Merge pull request #13979 from mburke5678/logging-naming-changes

Changes per Rich in PR

Author: mburke5678

modules/efk-logging-configuring-image-about.adoc

@@ -7,7 +7,7 @@
 
 There are several components in cluster logging, each one implemented with one 
 or more images.  Each image is specified by an environment variable 
-defined in the cluster-logging-operator deployment and should not be changed.  
+defined in the *cluster-logging-operator* deployment in the *openshift-logging* project and should not be changed. 
 
 You can view the images by running the following command:
 

modules/efk-logging-curator-configuration.adoc

@@ -5,7 +5,7 @@
 [id='configuration-cronjob-{context}']
 = Modifying the Curator configuration
 
-You can configure your ops and non-ops Curator instances using the `logging-curator` configuration map
+You can configure your ops and non-ops Curator instances using the Cluster Logging Custom Resource
 created by the Cluster Logging Operator installation.
 
 You can edit or replace this ConfigMap to reconfigure Curator.

modules/efk-logging-curator-delete-index.adoc

@@ -22,7 +22,7 @@ To delete indices:
 . Edit the {product-title} custom Curator configuration file:
 +
 ----
-$ oc edit configmap/logging-curator
+$ oc edit configmap/curator
 ----
 
 . Set the following parameters as needed:

modules/efk-logging-curator-log-level.adoc

@@ -11,16 +11,16 @@ After deploying the logging infrastructure pods (Elasticsearch, Kibana, and
 Curator), node labeling should be done in steps of 20 nodes at a time. For
 example:
 
-Using a simple loop:
+Using a simple loop: 
 
 ----
-$ while read node; do oc label nodes $node logging-infra-fluentd=true; done < 20_fluentd.lst
+$ while read node; do oc label nodes $node elasticsearch-infra-fluentd=true; done < 20_fluentd.lst
 ----
 
 The following also works:
 
 ----
-$ oc label nodes 10.10.0.{100..119} logging-infra-fluentd=true
+$ oc label nodes 10.10.0.{100..119} elasticsearch-infra-fluentd=true
 ----
 
 Labeling nodes in groups paces the DaemonSets used by OpenShift logging, helping to avoid contention on shared resources such as the image registry.

modules/efk-logging-deploy-label.adoc

@@ -7,13 +7,13 @@
 
 An administrator certificate, key, and CA that can be used to communicate with and perform
 administrative operations on Elasticsearch are provided within the
-*logging-elasticsearch* secret.
+*elasticsearch* secret in the `openshift-logging` project. 
 
 [NOTE]
 ====
 To confirm whether or not your cluster logging installation provides these, run:
 ----
-$ oc describe secret logging-elasticsearch
+$ oc describe secret elasticsearch -n openshift-logging
 ----
 ====
 
@@ -23,8 +23,8 @@ attempting to perform maintenance.
 . To find a pod in a cluster use either:
 +
 ----
-$ oc get pods -l component=es -o name | head -1
-$ oc get pods -l component=es-ops -o name | head -1
+$ oc get pods -l component=elasticsearch -o name | head -1
+$ oc get pods -l component=elasticsearch-infra -o name | head -1
 ----
 
 . Connect to a pod:
@@ -40,13 +40,13 @@ link:https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices.html[In
 Fluentd sends its logs to Elasticsearch using the index format *project.{project_name}.{project_uuid}.YYYY.MM.DD*
 where YYYY.MM.DD is the date of the log record.
 +
-For example, to delete all logs for the *logging* project with uuid *3b3594fa-2ccd-11e6-acb7-0eb6b35eaee3*
+For example, to delete all logs for the *openshift-logging* project with uid *3b3594fa-2ccd-11e6-acb7-0eb6b35eaee3*
 from June 15, 2016, we can run:
 +
 ----
 $ curl --key /etc/elasticsearch/secret/admin-key \
   --cert /etc/elasticsearch/secret/admin-cert \
   --cacert /etc/elasticsearch/secret/admin-ca -XDELETE \
-  "https://localhost:9200/project.logging.3b3594fa-2ccd-11e6-acb7-0eb6b35eaee3.2016.06.15"
+  "https://localhost:9200/project.openshift-logging.664360-11e9-92d0-0eb4e1b4a396.2019.03.10"
 ----
 

modules/efk-logging-elasticsearch-admin.adoc

@@ -11,11 +11,11 @@ The following Template object creates the Service Account, ClusterRole, and Clus
 
 .Prerequisite
 
-You need proper premissions to make updates within the `openshift-*` namespace.
+You need proper permissions to make updates within the `openshift-*` namespace.
 
