Copyright © NTT Communications Corporation. All rights reserved.

Mahito Ogura <m.ogura@ntt.com>NTT Communications

Collect, summarize and notify of OpenStack’s log

Copyright © NTT Communications Corporation. All rights reserved.

Mahito Ogura <m.ogura@ntt.com>

Technology DevelopmentDevOps Engineer

R&D for IaaS, NoSQL, DB as a Service,Hadoop as a service

Contributing to Devstack

About me

2

Copyright © NTT Communications Corporation. All rights reserved.

Our team’s mission

● To evaluate new components and functions for production● To accumulate knowledge of OpenStack’s operation for production

Challenge

● Continuously deploy OpenStack while constantly keeping service functionality and performance

○ This challenging story was spoken in Tokyo summit.“Automated Deployment & Benchmarking with Chef, Cobbler and Rally for OpenStack”

Background

3

Copyright © NTT Communications Corporation. All rights reserved.

Benchmark is helpful, but ...

4

Our challenge is successful !!

● Auto deployment and benchmarking can be constantly keeping service functionality and performance

Output to many OpenStack’s logs

● Normal: 40 ~ 50 lines/min x 3 cluster（16 hosts）● Benchmark: 220 ~ 260 lines/min x 3 cluster（16 hosts）

Debug: FalseOnly Nova

Copyright © NTT Communications Corporation. All rights reserved.

5

It is hard to manually find issues in logs...

barockschloss - https://www.flickr.com/photos/8663137@N04/4943743444/

Copyright © NTT Communications Corporation. All rights reserved.

Overview of System Architecture

OpenStack logsHost resource data

Storage

visualizestore

notify

pull

forward

store

Stream processing server

Time series database

Team collaboration tool

Metrics dashbord & graph editor

Data collector

6

Copyright © NTT Communications Corporation. All rights reserved.

Today’s talk target

OpenStack logsHost resource data

notify alert

forward log data

7

pull summrized data

Stream processing server

Data collector

Copyright © NTT Communications Corporation. All rights reserved.

FluentdFluentd is an open source data collector

Before Fluentd After Fluentd

Image from https://github.com/fluent/fluentd-docs 8

Copyright © NTT Communications Corporation. All rights reserved.

Collect OpenStack’s logs

OpenStack logs (fluent-plugin-tain)

9

nova-api.log

2015-10-19 17:29:37.832 25350 INFO nova.osapi_compute.wsgi.server [-] 10.1.16.22,127.0.0.1 "GET / HTTP/1.1" status: 200 len: 280 time: 0.0009720

{ "asctime":"2015-10-19 17:29:37.832", ”code":”200", "loglevel":"INFO", "objname":"nova.osapi_compute.wsgi.server”, …}

tag: openstack.nova.api.logforward

parse

Copyright © NTT Communications Corporation. All rights reserved.

Forward and Output

OpenStack logsHost resource data

Storage

tag:influxdb.**

tag:slack.**

tag:norikra.**

tag:**

tag:storage.**

10

<match openstack.**> type copy <store> type map tag (“norikra.” + tag) </store> <store> type map tag (“influxdb.” + tag) </store> <store> type map tag (“storage.” + tag) </store></match><match dstat.**> …

Fluentd server configuration

Copyright © NTT Communications Corporation. All rights reserved.

Norikra

Norikra is Open source server software

● Enable to select/count/grouping/etc.. from receiving data by using SQL● Enable to use time window (.win:time_batch(60 s))

11

Query Example:

SELECT hostname, loglevel, NULLABLE(message), COUNT(*) AS countFROM norikra_nova_compute_log.win:time_batch(1 min)WHERE loglevel = 'WARNING’GROUP BY hostname, loglevel, message

http://norikra.github.io/

Copyright © NTT Communications Corporation. All rights reserved.

Norikra vs other stream proecessing

Pros

● Easy to install● Don’t write code! Enable to use SQL

Cons

● Disable to distribute data● Disable to complex processing● Doesn’t have availavility

12

Copyright © NTT Communications Corporation. All rights reserved.

Summarize ‘WARNING’ message

OpenStack logsHost resource data

forward log data

13

pull summrized data

[

1445837968,

{"message":"No network configured!",

"loglevel":"WARNING",

"count":38,

"hostname":"compute-c3"}

]...

SELECT hostname, loglevel, NULLABLE(message), COUNT(*) AS countFROM norikra_nova_compute_log.win:time_batch(1 min)WHERE loglevel = 'WARNING’GROUP BY hostname, loglevel, message

Output summrized data per 1 min

Copyright © NTT Communications Corporation. All rights reserved.

Case: Notify a warning alert

OpenStack logsHost resource data

tag: norikra.**

tag: slack.**

14

tag: slack.nova.compute.warning.log

SELECT hostname, loglevel, NULLABLE(message), COUNT(*) AS countFROM norikra_nova_api_log.win:time_batch(1 min)WHERE loglevel = 'WARNING’GROUP BY hostname, loglevel, message

[

1445837968,

{"message":"No network configured!",

"loglevel":"WARNING",

"count":38,

"hostname":"compute-c3"}

]...

Copyright © NTT Communications Corporation. All rights reserved.

OpenStack’s logs are large and rapid stream

● All issues are hard to find in log stream

Fluentd & Norikra are powerfully software

● Easy to collect and forward for log data● Summarizable to large log data by using SQL● Enable to notify WARNING/ERROR alerts

Conclusion

15

Copyright © NTT Communications Corporation. All rights reserved.

16