I have a working fluent-bit:1.7
I need OUTPUT to Elasticsearch and create a dynamic index based on the k8s label = name.
I want the following convention for the index:
infra-${app_name}-yyyy.mm.dd
Example: infra-mongodb-2021.01.01, infra-postgresql-2021.01.01, infra-kafka-2021.01.01 etc...
This is my FILTER and OUTPUT config:
[FILTER]
Name kubernetes
Match kube.*
Merge_Log Off
Keep_Log Off
[OUTPUT]
Name es
Match kube.*
Host ${ES_HOST}
Logstash_Format On
Logstash_Prefix_Key kubernetes['labels']['name']
But it generates the following index: mongodb-2021.01.01
It's almost done, I just need to always add the infra- prefix.
Just to be clear, I need something like:
Logstash_Prefix_Key infra-${kubernetes['labels']['name']}
I did this using Lua plugin to create a field in the record with the name of the index then using this field as Logstash_Prefix_Key
Lua script (based on https://github.com/fluent/fluent-bit/blob/master/scripts/append_tag.lua):
function append_es_index(tag, timestamp, record)
new_record = record
if (record["cluster_name"] ~= nil) then
es_index = record["cluster_name"]
else
es_index = "k8s"
end
if (record["kubernetes"] ~= nil) then
kube = record["kubernetes"]
if (kube["namespace_name"] ~= nil and string.len(kube["namespace_name"]) > 0) then
es_index = es_index .. "." .. kube["namespace_name"]
end
if (kube["labels"] ~= nil) then
labels = kube["labels"]
if (labels["app"] ~= nil and string.len(labels["app"]) > 0) then
es_index = es_index .. "." .. labels["app"]
elseif (labels["k8s-app"] ~= nil and string.len(labels["k8s-app"]) > 0) then
es_index = es_index .. "." .. labels["k8s-app"]
elseif (labels["name"] ~= nil and string.len(labels["name"]) > 0) then
es_index = es_index .. "." .. labels["name"]
end
end
end
new_record["es_index"] = es_index
return 1, timestamp, new_record
end
Fluentbit filters config:
[FILTER]
Name kubernetes
...
[FILTER]
Name record_modifier
Match *
Record cluster_name my-test-cluster
[FILTER]
Name lua
Match *
script /fluent-bit/scripts/append_es_index.lua
call append_es_index
Another way to achieve similar result is to create a label or an annotation for your Pods
for example
[OUTPUT]
Name es
Logstash_Prefix_Key kubernetes['labels']['log-key']
...
deployment yml based on docs
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
log-key: infra-nginx # log-key label will be used in Logstash_Prefix_Key
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
this way you will be able to combine multiple "dynamic" data for example also the namespace
Related
I'm creating a playbook for an ACL update, where the existing ACL needs to be updated, but before adding the new set of IP addresses to that ACL, I need to make sure that the ACL is present and that the IP hasn't already been configured.
Process:
Need to add the below IP addresses
ACL NAME: 11, 13, DATA_TEST, dummy
Check if the list of ACL are present
commands: "show access-lists {{item}}"
Check if ACL Exist
Q: Can't figure out how to access each item in the result of the first action to see if ACL has been configured. Ex. We can see from the output that dummy has no output, how can I exclude that and process if exist. (refer code below)
Check if IP addresses already added
Q: What is the best approach here? I'm thinking using when then comparing the ACL output from stdout vs the given variables content (ex. parents/lines)?
Add the set of IP addresses on target ACL
Q: What is the best approach here? Need to match the ACL name and configure using the variable.