 .Procedure
 
-. Create a template for the Event Router:
+. Create a template for the Event Router: 
 +
 [source,yaml]
 ----
@@ -31,7 +31,7 @@ objects:
     apiVersion: v1
     metadata:
       name: cluster-logging-eventrouter
-      namespace: ${NAMESPACE}
+      namespace: cluster-logging
   - kind: ClusterRole <2>
     apiVersion: v1
     metadata:
@@ -130,4 +130,11 @@ parameters:
 +
 ----
 $ oc process -f <templatefile> | oc apply -f -
+
+serviceaccount/cluster-logging-eventrouter created
+clusterrole.authorization.openshift.io/event-reader created
+clusterrolebinding.authorization.openshift.io/event-reader-binding created
+configmap/cluster-logging-eventrouter created
+deployment.apps/cluster-logging-eventrouter created
+
 ----

modules/efk-logging-eventrouter-deploy.adoc

@@ -28,17 +28,42 @@ an instance of Fluentd that you control and that is configured with the
 
 To direct logs to a specific Elasticsearch instance: 
 
-. Edit the deployment configuration and replace the value of the above variables with the desired
-instance:
+. Edit the `fluentd` DaemonSet in the *openshift-logging* project:
 +
 ----
-$ oc edit dc/<deployment_configuration>
+$ oc edit ds/fluentd
+
+spec:
+  template:
+    spec:
+      containers:
+          env:
+          - name: ES_HOST
+            value: elasticsearch
+          - name: ES_PORT
+            value: '9200'
+          - name: ES_CLIENT_CERT
+            value: /etc/fluent/keys/app-cert
+          - name: ES_CLIENT_KEY
+            value: /etc/fluent/keys/app-key
+          - name: ES_CA
+            value: /etc/fluent/keys/app-ca
+          - name: OPS_HOST
+            value: elasticsearch
+          - name: OPS_PORT
+            value: '9200'
+          - name: OPS_CLIENT_CERT
+            value: /etc/fluent/keys/infra-cert
+          - name: OPS_CLIENT_KEY
+            value: /etc/fluent/keys/infra-key
+          - name: OPS_CA
+            value: /etc/fluent/keys/infra-ca
 ----
 
 . Set `ES_HOST` and `OPS_HOST` to the same destination,
 while ensuring that `ES_PORT` and `OPS_PORT` also have the same value 
 for an external Elasticsearch instance to contain both application and
-operations logs.
+operations logs. 
 
 . Configure your externally hosted Elasticsearch instance for TLS:
 
@@ -47,11 +72,11 @@ operations logs.
 
 ** *If your externally hosted Elasticsearch instance uses TLS, but not mutual TLS*, 
 update the `_CLIENT_CERT` and `_CLIENT_KEY` variables to be empty. Then patch or 
-recreate the *logging-fluentd* secret with the appropriate `_CA` value for 
+recreate the *fluentd* secret with the appropriate `_CA` value for 
 communicating with your Elasticsearch instance.
 
 ** *If your externally hosted Elasticsearch instance uses Mutual TLS*, patch 
-or recreate the *logging-fluentd* secret with your client key, client cert, and CA.
+or recreate the *fluentd* secret with your client key, client cert, and CA.
 The provided Elasticsearch instance uses mutual TLS.
 
 [NOTE]

modules/efk-logging-external-elasticsearch.adoc

@@ -6,34 +6,39 @@
 = Configuring Fluentd to send logs to an external syslog server
 
 Use the `fluent-plugin-remote-syslog` plug-in on the host to send logs to an
-external syslog server.
+external syslog server. 
 
 .Prerequisite
 
 Set cluster logging to the unmanaged state.
 
