Merge pull request #54 from scality/improvement/WKBCH-14

WKBCH-14: Add cloudserver server-access.log and FluentBit for bucket logging

Author: dvasilas

.github/dependabot.yaml

@@ -26,6 +26,8 @@ updates:
         update-types: ["version-update:semver-major"]
       - dependency-name: "redis"
         update-types: ["version-update:semver-major"]
+      - dependency-name: "clickhouse/clickhouse-server"
+      - dependency-name: "fluent/fluent-bit"
     groups:
       docker:
         patterns:

cmd/config.go

@@ -58,6 +58,7 @@ type EnvironmentConfig struct {
 	Utapi          UtapiConfig          `yaml:"utapi"`
 	MigrationTools MigrationToolsConfig `yaml:"migration_tools"`
 	Clickhouse     ClickhouseConfig     `yaml:"clickhouse"`
+	Fluentbit      FluentbitConfig      `yaml:"fluentbit"`
 }
 
 type GlobalConfig struct {
@@ -219,6 +220,11 @@ type ClickhouseConfig struct {
 	LogLevel string `yaml:"log_level"`
 }
 
+type FluentbitConfig struct {
+	Image    string `yaml:"image"`
+	LogLevel string `yaml:"log_level"`
+}
+
 type AccessLoggingFeatureConfig struct {
 	Enabled bool `yaml:"enabled"`
 }
@@ -286,7 +292,8 @@ func DefaultEnvironmentConfig() EnvironmentConfig {
 		},
 		Utapi:          UtapiConfig{},
 		MigrationTools: MigrationToolsConfig{},
-		Clickhouse: ClickhouseConfig{},
+		Clickhouse:     ClickhouseConfig{},
+		Fluentbit:      FluentbitConfig{},
 	}
 }
 
@@ -367,5 +374,9 @@ func LoadEnvironmentConfig(path string) (EnvironmentConfig, error) {
 		cfg.Clickhouse.LogLevel = cfg.Global.LogLevel
 	}
 
+	if cfg.Fluentbit.LogLevel == "" {
+		cfg.Fluentbit.LogLevel = cfg.Global.LogLevel
+	}
+
 	return cfg, nil
 }

cmd/configure.go

@@ -37,11 +37,13 @@ func (c *ConfigureCmd) Run() error {
 func createLogDirectories(envDir string) error {
 	logDirs := []string{
 		filepath.Join(envDir, "logs"),
+		filepath.Join(envDir, "logs", "cloudserver"),
 		filepath.Join(envDir, "logs", "scuba"),
 		filepath.Join(envDir, "logs", "backbeat"),
 		filepath.Join(envDir, "logs", "migration-tools"),
 		filepath.Join(envDir, "logs", "clickhouse-shard-1"),
 		filepath.Join(envDir, "logs", "clickhouse-shard-2"),
+		filepath.Join(envDir, "logs", "fluentbit"),
 	}
 
 	for _, dir := range logDirs {
@@ -74,6 +76,7 @@ func configureEnv(cfg EnvironmentConfig, envDir string) error {
 		generateUtapiConfig,
 		generateMigrationToolsConfig,
 		generateClickhouseConfig,
+		generateFluentbitConfig,
 	}
 
 	configDir := filepath.Join(envDir, "config")
@@ -222,3 +225,12 @@ func generateClickhouseConfig(cfg EnvironmentConfig, path string) error {
 
 	return renderTemplates(cfg, "templates/clickhouse", filepath.Join(path, "clickhouse"), templates)
 }
+
+func generateFluentbitConfig(cfg EnvironmentConfig, path string) error {
+	templates := []string{
+		"fluent-bit.conf",
+		"parsers.conf",
+	}
+
+	return renderTemplates(cfg, "templates/fluentbit", filepath.Join(path, "fluentbit"), templates)
+}

templates/clickhouse/init.d/02-create-ingest-table.sql

@@ -8,7 +8,6 @@ CREATE TABLE IF NOT EXISTS logs.access_logs_ingest
     -- Analytics
     action                 LowCardinality(String),
     accountName            String,
-    accountDisplayName     String,
     userName               String,
     clientPort             UInt32,
     httpMethod             LowCardinality(String),

templates/cloudserver/config-v9.json

@@ -177,5 +177,16 @@
     "integrityChecks": {
         "objectPutRetention": true
     },
+    "serverAccessLogs": {
+    {{- if .Features.AccessLogging.Enabled }}
+        "mode": "ENABLED",
+    {{- else }}
+        "mode": "DISABLED",
+    {{- end }}
+        "outputFile": "/logs/server-access.log",
+        "highWaterMarkBytes": 10485760,
+        "retryReopenDelayMS": 1000,
+        "checkFileRotationIntervalMS": 10000
+    },
     "testingMode": true
 }

