K8SPSMDB-297 support persistent logs (#1936)

Author: gkech

build/Dockerfile

@@ -53,5 +53,6 @@ COPY build/init-entrypoint.sh /init-entrypoint.sh
 COPY build/ps-entry.sh /ps-entry.sh
 COPY build/physical-restore-ps-entry.sh /physical-restore-ps-entry.sh
 COPY build/pbm-entry.sh /pbm-entry.sh
+COPY build/logcollector /logcollector
 
 USER 2

build/init-entrypoint.sh

@@ -6,4 +6,7 @@ set -o xtrace
 install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /ps-entry.sh /opt/percona/ps-entry.sh
 install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /physical-restore-ps-entry.sh /opt/percona/physical-restore-ps-entry.sh
 install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /mongodb-healthcheck /opt/percona/mongodb-healthcheck
-install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /pbm-entry.sh /opt/percona/pbm-entry.sh
+install -o "$(id -u)" -g "$(id -g)" -m 0755 -D /pbm-entry.sh /opt/percona/pbm-entry.sh
+cp -a /logcollector /opt/percona/
+chown -R "$(id -u)":"$(id -g)" /opt/percona/logcollector
+chmod -R 0755 /opt/percona/logcollector

build/logcollector/entrypoint.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+set -o xtrace
+
+export PATH="$PATH":/opt/fluent-bit/bin
+
+if [ "$1" = 'logrotate' ]; then
+	if [[ $EUID != 1001 ]]; then
+		# logrotate requires UID in /etc/passwd
+		sed -e "s^x:1001:^x:$EUID:^" /etc/passwd >/tmp/passwd
+		cat /tmp/passwd >/etc/passwd
+		rm -rf /tmp/passwd
+	fi
+	exec go-cron "0 0 * * *" sh -c "logrotate -s /data/db/logs/logrotate.status /opt/percona/logcollector/logrotate/logrotate.conf;"
+else
+	if [ "$1" = 'fluent-bit' ]; then
+		fluentbit_opt+='-c /opt/percona/logcollector/fluentbit/fluentbit.conf'
+	fi
+
+	exec "$@" $fluentbit_opt
+fi

build/logcollector/fluentbit/custom/default.conf

@@ -0,0 +1,2 @@
+@INCLUDE fluentbit_*.conf
+@INCLUDE custom/*.conf

build/logcollector/fluentbit/fluentbit.conf

@@ -0,0 +1,25 @@
+[SERVICE]
+    Flush        1
+    Log_Level    error
+    Daemon       off
+
+[INPUT]
+    Name             tail
+    Path             ${LOG_DATA_DIR}/mongod.log
+    Tag              ${POD_NAMESPACE}.${POD_NAME}.mongod.log
+    Refresh_Interval 5
+    DB               /tmp/flb_kube.db
+    read_from_head   true
+    Path_Key         file
+
+[OUTPUT]
+    Name             stdout
+    Match            *
+    Format           json_lines
+    json_date_key    false
+
+[OUTPUT]
+    Name file
+    Match ${POD_NAMESPACE}.${POD_NAME}.mongod.log
+    File mongod.full.log
+    Path ${LOG_DATA_DIR}/

build/logcollector/fluentbit/fluentbit_mongo.conf

@@ -0,0 +1,17 @@
+[MULTILINE_PARSER]
+    name          multiline-regex-test
+    type          regex
+    flush_timeout 1000
+    #
+    # Regex rules for multiline parsing
+    # ---------------------------------
+    #
+    # configuration hints:
+    #
+    #  - first state always has the name: start_state
+    #  - every field in the rule must be inside double quotes
+    #
+    # rules |   state name  | regex pattern                  | next state
+    # ------|---------------|--------------------------------------------
+    rule      "start_state"   "/\d{2,4}\-\d{2,4}\-\d{2,4}T\d{2,4}\:\d{2,4}\:\d{2,4}\.\d{1,6}Z(.*)|\d{2,6} \d{2,4}\:\d{2,4}\:\d{2,4}(.*)/" "cont"
+    rule      "cont"          "/^\D/"                                                     "cont"

build/logcollector/fluentbit/parsers_multiline.conf

@@ -0,0 +1,16 @@
+/data/db/logs/*.log {
+   daily
+   minsize 10M
+   maxsize 100M
+   rotate 10
+   missingok
+   nocompress
+   notifempty
+   sharedscripts
+   postrotate
+       mongosh "mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${MONGODB_HOST}:${MONGODB_PORT}/admin" \
+               --eval 'db.adminCommand({ logRotate: 1 })'
+       find /data/db/logs/ -type f -name 'mongod.log.*' -mtime +7 -delete
+       find /data/db/logs/ -type f -name 'mongod.full.log' -mtime +7 -delete
+   endscript
+}

build/logcollector/logrotate/logrotate.conf

@@ -480,6 +480,16 @@ if [[ $originalArgOne == mongo* ]]; then
 		_mongod_hack_rename_arg_save_val --sslDisabledProtocols --tlsDisabledProtocols "${mongodHackedArgs[@]}"
 	fi
 
+	if [[ $originalArgOne == "mongod" && ${LOGCOLLECTOR_ENABLED:-} == "true" ]]; then
+		mkdir -p /data/db/logs/
+		_mongod_hack_ensure_arg_val --logpath "/data/db/logs/mongod.log" "${mongodHackedArgs[@]}"
+		# https://www.mongodb.com/docs/manual/reference/program/mongod/#std-option-mongod.--logRotate
+		# the operator is using logrotate as part of the logcollector feature.
+		# using the rename option because logrotate performs db.adminCommand({ logRotate: 1 })
+		_mongod_hack_ensure_arg_val --logRotate rename "${mongodHackedArgs[@]}"
+		_mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}"
+	fi
+
 	set -- "${mongodHackedArgs[@]}"
 
 	# MongoDB 3.6+ defaults to localhost-only binding

build/ps-entry.sh

@@ -534,6 +534,122 @@ spec:
                 type: object
               initImage:
                 type: string
+              logcollector:
+                properties:
+                  configuration:
+                    type: string
+                  containerSecurityContext:
+                    properties:
+                      allowPrivilegeEscalation:
+                        type: boolean
+                      appArmorProfile:
+                        properties:
+                          localhostProfile:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      capabilities:
+                        properties:
+                          add:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          drop:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        type: object
+                      privileged:
+                        type: boolean
+                      procMount:
+                        type: string
+                      readOnlyRootFilesystem:
+                        type: boolean
+                      runAsGroup:
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        type: boolean
+                      runAsUser:
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        properties:
+                          level:
+                            type: string
+                          role:
+                            type: string
+                          type:
+                            type: string
+                          user:
+                            type: string
+                        type: object
+                      seccompProfile:
+                        properties:
+                          localhostProfile:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        properties:
+                          gmsaCredentialSpec:
+                            type: string
+                          gmsaCredentialSpecName:
+                            type: string
+                          hostProcess:
+                            type: boolean
+                          runAsUserName:
+                            type: string
+                        type: object
+                    type: object
+                  enabled:
+                    type: boolean
+                  image:
+                    type: string
+                  imagePullPolicy:
+                    type: string
+                  resources:
+                    properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            request:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                    type: object
+                type: object
               multiCluster:
                 properties:
                   DNSSuffix: