Logging for Production Systems in The Container Era

Sadayuki Furuhashi
Sadayuki FuruhashiFounder & Architect at Treasure Data, Inc.
Logging for Production Systems in The Container Era Sadayuki Furuhashi
 Founder & Software Architect DOCKER MOUNTAIN VIEW
A little about me… Sadayuki Furuhashi github: @frsyuki A founder of Treasure Data, Inc. located in Silicon Valley. Fluentd - Unifid log collection infrastracture Embulk - Plugin-based ETL tool OSS projects I founded: An open-source hacker.
It's like JSON. but fast and small. A little about me…
The Container Era Server Era Container Era Service Architecture Monolithic Microservices System Image Mutable Immutable Managed By Ops Team DevOps Team Local Data Persistent Ephemeral Log Collection syslogd / rsync ? Metrics Collection Nagios / Zabbix ?
Server Era Container Era Service Architecture Monolithic Microservices System Image Mutable Immutable Managed By Ops Team DevOps Team Local Data Persistent Ephemeral Log Collection syslogd / rsync ? Metrics Collection Nagios / Zabbix ? The Container Era How should log & metrics collection be done in The Container Era?
Problems
The traditional logrotate + rsync on containers Log Server Application Container A File FileFile Hard to analyze!! Complex text parsers Application Container C File FileFile Application Container B File FileFile High latency!! Must wait for a day Ephemeral!! Could be lost at any time
Server 1 Container A Application Container B Application Server 2 Container C Application Container D Application Kafka elasticsearch HDFS Container Container Container Container Small & many containers make storages overloaded Too many connections from micro containers!
Server 1 Container A Application Container B Application Server 2 Container C Application Container D Application Kafka elasticsearch HDFS Container Container Container Container System images are immutable Too many connections from micro containers! Embedding destination IPs
 in ALL Docker images
 makes management hard
Combination explosion with microservices
 requires too many scripts for data integration LOG script to parse data cron job for loading filtering script syslog script Tweet- fetching script aggregation script aggregation script script to parse data rsync server
A solution: centralized log collection service LOG Log Service
The centralized log collection service LOG
The centralized log collection service LOG We Released!
 (Apache License)
What’s Fluentd? Simple core
 + Variety of plugins Buffering, HA (failover), Secondary output, etc. Like syslogd AN EXTENSIBLE & RELIABLE DATA COLLECTION TOOL
How to collect logs from
 Docker containers
Text logging with --log-driver=fluentd Server Container App FluentdSTDOUT / STDERR docker run --log-driver=fluentd 
 --log-opt fluentd-address=localhost:24224 { “container_id”: “ad6d5d32576a”, “container_name”: “myapp”, “source”: stdout }
Metrics collection with fluent-logger Server Container App Fluentd from fluent import sender from fluent import event sender.setup('app.events', host='localhost') event.Event('purchase', { 'user_id': 21, 'item_id': 321, 'value': '1' }) tag = app.events.purchase { “user_id”: 21, “item_id”: 321 “value”: 1, } fluent-logger library
Logging methods for each purpose • Collecting log messages > --log-driver=fluentd • Application metrics > fluent-logger • Access logs, logs from middleware > Shared data volume • System metrics (CPU usage, Disk capacity, etc.) > Fluentd’s input plugins
 (Fluentd pulls those data periodically)
Deployment Patterns
Server 1 Container A Application Container B Application Server 2 Container C Application Container D Application Kafka elasticsearch HDFS Container Container Container Container Primitive deployment… Too many connections from many containers! Embedding destination IPs
 in ALL Docker images
 makes management hard
Server 1 Container A Application Container B Application Fluentd Server 2 Container C Application Container D Application Fluentd Kafka elasticsearch HDFS Container Container Container Container destination is always localhost from app’s point of view Source aggregation decouples config from apps
