/syslog.*
admin@sonic:~$
There was a problem hiding this comment.
I see your point. Syslogs will not work if the log-driver is json and this is not related to docker bridge network and applicable to previous single ASIC use case.
Do you want to fix both single ASIC and multiple ASIC? #Closed
There was a problem hiding this comment.
I didnt change the Single ASIC I didnt want to break any backward compatibility for some applications,
There was a problem hiding this comment.
Then you need to check '--log-driver=json-file' in docker_image_run_opt because it will work if user specify it explicitly #Closed
There was a problem hiding this comment.
Fixed in the latest commit
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
| intf="lo" | ||
| fi | ||
|
|
||
| udp_server_ip=$(ip -o -4 addr list $intf | awk '{print $4}' | cut -d/ -f1) |
There was a problem hiding this comment.
ip -o -4 addr list $intf [](start = 16, length = 24)
There may be more than one lo interfaces. How do you handle? #Closed
There was a problem hiding this comment.
fixed in the latest commit
| {%- else %} | ||
| # Containers in the docker network will use the syslog-driver as log-driver. This is mainly applicable for Multi NPU system | ||
| # In this case the syslog service on the host is listening on the docker0 address | ||
| syslog_address=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) |
There was a problem hiding this comment.
| syslog_address=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) | |
| syslog_address=$(docker network inspect bridge --format='{{(index .IPAM.Config 0).Gateway}}') | |
| ``` #Closed |
There was a problem hiding this comment.
This IP address is actually available in build time. Check files/docker/docker.service.conf
In reply to: 439565102 [](ancestors = 439565102)
There was a problem hiding this comment.
This change has been removed
| TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) | ||
| CONTAINER_NAME="{{docker_container_name}}$DEV" | ||
| TMP_FILE="/tmp/rsyslog.$CONTAINER_NAME.conf" | ||
| sonic-cfggen -t /usr/share/sonic/templates/rsyslog-container.conf.j2 -a "{\"target_ip\": \"$TARGET_IP\", \"container_name\": \"$CONTAINER_NAME\" }" > $TMP_FILE |
There was a problem hiding this comment.
[](start = 21, length = 1)
One extra blank #Closed
There was a problem hiding this comment.
added in the latest commit
There was a problem hiding this comment.
Could you remove the extra blank in
sonic-cfggen -t
In reply to: 439579965 [](ancestors = 439579965)
There was a problem hiding this comment.
Fixed in the latest commit
| TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) | ||
| CONTAINER_NAME="{{docker_container_name}}$DEV" | ||
| TMP_FILE="/tmp/rsyslog.$CONTAINER_NAME.conf" | ||
| sonic-cfggen -t /usr/share/sonic/templates/rsyslog-container.conf.j2 -a "{\"target_ip\": \"$TARGET_IP\", \"container_name\": \"$CONTAINER_NAME\" }" > $TMP_FILE |
There was a problem hiding this comment.
container_name [](start = 116, length = 14)
This field make original code useless.
ARG docker_container_name
Could you remove original related code in Dockerfile(s)? #Pending
There was a problem hiding this comment.
Agreed. I will do it in a separate PR. Filed this issue to track this.
| # running on the namespace to reach the rsyslog service running on the host | ||
| # Also update the container name | ||
| if [[ ($NUM_ASIC -gt 1) ]]; then | ||
| TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) |
There was a problem hiding this comment.
TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) [](start = 8, length = 72)
This IP address is actually available in build time. Check files/docker/docker.service.conf #Closed
There was a problem hiding this comment.
Yes, I didn't want to hard code the ip address here. So using this method to get the docker0 ip address
There was a problem hiding this comment.
I mean docker0 IP address is actually available in build time. Check files/docker/docker.service.conf. You are ok to use ip command, but build time constant may be easier.
In reply to: 439581391 [](ancestors = 439581391)
There was a problem hiding this comment.
| if [[ ($NUM_ASIC -gt 1) ]]; then | ||
| TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) | ||
| CONTAINER_NAME="{{docker_container_name}}$DEV" | ||
| TMP_FILE="/tmp/rsyslog.$CONTAINER_NAME.conf" |
There was a problem hiding this comment.
TMP_FILE="/tmp/rsyslog.$CONTAINER_NAME.conf" [](start = 8, length = 44)
Could you use Dockerfile ENV and docker create --env to pass the container_name. Then no need to create tmpfile. #Pending
There was a problem hiding this comment.