If somebody is knowledgeable about Ansible, perhaps you could assist me in creating this project? I'm still doing some research, so any assistance you can give would be greatly appreciated. Thanks
My Code:
---
- name: Switch SVU
hosts: Switches
gather_facts: False
vars:
my_acl_list:
- 11
- 13
- DATA_TEST
- dummy
fail: "No such access-list {{item}}"
UP_ACL11:
parents:
- access-list 11 permit 192.168.1.4
- access-list 11 permit 192.168.1.5
UP_ACL13:
parents: access-list 13 permit 10.22.1.64 0.0.0.63
UP_ACLDATA:
lines:
- permit 172.11.1.64 0.0.0.63
- permit 172.12.2.64 0.0.0.63
parents: ip access-list standard DATA_TEST
tasks:
- name: Check if the ACL Name already exists.
ios_command:
commands: "show access-lists {{item}}"
register: acl_result
loop: "{{my_acl_list}}"
- debug: msg="{{acl_result}}"
- name: Check if ACL Exist
debug:
msg: "{{item.stdout}}"
when: item.stdout.exists
with_items: "{{acl_result.results}}"
loop_control:
label: "{{item.item}}"
# Pending - Need to know how to match if ACL name exist on stdout.
- name: Check if IP addresses already added
set_fact:
when:
# pending - ansible lookup?
# when var: UP_ACL11, UP_ACL13, UP_ACLDATA IPs are not in ACL then TRUE
- name: Add the set of IP addresses on target ACL
ios_config:
# pending - if doest exist on particular ACL name then configure using the var: UP_ACL11, UP_ACL13, UP_ACLDATA
Given the simplified data for testing
acl_result:
results:
- item: DATA_TEST
stdout:
- "Standard ... 10 permit ... 20 permit ..."
stdout_lines:
- - "Standard ..."
- "10 permit ..."
- "20 permit ..."
- item: dummy
stdout:
- ""
stdout_lines:
- - ""
Q: "Check if ACL Exists"
A: If ACL doesn't exist the attribute stdout is a list of empty strings. Test it
- name: Check if ACL Exists
debug:
msg: "{{ item.item }} exists: {{ item.stdout|map('length')|select()|length > 0 }}"
loop: "{{ acl_result.results }}"
loop_control:
label: "{{item.item}}"
gives
TASK [Check if ACL Exists] ********************************************
ok: [localhost] => (item=DATA_TEST) =>
msg: 'DATA_TEST exists: True'
ok: [localhost] => (item=dummy) =>
msg: 'dummy exists: False'
Notes:
In the filter select, "If no test is specified, each object will be evaluated as a boolean". The number 0 evaluates to false.
Example of a complete playbook for testing
- hosts: localhost
vars:
acl_result:
results:
- item: DATA_TEST
stdout:
- "Standard ... 10 permit ... 20 permit ..."
stdout_lines:
- - "Standard ..."
- "10 permit ..."
- "20 permit ..."
- item: dummy
stdout:
- ""
stdout_lines:
- - ""
tasks:
- name: Check if ACL Exists
debug:
msg: "{{ item.item }} exists: {{ item.stdout|map('length')|select()|length > 0 }}"
loop: "{{ acl_result.results }}"
loop_control:
label: "{{item.item}}"
The test can be simplified if you're sure stdout is a list with a single line only
msg: "{{ item.item }} exists: {{ item.stdout|first|length > 0 }}"
I have a query with hardcoded dates used in the parameters section.Instead I want to pass them as environment variables.Any suggestions on how to parameterize the QueryString parameter?