templates/fluentbit/fluent-bit.conf

@@ -0,0 +1,100 @@
+[SERVICE]
+    Flush        10
+    Grace        10
+    Parsers_File /fluent-bit/etc/parsers.conf
+
+    Log_Level    {{ .Fluentbit.LogLevel }}
+    Log_File     /var/log/fluent-bit/fluent-bit.log
+
+    # HTTP server for prometheus metrics
+    HTTP_Server  On
+    HTTP_Listen  0.0.0.0
+    HTTP_PORT    2020
+
+[INPUT]
+    Name             tail
+    Path             /fluent-bit/log/server-access.log
+    Tag              access_logging
+    Read_from_Head   true
+
+    # Sync with cloudserver checkFileRotationIntervalMS (10000ms)
+    # rotate_wait should be >= checkFileRotationIntervalMS to avoid losing logs
+    rotate_wait      30
+    refresh_interval 5
+
+    # Database for tracking file offsets across restarts
+    DB                /fluent-bit/data/tail.db
+    DB.locking        true
+    DB.sync           normal
+    DB.journal_mode   wal
+
+[FILTER]
+    Name     parser
+    Key_Name log
+    Match    access_logging
+    Parser   json_parser
+
+[FILTER]
+    Name          record_modifier
+    Match         access_logging
+
+    # Common
+    Allowlist_key hostname
+
+    # Analytics
+    Allowlist_key action
+    Allowlist_key accountName
+    Allowlist_key httpMethod
+    Allowlist_key userName
+    Allowlist_key bytesDeleted
+    Allowlist_key bytesReceived
+    Allowlist_key bodyLength
+    Allowlist_key contentLength
+    Allowlist_key elapsed_ms
+
+    # AWS
+    Allowlist_key startTime
+    Allowlist_key requester
+    Allowlist_key operation
+    Allowlist_key requestURI
+    Allowlist_key errorCode
+    Allowlist_key objectSize
+    Allowlist_key totalTime
+    Allowlist_key turnAroundTime
+    Allowlist_key referer
+    Allowlist_key userAgent
+    Allowlist_key versionId
+    Allowlist_key signatureVersion
+    Allowlist_key cipherSuite
+    Allowlist_key authenticationType
+    Allowlist_key hostHeader
+    Allowlist_key tlsVersion
+    Allowlist_key aclRequired
+
+    # Shared AWS and Analytics
+    Allowlist_key bucketOwner
+    Allowlist_key bucketName
+    Allowlist_key req_id
+    Allowlist_key bytesSent
+    Allowlist_key clientIP
+    Allowlist_key httpCode
+    Allowlist_key objectKey
+
+    # Scality server access logs extra fields
+    Allowlist_key logFormatVersion
+    Allowlist_key loggingEnabled
+    Allowlist_key loggingTargetBucket
+    Allowlist_key loggingTargetPrefix
+    Allowlist_key awsAccessKeyID
+    Allowlist_key raftSessionID
+
+[OUTPUT]
+    Name             http
+    Match            access_logging
+    Host             127.0.0.1
+    Port             8123
+    URI              /?query=INSERT+INTO+logs.access_logs_ingest+FORMAT+JSONEachRow
+    format           json_stream
+    json_date_key    timestamp
+    json_date_format epoch
+    Retry_Limit      5

templates/fluentbit/parsers.conf

@@ -0,0 +1,5 @@
+[PARSER]
+    Name        json_parser
+    Format      json
+    Time_Key    time
+    Time_Format %s.%L

templates/global/defaults.env

@@ -10,6 +10,7 @@ BACKBEAT_IMAGE="{{ .Backbeat.Image }}"
 UTAPI_IMAGE="{{ .Utapi.Image }}"
 MIGRATION_TOOLS_IMAGE="{{ .MigrationTools.Image }}"
 CLICKHOUSE_IMAGE="{{ .Clickhouse.Image }}"
+FLUENTBIT_IMAGE="{{ .Fluentbit.Image }}"
 
 METADATA_S3_DB_VERSION="{{ .S3Metadata.VFormat }}"
 CLOUDSERVER_ENABLE_NULL_VERSION_COMPAT_MODE="{{ .Cloudserver.EnableNullVersionCompatMode }}"

templates/global/docker-compose.yaml

@@ -66,9 +66,28 @@ services:
     volumes:
       - ./config/cloudserver/config.json:/conf/config.json:ro
       - ./config/cloudserver/locationConfig.json:/conf/locationConfig.json:ro
+      - ./logs/cloudserver:/logs:rw
     profiles:
       - base
 
+  fluentbit:
+    image: ${FLUENTBIT_IMAGE}
+    container_name: workbench-fluentbit
+    network_mode: host
+    depends_on:
+      clickhouse-shard-1:
+        condition: service_healthy
+      clickhouse-shard-2:
+        condition: service_healthy
+    volumes:
+      - ./config/fluentbit/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro
+      - ./config/fluentbit/parsers.conf:/fluent-bit/etc/parsers.conf:ro
+      - ./logs/cloudserver:/fluent-bit/log:ro
+      - ./logs/fluentbit:/var/log/fluent-bit:rw
+      - ./data/fluentbit:/fluent-bit/data:rw
+    profiles:
+      - feature-access-logging
+
   vault:
     image: ${VAULT_IMAGE}
     container_name: workbench-vault

templates/global/values.yaml

@@ -60,3 +60,6 @@ migration_tools:
 
 clickhouse:
   image: clickhouse/clickhouse-server:24.3.2.23-alpine
+
+fluentbit:
+  image: fluent/fluent-bit:3.2.2