The tmp file is created after rendering this template /usr/share/sonic/templates/rsyslog-container.conf.j2, which has updated syslog.conf file. I don't think the tmp file can be avoided even if we pass the ENV to the container.
In Multi-NPU platforms it is possible that multi containers can be started at the same time, to avoid container using wrong syslog.conf files I am using the container name in the tmp filename
There was a problem hiding this comment.
Let's create two ENV:
- RSYSLOG_SERVER_IP
- CONTAINER_NAME
Pass the ENV values by command docker create ... --env RSYSLOG_SERVER_IP=AA.BB.CC.DD ...
The benefit:
- not tmp file management
- works with multiple containers from single image
In reply to: 439583041 [](ancestors = 439583041)
There was a problem hiding this comment.
@qiluo-msft created a issue to track 4778 to improvements suggested in this comment.
| @@ -228,6 +244,10 @@ start() { | |||
| done | |||
| fi | |||
| {%- endif %} | |||
| # single NPU systems and container running on the host network continue to use the json-file as log-driver | |||
There was a problem hiding this comment.
single NPU systems and container running on the host network continue to use the json-file as log-driver [](start = 8, length = 106)
The different behavior of single NPU vs multiple NPU is confusing and complex deign.
What about moving all use cases to log-driver, or all use cases to json-file as before? #Closed
There was a problem hiding this comment.
Changed to use json-file for all cases
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
| @@ -228,6 +245,7 @@ start() { | |||
| done | |||
| fi | |||
| {%- endif %} | |||
|
|
|||
| else | |||
There was a problem hiding this comment.
No need to change this line #Closed
There was a problem hiding this comment.
Fixed in latest commit
| @@ -238,7 +256,6 @@ start() { | |||
| redis_dir=`echo $redis_dir_list | cut -d " " -f $id` | |||
| REDIS_MNT=" -v $redis_dir:$redis_dir:rw " | |||
| fi | |||
|
|
|||
| {%- if docker_container_name == "database" %} | |||
There was a problem hiding this comment.
No need to change this line #Closed
There was a problem hiding this comment.
Fixed in latest commit
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
| # running on the namespace to reach the rsyslog service running on the host | ||
| # Also update the container name | ||
| if [[ ($NUM_ASIC -gt 1) ]]; then | ||
| TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) |
There was a problem hiding this comment.
| TARGET_IP=$(ip -o -4 addr list docker0 | awk '{print $4}' | cut -d/ -f1) | |
| TARGET_IP=$(docker network inspect bridge --format='{{(index .IPAM.Config 0).Gateway}}') | |
| ``` #Closed |
There was a problem hiding this comment.
Fixed in the latest commit
|
@qiluo-msft , @SuvarnaMeenakshi , @lguohan |
Add changes for syslog support for containers running in namespaces on multi ASIC platforms. On Multi ASIC platforms Rsyslog service is only running on the host. There is no rsyslog service running in each namespace. On multi ASIC platforms the rsyslog service on the host will be listening on the docker0 ip address instead of loopback address. The rsyslog.conf on the containers is modified to have omfwd target ip to be docker0 ipaddress instead of loopback ip Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Add changes for syslog support for containers running in namespaces on multi ASIC platforms. On Multi ASIC platforms Rsyslog service is only running on the host. There is no rsyslog service running in each namespace. On multi ASIC platforms the rsyslog service on the host will be listening on the docker0 ip address instead of loopback address. The rsyslog.conf on the containers is modified to have omfwd target ip to be docker0 ipaddress instead of loopback ip Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Add changes for syslog support for containers running in namespaces on multi ASIC platforms. On Multi ASIC platforms Rsyslog service is only running on the host. There is no rsyslog service running in each namespace. On multi ASIC platforms the rsyslog service on the host will be listening on the docker0 ip address instead of loopback address. The rsyslog.conf on the containers is modified to have omfwd target ip to be docker0 ipaddress instead of loopback ip Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan arlakshm@microsoft.com
- Why I did it
Add changes for syslog support for containers running in namespaces on multi NPU platforms.
On Multi NPU platforms
No change done for single ASIC platforms
- How I did it
- How to verify it
Verify the syslogs are generated properly
Sample logs:
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)