service: service-name
frameworkVersion: '2'
provider:
name: aws
runtime: go1.x
lambdaHashingVersion: 20201221
stage: ${opt:stage, self:custom.defaultStage}
region: us-east-1
tags: ${self:custom.tagsObject}
logRetentionInDays: 1
timeout: 10
deploymentBucket: lambda-repository
memorySize: 128
tracing:
lambda: true
plugins:
- serverless-step-functions
configValidationMode: error
stepFunctions:
stateMachines:
callAthena:
name: datasorting-dev
type: STANDARD
role: ${self:custom.datasorting.${self:provider.stage}.iam}
definition:
Comment: "Data Refersh"
StartAt: Refresh Data
States:
Refresh Data:
Type: Task
Resource: arn:aws:states:::athena:startQueryExecution.sync
Parameters:
QueryString: >-
ALTER TABLE table.raw_data ADD IF NOT EXISTS
PARTITION (YEAR=2021, MONTH=02, DAY=15, hour=00)
WorkGroup: primary
ResultConfiguration:
OutputLocation: s3://output/location
End: true
you can replace any value in your serverless.yml enclosed in ${} brackets,
Serverless Framework Guide to Variables:
https://www.serverless.com/framework/docs/providers/aws/guide/variables/
for example, you can create a custom: section looking for environment variables, and if they are not present, you can have default values:
service: service-name
frameworkVersion: '2'
custom:
year: ${env:YEAR, 'default-year'}
month: ${env:MONTH, 'default-month'}
day: ${env:DAY, 'default-day'}
hour: ${env:HOUR, 'default-hour'}
stepFunctions:
stateMachines:
callAthena:
...
Parameters:
QueryString: >-
ALTER TABLE table.raw_data ADD IF NOT EXISTS
PARTITION (YEAR=${self:custom.year}, MONTH=${self:custom.month}, DAY=${self:custom.day}, hour=${self:custom.hour})
...
I have setup a Keycloak Cluster in GKE with NGINX as Ingress Controller. I have use the Codecentrics Helm Chart: [https://github.com/codecentric/helm-charts/tree/master/charts/keycloak][Keycloak Helm Chart]
I am using JDBC_PING for JGroups and have the following cli script and Ingress config. I have replicas set to 2. When I kill a pod the session is still usable and everything is working fine, I can navigate in the keycloak admin interface and do everything. But when I hit F5 to reload the page I receive an 502 Bad Gateway error. Sometimes it does recover and I can just reload and everything is just fine, but sometimes I have to delete the cookies completely to make it work again.
I am not sure where the issue is coming from.
Cookies in Browser:
MySQL Table JGROUPSPING:
Ingress Annotations:
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/limit-rate: "150"
nginx.ingress.kubernetes.io/limit-rps: "150"
nginx.ingress.kubernetes.io/session-cookie-change-on-failure: "true"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "route"
nginx.ingress.kubernetes.io/session-cookie-expires: "21600"
nginx.ingress.kubernetes.io/session-cookie-max-age: "21600"
nginx.ingress.kubernetes.io/server-snippet: |
location /auth/realms/master/metrics {
return 403;
}
extra envs:
# Additional environment variables for Keycloak
extraEnv: |
- name: KEYCLOAK_STATISTICS
value: all
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_USER
value: '{{ .Values.ADMIN_USER }}'
- name: KEYCLOAK_PASSWORD
value: '{{ .Values.ADMIN_PASS }}'
- name: JAVA_OPTS
value: >-
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=50.0
-Djava.net.preferIPv4Stack=true
-Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
-Djava.awt.headless=true
- name: JGROUPS_DISCOVERY_PROTOCOL
value: JDBC_PING
- name: CACHE_OWNERS_COUNT
value: "2"
- name: CACHE_OWNERS_AUTH_SESSIONS_COUNT
value: "2"
- name: DB_VENDOR
value: mysql
- name: DB_ADDR
value: "127.0.0.1"
- name: DB_PORT
value: "3306"
- name: DB_DATABASE
value: keycloak_prod
- name: DB_USER
value: '{{ .Values.SQL_USER }}'
- name: DB_PASSWORD
value: '{{ .Values.SQL_PASS }}'
Keycloak CLI script:
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo Configuring node identifier