Server 1 Container A Application Container B Application Fluentd Server 2 Container C Application Container D Application Fluentd active / standby / load balancing Destination aggregation makes storages scalable for high traffic Aggregation server(s)
Aggregation servers • Logging directly from microservices makes log storages overloaded. > Too many RX connections > Too frequent import API calls • Aggregation servers make the logging infrastracture more reliable and scalable. > Connection aggregation > Buffering for less frequent import API calls > Data persistency during downtime > Automatic retry at recovery from downtime
Fluentd Internal Architecture
Internal Architecture (simplified) Plugin Input Filter Buffer Output Plugin Plugin Plugin 2012-02-04 01:33:51 myapp.buylog{ “user”:”me”, “path”: “/buyItem”, “price”: 150, “referer”: “/landing” } Time Tag Record
Architecture: Input Plugins HTTP+JSON (in_http) File tail (in_tail) Syslog (in_syslog) … Receive logs Or pull logs from data sources In non-blocking manner Plugin Input
Filter Architecture: Filter Plugins Transform logs Filter out unnecessary logs Enrich logs Plugin Encrypt personal data Convert IP to countries Parse User-Agent …
Buffer Architecture: Buffer Plugins Plugin Improve performance Provide reliability Provide thread-safety Memory (buf_memory) File (buf_file)
Architecture: Output Plugins Output Write or send event logs Plugin File (out_file) Amazon S3 (out_s3) MongoDB (out_mongo) …
Buffer Architecture: Buffer Plugins Chunk Plugin Improve performance Provide reliability Provide thread-safety Input Output Chunk Chunk
Retry Error Retry Batch Stream Error Retry Retry Divide & Conquer for retry
Divide & Conquer for recovery Buffer (on-disk or in-memory) Error Overloaded!! recovery recovery + flow control queued chunks
Example Use Cases
Streaming from Apache/Nginx to Elasticsearch in_tail /var/log/access.log /var/log/fluentd/buffer but_file
Error Handling and Recovery in_tail /var/log/access.log /var/log/fluentd/buffer but_file Buffering for any outputs Retrying automatically With exponential wait and persistence on a disk and secondary output
Tailing & parsing files Supported built-in formats: Read a log file Custom regexp Custom parser in Ruby • apache • apache_error • apache2 • nginx • json • csv • tsv • ltsv • syslog • multiline • none pos fileevents.log ? (your app)
Out to Multiple Locations Routing based on tags Copy to multiple storages buffer access.log in_tail
Example configuration for real time batch combo
Data partitioning by time on HDFS / S3 access.log buffer Custom file formatter Slice files based on time 2016-01-01/01/access.log.gz 2016-01-01/02/access.log.gz 2016-01-01/03/access.log.gz … in_tail
3rd party input plugins dstat df AMQL munin jvmwatcher SQL
3rd party output plugins AMQL Graphite
Real World Use Cases
Microsoft Operations Management Suite uses Fluentd: "The core of the agent uses an existing open source data aggregator called Fluentd. Fluentd has hundreds of existing plugins, which will make it really easy for you to add new data sources." Syslog Linux Computer Operating System Apache MySQL Containers omsconfig (DSC) PS DSC Providers OMI Server (CIM Server) omsagent Firewall/proxy OMSService Upload Data (HTTPS) Pull configuration (HTTPS)
Atlassian "At Atlassian, we've been impressed by Fluentd and have chosen to use it in Atlassian Cloud's logging and analytics pipeline." Kinesis Elasticsearch cluster Ingestion service
Amazon web services The architecture of Fluentd (Sponsored by Treasure Data) is very similar to Apache Flume or Facebook’s Scribe. Fluentd is easier to install and maintain and has better documentation and support than Flume and Scribe. Types of DataStoreCollect Transactional • Database reads & write (OLTP) • Cache Search • Logs • Streams File • Log files (/val/log) • Log collectors & frameworks Stream • Log records • Sensors & IoT data Web Apps IoTApplicationsLogging Mobile Apps Database Search File Storage Stream Storage
Thank you!
1 of 46