 .Procedure
 
-. Set environment variables in the `logging-fluentd` deployment
-configurations:
+. Set environment variables in the `fluentd` daemonset in the `openshift-logging` project:
 +
 [source,yaml]
 ----
-- name: REMOTE_SYSLOG_HOST <1>
-  value: host1
-- name: REMOTE_SYSLOG_HOST_BACKUP
-  value: host2
-- name: REMOTE_SYSLOG_PORT_BACKUP
-  value: 5555
+spec:
+  template:
+    spec:
+      containers:
+        - name: fluentd
+          image: 'quay.io/openshift/origin-logging-fluentd:latest'
+          env:
+            - name: REMOTE_SYSLOG_HOST
+              value: host1
+            - name: REMOTE_SYSLOG_HOST_BACKUP
+              value: host2
+            - name: REMOTE_SYSLOG_PORT_BACKUP
+              value: 5555
 ----
 <1> The desired remote syslog host. Required for each host.
 +
 This will build two destinations. The syslog server on `host1` will be
 receiving messages on the default port of `514`, while `host2` will be receiving
 the same messages on port `5555`.
 
-. Alternatively, you can configure your own custom *_fluent.conf_* in the
-`logging-fluentd` ConfigMaps.
+. Alternatively, you can configure your own custom the `fluentd` daemonset in the `openshift-logging` project.
 +
 **Fluentd Environment Variables**
 +

modules/efk-logging-external-syslog.adoc

@@ -8,7 +8,7 @@
 You can configure Fluentd to send a copy of its logs to an external log
 aggregator, and not the default Elasticsearch, using the `secure-forward`
 plug-in. From there, you can further process log records after the locally
-hosted Fluentd has processed them.
+hosted Fluentd has processed them. 
 
 ifdef::openshift-origin[]
 The `secure-forward` plug-in is provided with the Fluentd image as of v1.4.0.
@@ -28,44 +28,35 @@ To send a copy of Fluentd logs to an external log aggregator:
 . Edit the Fluentd configuration map:
 +
 ----
-$ oc edit configmap/fluentd
-----
-+
-----
-https://docs.fluentd.org/v1.0/articles/in_forward
-<store>
-  @type forward
-  <security>
-    self_hostname ${hostname} # ${hostname} is a placeholder.
-    shared_key <shared_key_between_forwarder_and_forwardee>
-  </security>
-  transport tls
-  tls_verify_hostname true           # Set false to ignore server cert hostname.
-
-  tls_cert_path /path/for/certificate/ca_cert.pem
-  <buffer>
-    @type file
-    path '/var/lib/fluentd/forward'
-    queued_chunks_limit_size "#{ENV['BUFFER_QUEUE_LIMIT'] || '1024' }"
-    chunk_limit_size "#{ENV['BUFFER_SIZE_LIMIT'] || '1m' }"
-    flush_interval "#{ENV['FORWARD_FLUSH_INTERVAL'] || '5s'}"
-    flush_at_shutdown "#{ENV['FLUSH_AT_SHUTDOWN'] || 'false'}"
-    retry_max_interval "#{ENV['FORWARD_RETRY_WAIT'] || '300'}"
-    retry_forever true
-    # the systemd journald 0.0.8 input plugin will just throw away records if the buffer
-    # queue limit is hit - 'block' will halt further reads and keep retrying to flush the
-    # buffer to the remote - default is 'exception' because in_tail handles that case
-    overflow_action "#{ENV['BUFFER_QUEUE_FULL_ACTION'] || 'exception'}"
-  </buffer>
-  <server>
-    host server.fqdn.example.com  # or IP
-    port 24284
-  </server>
-  <server>
-    host 203.0.113.8 # ip address to connect
-    name server.fqdn.example.com # The name of the server. Used for logging and certificate verification in TLS transport (when host is address).
-  </server>
-</store>
+$ oc edit configmap/fluentd -n openshift-logging
+
+secure-forward.conf: |
+  # <store> 
+  # @type secure_forward
+
+  # self_hostname ${hostname}
+  # shared_key <SECRET_STRING>
+
+  # secure yes
+  # enable_strict_verification yes
+
+  # ca_cert_path /etc/fluent/keys/your_ca_cert
+  # ca_private_key_path /etc/fluent/keys/your_private_key
+    # for private CA secret key
+  # ca_private_key_passphrase passphrase
+
+  # <server>
+    # or IP
+  #   host server.fqdn.example.com
+  #   port 24284
+  # </server>
+  # <server>
+    # ip address to connect
+  #   host 203.0.113.8
+    # specify hostlabel for FQDN verification if ipaddress is used for host
+  #   hostlabel server.fqdn.example.com
+  # </server>
+  # </store>
 ----
 
 . Add certificates to be used in `secure-forward.conf` to the existing