## Sets the node identifier to the node name (= pod name). Node identifiers have to be unique. They can have a
## maximum length of 23 characters. Thus, the chart's fullname template truncates its length accordingly.
/subsystem=transactions:write-attribute(name=node-identifier, value=${jboss.node.name})
echo NodeName: ${jboss.node.name}
echo Finished configuring node identifier
echo CUSTOM_CONFIG: executing CONFIG FOR K8S Failover Support
echo "------------------------------------------------------------------------------------------------------------"
echo "---------------------------------CUSTOM STARTUP CONFIG------------------------------------------------------"
echo "------------------------------------------------------------------------------------------------------------"
## JDBC PING
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS_COUNT:2})
/subsystem=jgroups/stack=tcp:remove()
/subsystem=jgroups/stack=tcp:add()
/subsystem=jgroups/stack=tcp/transport=TCP:add(socket-binding="jgroups-tcp")
/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:add()
/subsystem=jgroups/stack=tcp/protocol=JDBC_PING/property=datasource_jndi_name:add(value=java:jboss/datasources/KeycloakDS)
/subsystem=jgroups/stack=tcp/protocol=JDBC_PING/property=initialize_sql:add(value="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, ping_data varbinary(5000) DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name)) ENGINE=InnoDB DEFAULT CHARSET=utf8")
/subsystem=jgroups/stack=tcp/protocol=MERGE3:add()
/subsystem=jgroups/stack=tcp/protocol=FD_SOCK:add(socket-binding="jgroups-tcp-fd")
/subsystem=jgroups/stack=tcp/protocol=FD:add()
/subsystem=jgroups/stack=tcp/protocol=VERIFY_SUSPECT:add()
/subsystem=jgroups/stack=tcp/protocol=pbcast.NAKACK2:add()
/subsystem=jgroups/stack=tcp/protocol=UNICAST3:add()
/subsystem=jgroups/stack=tcp/protocol=pbcast.STABLE:add()
/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS:add()
/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS/property=max_join_attempts:add(value=5)
/subsystem=jgroups/stack=tcp/protocol=MFC:add()
/subsystem=jgroups/stack=tcp/protocol=FRAG3:add()
/subsystem=jgroups/stack=udp:remove()
/subsystem=jgroups/channel=ee:write-attribute(name=stack, value=tcp)
/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:remove()
## Cache Setup for Failover
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:remove()
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:remove()
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:remove()
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:remove()
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:remove()
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:remove()
/subsystem=infinispan/cache-container=keycloak/replicated-cache=sessions:add()
/subsystem=infinispan/cache-container=keycloak/replicated-cache=authenticationSessions:add()
/subsystem=infinispan/cache-container=keycloak/replicated-cache=offlineSessions:add()
/subsystem=infinispan/cache-container=keycloak/replicated-cache=clientSessions:add()
/subsystem=infinispan/cache-container=keycloak/replicated-cache=offlineClientSessions:add()
/subsystem=infinispan/cache-container=keycloak/replicated-cache=loginFailures:add()
echo "------------------------------------------------------------------------------------------------------------"
echo "---------------------------------CUSTOM STARTUP CONFIG DONE!------------------------------------------------"
echo "------------------------------------------------------------------------------------------------------------"
run-batch
try
:resolve-expression(expression=${env.JGROUPS_DISCOVERY_EXTERNAL_IP})
/subsystem=jgroups/stack=tcp/transport=TCP/property=external_addr/:add(value=${env.JGROUPS_DISCOVERY_EXTERNAL_IP})
catch
echo "JGROUPS_DISCOVERY_EXTERNAL_IP maybe not set."
end-try
stop-embedded-server
Log of the restarted Pod:
log-restarted-pod.txt
Log of the still running pod:
log-still-running-pod.txt
I managed to figure out this issue, we need to add below annotation to our ingress.yaml file.
nginx.ingress.kubernetes.io/proxy-buffer-size: "12k"
I am trying to write a HOT template for Openstack volume, and need to have the volume_type as a parameter. I also need to support a case when the parameter is not given, and default to the Cinder default volume type.