Logging for Production Systems in The Container Era

Download to read offline
Software

Talk at Docker Meetup. Video: https://www.youtube.com/watch?v=4kVeHcq0nnY

Sadayuki Furuhashi
Sadayuki FuruhashiFounder & Architect at Treasure Data, Inc.

Recommended

Fluentd at Bay Area Kubernetes MeetupFluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes MeetupSadayuki Furuhashi
1.2K views31 slides
Presto - Hadoop Conference Japan 2014Presto - Hadoop Conference Japan 2014
Presto - Hadoop Conference Japan 2014Sadayuki Furuhashi
107.3K views61 slides
Automating Workflows for Analytics PipelinesAutomating Workflows for Analytics Pipelines
Automating Workflows for Analytics PipelinesSadayuki Furuhashi
1.9K views28 slides
Prestogres internalsPrestogres internals
Prestogres internalsSadayuki Furuhashi
9.1K views47 slides
Fighting Against Chaotically Separated Values with EmbulkFighting Against Chaotically Separated Values with Embulk
Fighting Against Chaotically Separated Values with EmbulkSadayuki Furuhashi
2.1K views45 slides
Presto anatomyPresto anatomy
Presto anatomyDongmin Yu
5K views50 slides

More Related Content

What's hot

What's hot(20)

Treasure Data and AWS - Developers.io 2015Treasure Data and AWS - Developers.io 2015
Treasure Data and AWS - Developers.io 2015
N Masahiro8K views
Embuk internalsEmbuk internals
Embuk internals
Sadayuki Furuhashi3.2K views
Data Analytics Service Company and Its Ruby UsageData Analytics Service Company and Its Ruby Usage
Data Analytics Service Company and Its Ruby Usage
SATOSHI TAGOMORI21K views
Digdagによる大規模データ処理の自動化とエラー処理Digdagによる大規模データ処理の自動化とエラー処理
Digdagによる大規模データ処理の自動化とエラー処理
Sadayuki Furuhashi23.7K views
Overview of data analytics service: Treasure Data ServiceOverview of data analytics service: Treasure Data Service
Overview of data analytics service: Treasure Data Service
SATOSHI TAGOMORI2.6K views
Understanding Presto - Presto meetup @ Tokyo #1Understanding Presto - Presto meetup @ Tokyo #1
Understanding Presto - Presto meetup @ Tokyo #1
Sadayuki Furuhashi14.1K views
Presto in Treasure Data (presented at db tech showcase Sapporo 2015)Presto in Treasure Data (presented at db tech showcase Sapporo 2015)
Presto in Treasure Data (presented at db tech showcase Sapporo 2015)
Mitsunori Komatsu2.5K views
User Defined Partitioning on PlazmaDBUser Defined Partitioning on PlazmaDB
User Defined Partitioning on PlazmaDB
Kai Sasaki1.4K views
Fluentd and Docker - running fluentd within a docker containerFluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.5.6K views
Making KVS 10x ScalableMaking KVS 10x Scalable
Making KVS 10x Scalable
Sadayuki Furuhashi3.4K views
20140120 presto meetup_en20140120 presto meetup_en
20140120 presto meetup_en
Ogibayashi2.3K views
[245] presto 내부구조 파헤치기[245] presto 내부구조 파헤치기
[245] presto 내부구조 파헤치기
NAVER D210.1K views
Presto in my_use_casePresto in my_use_case
Presto in my_use_case
wyukawa 6.2K views
How to Make Norikra PerfectHow to Make Norikra Perfect
How to Make Norikra Perfect
SATOSHI TAGOMORI4.7K views
Internals of Presto ServiceInternals of Presto Service
Internals of Presto Service
Treasure Data, Inc.11.6K views
Plazma - Treasure Data’s distributed analytical database -Plazma - Treasure Data’s distributed analytical database -
Plazma - Treasure Data’s distributed analytical database -
Treasure Data, Inc.12.6K views
DOD 2016 - Rafał Kuć - Building a Resilient Log Aggregation Pipeline Using El...DOD 2016 - Rafał Kuć - Building a Resilient Log Aggregation Pipeline Using El...
DOD 2016 - Rafał Kuć - Building a Resilient Log Aggregation Pipeline Using El...
PROIDEA243 views
Embulk - 進化するバルクデータローダEmbulk - 進化するバルクデータローダ
Embulk - 進化するバルクデータローダ
Sadayuki Furuhashi4.8K views
How to ensure Presto scalability 
in multi use case How to ensure Presto scalability 
in multi use case
How to ensure Presto scalability 
in multi use case
Kai Sasaki4.2K views
Fluentd - Flexible, Stable, ScalableFluentd - Flexible, Stable, Scalable
Fluentd - Flexible, Stable, Scalable
Shu Ting Tseng14.2K views

