OpenStack LumberJack – Part 1 rsyslog

Setting up rsyslogd for OpenStack

Logging for OpenStack has come quite a ways. What I’m going to attempt to do over a few posts, is recreate and expand a bit on what was discussed at this last OpenStack Summit with regard to Log Management and Mining in OpenStack. For now, that means installing rsyslogd and setting it up to accept remote connections.

Getting Started

For this work, we’re going to work with the OpenStack Cookbook installation that is found on Github here.. To get started with the repo, you will need to have the following prerequisites met:

  • Virtualbox (or VMware workstation / Fusion)
  • Vagrant
  • Git

Note: You’ll also want to have about 8gb ram.

To download and build the environment, run the following commands:

git clone https://github.com/OpenStackCookbook/OpenStackCookbook.git
cd OpenStackCookbook
git checkout icehouse
vagrant up

On a 2013 MacBook with and SSD this takes about 12 minutes.
Vagrant-cachier may also prompt to be installed or for sudo access. (If you’re on Windows, I’ve got a fix in the works)

What We’re Building

Currently the OpenStack Cookbook sets up an environment that looks like the following:

  • Controller (All APIs, Horizon, Rabbit, MySQL, etc)
  • Network (Neutron)
  • Compute (Nova, Neutron Agent)
  • Cinder (Well, cinder and an extra disk)

Diagram

In this environment, our controller functions as the central(ish) point where we work with OpenStack. That is, we log in there, and run all our commands from there. Additionally it is where a lot of the varied services run. So it is here we will place the rsyslog server and configure it to accept logs over the network.

This may not always be optimal, as storage is typically limited on the controller nodes and running out could cause some pretty ‘bad things’ to happen. Additionally, there are performance and security benefits to separating logging onto a 3rd party host. However, this being a lab, we’re consolidating the role onto a single host. The instructions in this and posts to follow will be portable.

In our next post we will show you where and how to configure remote logging for the varied OpenStack services.

Installing & Configuring rsyslog on the Controller Node

Now that your environment is up and we’ve talked a bit about what we are building and where rsyslog is going, let’s do the actual work part.

Installing rsyslogd

To install rSyslogd onto the controller node, run the following commands:

vagrant ssh controller
sudo apt-get install -y rsyslog

If it is not already installed, the above commands will log you into the controller and pull down rsyslog for you.

Configuring rsyslogd for Remote Connections

To configure rsyslogd to accept remote connections, you will need to be logged into the controller node and run the following commands:

sudo vim /etc/rsyslog.conf

In that file, find these lines and remove the # sign:

#$ModLoad imudp
#$UDPServerRun 514

Finally save the file (esc, !wq) and restart rsyslog as follows:

sudo /etc/init.d/rsyslog restart

Summary

What we did in this post, was lay the ground work for collecting and mining our OpenStack logs. We did this by spinning up our environment, installing rsyslog, and finally enabling remote logging via UDP.

In the next post, we will configure the OpenStack services to log via UDP to our logging host.