First attempt was to pass null to the volume_type , hoping it would give the default volume type. However no matter what I pass (null, ~, default, "" ) , seems there is no way to get the default volume type.
type: OS::Cinder::Volume
properties:
name: test
size: 1
volume_type: { if: ["voltype_given" , {get_param:[typename]} , null] }
Is there any way to get the default volume type , when you have the "volume_type" property defined?
Alternatively, is there any way to have the "volume_type" property itself behind a conditional? I tried several ways, but no luck. Something like:
type: OS::Cinder::Volume
properties:
if: ["voltype_given" , [ volume_type: {get_param:[typename]} ] , ""]
name: test
size: 1
ERROR: TypeError: : resources.kk-test-vol: : 'If' object is not iterable
Could you do something like this?
---
parameters:
typename:
type: string
conditions:
use_default_type: {equals: [{get_param: typename}, '']}
resources:
MyVolumeWithDefault:
condition: use_default_type
type: OS::Cinder::Volume
properties:
name: test
size: 1
MyVolumeWithExplicit:
condition: {not: use_default_type}
type: OS::Cinder::Volume
properties:
name: test
size: 1
volume_type: {get_param: typename}
# e.g. if you need to refer to the volume from another resource
MyVolumeAttachment:
type: OS::Cinder::VolumeAttachment
properties:
instance_uid: some-instance-uuid
volume_id:
if:
- use_default_type
- get_resource: MyVolumeWithDefault
- get_resource: MyVolumeWithExplicit
I am using gcloud-python library for querying data from the cloud datastore. Consider my snippet to be like this
from google.appengine.ext import ndb
from datetime import datetime
class Order(ndb.Model):
order_name = ndb.StringProperty(required=True)
date_created = ndb.DateTimeProperty(default= datetime.now())
#code for querying the cloud datastore
from gcloud.datastore.query import Query
date_start = datetime.combine(date(year=2015, month=08, day=01), time())
date_end = datetime.combine(date(year=2015, month=08, day=03), time())
query = Query(kind='Order')
query.add_filter('order_name', '=', 'grand-line-order')
query.add_filter('date_created', '<', date_end)
query.add_filter('date_created', '>', date_start)
iterator = query.fetch(limit=10)
records, more, cursor = iterator.next_page()
print records
For the above snippet i am getting
File "/Users/sathyanarrayanan/Desktop/app/services/cdr_helper.py", line 528, in fetch_cdr
records, more, cursor = iterator.next_page()
File "/Users/sathyanarrayanan/Desktop/app/gcloud/datastore/query.py", line 388, in next_page
transaction_id=transaction and transaction.id,
File "/Users/sathyanarrayanan/Desktop/app/gcloud/datastore/connection.py", line 257, in run_query
datastore_pb.RunQueryResponse)
File "/Users/sathyanarrayanan/Desktop/app/gcloud/datastore/connection.py", line 108, in _rpc
data=request_pb.SerializeToString())
File "/Users/sathyanarrayanan/Desktop/app/gcloud/datastore/connection.py", line 85, in _request
raise make_exception(headers, content, use_json=False)
PreconditionFailed: 412 no matching index found.
My Index.yaml file is like this.
indexes:
- kind: Order
ancestor: yes
properties:
- name: date_created
- kind: Order
ancestor: yes
properties:
- name: date_created
direction: desc
- kind: Order
ancestor: yes
properties:
- name: order_name
direction: asc
- name: date_created
direction: desc
- kind: Order
ancestor: yes
properties:
- name: order_name
direction: asc
- name: date_created
direction: asc
Am I doing something wrong? Please help me out.
All of your indexes using ancestor:yes so ancestor key should be added in your query. without ancestor your index configuration require another index with 'ancestor:no'
- kind: Order
ancestor: no
properties:
- name: order_name
direction: asc
- name: date_created
direction: desc
Note: specific indexes for each query
The index configuration docs indicate that the index configuration should be in an XML file called datastore-indexes.xml.