Viewers also liked

Viewers also liked(20)

DigdagはなぜYAMLなのか?DigdagはなぜYAMLなのか?
DigdagはなぜYAMLなのか?
Sadayuki Furuhashi5.5K views
分散ワークフローエンジン『Digdag』の実装 at Tokyo RubyKaigi #11分散ワークフローエンジン『Digdag』の実装 at Tokyo RubyKaigi #11
分散ワークフローエンジン『Digdag』の実装 at Tokyo RubyKaigi #11
Sadayuki Furuhashi71.1K views
Facebook Presto presentationFacebook Presto presentation
Facebook Presto presentation
Cyanny LIANG18.4K views
爆速クエリエンジン”Presto”を使いたくなる話爆速クエリエンジン”Presto”を使いたくなる話
爆速クエリエンジン”Presto”を使いたくなる話
Kentaro Yoshida27.5K views
Embulk, an open-source plugin-based parallel bulk data loaderEmbulk, an open-source plugin-based parallel bulk data loader
Embulk, an open-source plugin-based parallel bulk data loader
Sadayuki Furuhashi226K views
(BDT303) Running Spark and Presto on the Netflix Big Data Platform(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
Amazon Web Services38.4K views
Jenkins 2.0 Pipeline & Blue OceanJenkins 2.0 Pipeline & Blue Ocean
Jenkins 2.0 Pipeline & Blue Ocean
Akihiko Horiuchi11.5K views
Prestogres, ODBC & JDBC connectivity for PrestoPrestogres, ODBC & JDBC connectivity for Presto
Prestogres, ODBC & JDBC connectivity for Presto
Sadayuki Furuhashi6.3K views
Fluentd - Set Up Once, Collect MoreFluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect More
Sadayuki Furuhashi3.3K views
Logging service designLogging service design
Logging service design
Wittawas Wisarnkanchana797 views
Build, logging, and unit test toolsBuild, logging, and unit test tools
Build, logging, and unit test tools
Allan Huang1.1K views
Tajo_Meetup_20141120Tajo_Meetup_20141120
Tajo_Meetup_20141120
Hyoungjun Kim3K views
Running Ruby on Solaris (RubyKaigi 2015, 12/Dec/2015)Running Ruby on Solaris (RubyKaigi 2015, 12/Dec/2015)
Running Ruby on Solaris (RubyKaigi 2015, 12/Dec/2015)
ngotogenome11.9K views
The worst Ruby codes I’ve seen in my life - RubyKaigi 2015The worst Ruby codes I’ve seen in my life - RubyKaigi 2015
The worst Ruby codes I’ve seen in my life - RubyKaigi 2015
Fernando Hamasaki de Amorim16.3K views
RubyKaigi2015 making robots-with-mrubyRubyKaigi2015 making robots-with-mruby
RubyKaigi2015 making robots-with-mruby
yamanekko13K views
Fluentd - road to v1 -Fluentd - road to v1 -
Fluentd - road to v1 -
N Masahiro17.7K views
The OMR GC talk - Ruby Kaigi 2015The OMR GC talk - Ruby Kaigi 2015
The OMR GC talk - Ruby Kaigi 2015
craig lehmann13.4K views
오픈소스 프로젝트 따라잡기_공개오픈소스 프로젝트 따라잡기_공개
오픈소스 프로젝트 따라잡기_공개
Hyoungjun Kim3.1K views
Practical Testing of Ruby CorePractical Testing of Ruby Core
Practical Testing of Ruby Core
Hiroshi SHIBATA16.6K views
Experiments in Sharing Java VM Technology with CRubyExperiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRuby
Matthew Gaudet17.7K views

Similar to Logging for Production Systems in The Container Era

Fluentd at HKOSconFluentd at HKOScon
Fluentd at HKOSconN Masahiro
1.4K views45 slides
Fluentd - RubyKansai 65Fluentd - RubyKansai 65
Fluentd - RubyKansai 65N Masahiro
2.9K views52 slides

Similar to Logging for Production Systems in The Container Era(20)

Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and Then
SATOSHI TAGOMORI7.7K views
Logging & Metrics with DockerLogging & Metrics with Docker
Logging & Metrics with Docker
Stefan Zier2.3K views
Fluentd at HKOSconFluentd at HKOScon
Fluentd at HKOScon
N Masahiro1.4K views
Fluentd - RubyKansai 65Fluentd - RubyKansai 65
Fluentd - RubyKansai 65
N Masahiro2.9K views
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek157 views
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
PROIDEA73 views
Fluentd and Embulk Game Server 4Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4
N Masahiro7.9K views
Fluentd and Docker - running fluentd within a docker containerFluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.1.5K views
Fluentd Unified Logging Layer At FossasiaFluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At Fossasia
N Masahiro3.1K views
Building an Observability Platform in 389 Difficult StepsBuilding an Observability Platform in 389 Difficult Steps
Building an Observability Platform in 389 Difficult Steps
DigitalOcean29 views
Experiences building a distributed shared log on RADOS - Noah WatkinsExperiences building a distributed shared log on RADOS - Noah Watkins
Experiences building a distributed shared log on RADOS - Noah Watkins
Ceph Community 98 views
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Apex686 views
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath13.4K views
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
Vincent Mercier450 views
Hack Like It's 2013 (The Workshop)Hack Like It's 2013 (The Workshop)
Hack Like It's 2013 (The Workshop)
Itzik Kotler1.1K views
nuclio Overview October 2017nuclio Overview October 2017
nuclio Overview October 2017
iguazio3.4K views
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and... DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
PROIDEA181 views
The basics of fluentdThe basics of fluentd
The basics of fluentd
Treasure Data, Inc.29.1K views
iguazio - nuclio overview to CNCF (Sep 25th 2017)iguazio - nuclio overview to CNCF (Sep 25th 2017)
iguazio - nuclio overview to CNCF (Sep 25th 2017)
Eran Duchan351 views
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012
Joe Arnold4.2K views

More from Sadayuki Furuhashi

More from Sadayuki Furuhashi(14)

Scripting Embulk PluginsScripting Embulk Plugins
Scripting Embulk Plugins
Sadayuki Furuhashi2.6K views
Performance Optimization Techniques of MessagePack-Ruby - RubyKaigi 2019Performance Optimization Techniques of MessagePack-Ruby - RubyKaigi 2019
Performance Optimization Techniques of MessagePack-Ruby - RubyKaigi 2019
Sadayuki Furuhashi4.7K views
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGems
Sadayuki Furuhashi7.9K views
What's new in v11 - Fluentd Casual Talks #3 #fluentdcasualWhat's new in v11 - Fluentd Casual Talks #3 #fluentdcasual
What's new in v11 - Fluentd Casual Talks #3 #fluentdcasual
Sadayuki Furuhashi9.2K views
How we use Fluentd in Treasure DataHow we use Fluentd in Treasure Data
How we use Fluentd in Treasure Data
Sadayuki Furuhashi1.9K views
Fluentd meetup at SlideshareFluentd meetup at Slideshare
Fluentd meetup at Slideshare
Sadayuki Furuhashi2.6K views
How to collect Big Data into HadoopHow to collect Big Data into Hadoop
How to collect Big Data into Hadoop
Sadayuki Furuhashi7.8K views
Fluentd meetupFluentd meetup
Fluentd meetup
Sadayuki Furuhashi2.4K views
upload test 1upload test 1
upload test 1
Sadayuki Furuhashi1.5K views
Programming Tools and Techniques #369 - The MessagePack ProjectProgramming Tools and Techniques #369 - The MessagePack Project
Programming Tools and Techniques #369 - The MessagePack Project
Sadayuki Furuhashi2K views
Gumi study7 messagepackGumi study7 messagepack
Gumi study7 messagepack
Sadayuki Furuhashi1K views
gumiStudy#7 The MessagePack ProjectgumiStudy#7 The MessagePack Project
gumiStudy#7 The MessagePack Project
Sadayuki Furuhashi1K views
NoSQL afternoon in Japan kumofs & MessagePackNoSQL afternoon in Japan kumofs & MessagePack
NoSQL afternoon in Japan kumofs & MessagePack
Sadayuki Furuhashi12 views
NoSQL afternoon in Japan Kumofs & MessagePackNoSQL afternoon in Japan Kumofs & MessagePack
NoSQL afternoon in Japan Kumofs & MessagePack
Sadayuki Furuhashi2.4K views

Recently uploaded

ict act 1.pptxict act 1.pptx
ict act 1.pptxsanjaniarun08
9 views17 slides

Recently uploaded(20)

Upgrading Incident Management with Icinga - Icinga Camp Milan 2023Upgrading Incident Management with Icinga - Icinga Camp Milan 2023
Upgrading Incident Management with Icinga - Icinga Camp Milan 2023
Icinga29 views
DSD-INT 2023 Modelling litter in the Yarra and Maribyrnong Rivers (Australia)...DSD-INT 2023 Modelling litter in the Yarra and Maribyrnong Rivers (Australia)...
DSD-INT 2023 Modelling litter in the Yarra and Maribyrnong Rivers (Australia)...
Deltares6 views
ict act 1.pptxict act 1.pptx
ict act 1.pptx
sanjaniarun089 views
Applying Platform Engineering Thining to Observability.pdfApplying Platform Engineering Thining to Observability.pdf
Applying Platform Engineering Thining to Observability.pdf
Natan Yellin10 views
MariaDB stored procedures and why they should be improvedMariaDB stored procedures and why they should be improved
MariaDB stored procedures and why they should be improved
Federico Razzoli6 views
Why Cloud Services.pdfWhy Cloud Services.pdf
Why Cloud Services.pdf
Pi DATACENTERS6 views
Headless JS UG Presentation.pptxHeadless JS UG Presentation.pptx
Headless JS UG Presentation.pptx
Jack Spektor5 views
Neo4j y GenAI Neo4j y GenAI
Neo4j y GenAI
Neo4j10 views
LAVADORA ROLO.docxLAVADORA ROLO.docx
LAVADORA ROLO.docx
SamuelRamirez835247 views
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptx
Jack Spektor19 views
Roadmap y Novedades de productoRoadmap y Novedades de producto
Roadmap y Novedades de producto
Neo4j5 views
DSD-INT 2023 Next-Generation Flood Inundation Mapping for Taiwan - Delft3D FM...DSD-INT 2023 Next-Generation Flood Inundation Mapping for Taiwan - Delft3D FM...
DSD-INT 2023 Next-Generation Flood Inundation Mapping for Taiwan - Delft3D FM...
Deltares7 views
DSD-INT 2023 - Delft3D User Days - Welcome - Day 3 - AfternoonDSD-INT 2023 - Delft3D User Days - Welcome - Day 3 - Afternoon
DSD-INT 2023 - Delft3D User Days - Welcome - Day 3 - Afternoon
Deltares9 views
How to Make the Most of Regression and Unit Testing.pdfHow to Make the Most of Regression and Unit Testing.pdf
How to Make the Most of Regression and Unit Testing.pdf
Abhay Kumar7 views
Consulting for Data Monetization Maximizing the Profit Potential of Your Data...Consulting for Data Monetization Maximizing the Profit Potential of Your Data...
Consulting for Data Monetization Maximizing the Profit Potential of Your Data...
Flexsin 13 views
DSD-INT 2023 Baseline studies for Strategic Coastal protection for Long Islan...DSD-INT 2023 Baseline studies for Strategic Coastal protection for Long Islan...
DSD-INT 2023 Baseline studies for Strategic Coastal protection for Long Islan...
Deltares8 views
Key Takeaways for Java Developers from the State of the Software Supply Chain...Key Takeaways for Java Developers from the State of the Software Supply Chain...
Key Takeaways for Java Developers from the State of the Software Supply Chain...
Steve Poole5 views
DSD-INT 2023 Delft3D FM Suite 2024.01 2D3D - New features + Improvements - Ge...DSD-INT 2023 Delft3D FM Suite 2024.01 2D3D - New features + Improvements - Ge...
DSD-INT 2023 Delft3D FM Suite 2024.01 2D3D - New features + Improvements - Ge...
Deltares5 views
What Can Employee Monitoring Software Do?​What Can Employee Monitoring Software Do?​
What Can Employee Monitoring Software Do?​
wAnywhere16 views
Topic 1 What is Evolutionary Prototyping.pptxTopic 1 What is Evolutionary Prototyping.pptx
Topic 1 What is Evolutionary Prototyping.pptx
AHMADAIMAN777 views

Logging for Production Systems in The Container Era

  • 1. Logging for Production Systems in The Container Era Sadayuki Furuhashi
 Founder & Software Architect DOCKER MOUNTAIN VIEW
  • 2. A little about me… Sadayuki Furuhashi github: @frsyuki A founder of Treasure Data, Inc. located in Silicon Valley. Fluentd - Unifid log collection infrastracture Embulk - Plugin-based ETL tool OSS projects I founded: An open-source hacker.
  • 3. It's like JSON. but fast and small. A little about me…
  • 4. The Container Era Server Era Container Era Service Architecture Monolithic Microservices System Image Mutable Immutable Managed By Ops Team DevOps Team Local Data Persistent Ephemeral Log Collection syslogd / rsync ? Metrics Collection Nagios / Zabbix ?
  • 5. Server Era Container Era Service Architecture Monolithic Microservices System Image Mutable Immutable Managed By Ops Team DevOps Team Local Data Persistent Ephemeral Log Collection syslogd / rsync ? Metrics Collection Nagios / Zabbix ? The Container Era How should log & metrics collection be done in The Container Era?
  • 7. The traditional logrotate + rsync on containers Log Server Application Container A File FileFile Hard to analyze!! Complex text parsers Application Container C File FileFile Application Container B File FileFile High latency!! Must wait for a day Ephemeral!! Could be lost at any time
  • 8. Server 1 Container A Application Container B Application Server 2 Container C Application Container D Application Kafka elasticsearch HDFS Container Container Container Container Small & many containers make storages overloaded Too many connections from micro containers!
  • 9. Server 1 Container A Application Container B Application Server 2 Container C Application Container D Application Kafka elasticsearch HDFS Container Container Container Container System images are immutable Too many connections from micro containers! Embedding destination IPs
 in ALL Docker images
 makes management hard
  • 10. Combination explosion with microservices
 requires too many scripts for data integration LOG script to parse data cron job for loading filtering script syslog script Tweet- fetching script aggregation script aggregation script script to parse data rsync server
  • 11. A solution: centralized log collection service LOG Log Service
  • 12. The centralized log collection service LOG
  • 13. The centralized log collection service LOG We Released!
 (Apache License)
  • 14. What’s Fluentd? Simple core
 + Variety of plugins Buffering, HA (failover), Secondary output, etc. Like syslogd AN EXTENSIBLE & RELIABLE DATA COLLECTION TOOL
  • 15. How to collect logs from
 Docker containers
  • 16. Text logging with --log-driver=fluentd Server Container App FluentdSTDOUT / STDERR docker run --log-driver=fluentd 
 --log-opt fluentd-address=localhost:24224 { “container_id”: “ad6d5d32576a”, “container_name”: “myapp”, “source”: stdout }
  • 17. Metrics collection with fluent-logger Server Container App Fluentd from fluent import sender from fluent import event sender.setup('app.events', host='localhost') event.Event('purchase', { 'user_id': 21, 'item_id': 321, 'value': '1' }) tag = app.events.purchase { “user_id”: 21, “item_id”: 321 “value”: 1, } fluent-logger library
  • 18. Logging methods for each purpose • Collecting log messages > --log-driver=fluentd • Application metrics > fluent-logger • Access logs, logs from middleware > Shared data volume • System metrics (CPU usage, Disk capacity, etc.) > Fluentd’s input plugins
 (Fluentd pulls those data periodically)
  • 20. Server 1 Container A Application Container B Application Server 2 Container C Application Container D Application Kafka elasticsearch HDFS Container Container Container Container Primitive deployment… Too many connections from many containers! Embedding destination IPs
 in ALL Docker images
 makes management hard
  • 21. Server 1 Container A Application Container B Application Fluentd Server 2 Container C Application Container D Application Fluentd Kafka elasticsearch HDFS Container Container Container Container destination is always localhost from app’s point of view Source aggregation decouples config from apps
  • 22. Server 1 Container A Application Container B Application Fluentd Server 2 Container C Application Container D Application Fluentd active / standby / load balancing Destination aggregation makes storages scalable for high traffic Aggregation server(s)
  • 23. Aggregation servers • Logging directly from microservices makes log storages overloaded. > Too many RX connections > Too frequent import API calls • Aggregation servers make the logging infrastracture more reliable and scalable. > Connection aggregation > Buffering for less frequent import API calls > Data persistency during downtime > Automatic retry at recovery from downtime
  • 25. Internal Architecture (simplified) Plugin Input Filter Buffer Output Plugin Plugin Plugin 2012-02-04 01:33:51 myapp.buylog{ “user”:”me”, “path”: “/buyItem”, “price”: 150, “referer”: “/landing” } Time Tag Record
  • 26. Architecture: Input Plugins HTTP+JSON (in_http) File tail (in_tail) Syslog (in_syslog) … Receive logs Or pull logs from data sources In non-blocking manner Plugin Input
  • 27. Filter Architecture: Filter Plugins Transform logs Filter out unnecessary logs Enrich logs Plugin Encrypt personal data Convert IP to countries Parse User-Agent …
  • 28. Buffer Architecture: Buffer Plugins Plugin Improve performance Provide reliability Provide thread-safety Memory (buf_memory) File (buf_file)
  • 29. Architecture: Output Plugins Output Write or send event logs Plugin File (out_file) Amazon S3 (out_s3) MongoDB (out_mongo) …
  • 30. Buffer Architecture: Buffer Plugins Chunk Plugin Improve performance Provide reliability Provide thread-safety Input Output Chunk Chunk
  • 32. Divide & Conquer for recovery Buffer (on-disk or in-memory) Error Overloaded!! recovery recovery + flow control queued chunks
  • 34. Streaming from Apache/Nginx to Elasticsearch in_tail /var/log/access.log /var/log/fluentd/buffer but_file
  • 35. Error Handling and Recovery in_tail /var/log/access.log /var/log/fluentd/buffer but_file Buffering for any outputs Retrying automatically With exponential wait and persistence on a disk and secondary output
  • 36. Tailing & parsing files Supported built-in formats: Read a log file Custom regexp Custom parser in Ruby • apache • apache_error • apache2 • nginx • json • csv • tsv • ltsv • syslog • multiline • none pos fileevents.log ? (your app)
  • 37. Out to Multiple Locations Routing based on tags Copy to multiple storages buffer access.log in_tail
  • 38. Example configuration for real time batch combo
  • 39. Data partitioning by time on HDFS / S3 access.log buffer Custom file formatter Slice files based on time 2016-01-01/01/access.log.gz 2016-01-01/02/access.log.gz 2016-01-01/03/access.log.gz … in_tail
  • 40. 3rd party input plugins dstat df AMQL munin jvmwatcher SQL
  • 41. 3rd party output plugins AMQL Graphite
  • 42. Real World Use Cases
  • 43. Microsoft Operations Management Suite uses Fluentd: "The core of the agent uses an existing open source data aggregator called Fluentd. Fluentd has hundreds of existing plugins, which will make it really easy for you to add new data sources." Syslog Linux Computer Operating System Apache MySQL Containers omsconfig (DSC) PS DSC Providers OMI Server (CIM Server) omsagent Firewall/proxy OMSService Upload Data (HTTPS) Pull configuration (HTTPS)
  • 44. Atlassian "At Atlassian, we've been impressed by Fluentd and have chosen to use it in Atlassian Cloud's logging and analytics pipeline." Kinesis Elasticsearch cluster Ingestion service
  • 45. Amazon web services The architecture of Fluentd (Sponsored by Treasure Data) is very similar to Apache Flume or Facebook’s Scribe. Fluentd is easier to install and maintain and has better documentation and support than Flume and Scribe. Types of DataStoreCollect Transactional • Database reads & write (OLTP) • Cache Search • Logs • Streams File • Log files (/val/log) • Log collectors & frameworks Stream • Log records • Sensors & IoT data Web Apps IoTApplicationsLogging Mobile Apps Database Search File Storage Stream Storage