Configuring systemd-journald and Fluentd

Because Fluentd reads from the journal, and the journal default settings are very low, journal entries can be lost because the journal cannot keep up with the logging rate from system services.

We recommend setting RateLimitIntervalSec=30s and RateLimitBurst=10000 (or even higher if necessary) to prevent the journal from losing entries.

Configuring systemd-journald for OpenShift Logging

As you scale up your project, the default logging environment might need some adjustments.

For example, if you are missing logs, you might have to increase the rate limits for journald. You can adjust the number of messages to retain for a specified period of time to ensure that OpenShift Logging does not use excessive resources without dropping logs.

You can also determine if you want the logs compressed, how long to retain logs, how or if the logs are stored, and other settings.

Procedure

  1. Create a Butane config file, 40-worker-custom-journald.bu, that includes an /etc/systemd/journald.conf file with the required settings.

    See “Creating machine configs with Butane” for information about Butane.

    1. variant: openshift
    2. version: 4.9.0
    3. metadata:
    4.   name: 40-worker-custom-journald
    5.   labels:
    6.     machineconfiguration.openshift.io/role: "worker"
    7. storage:
    8.   files:
    9.   - path: /etc/systemd/journald.conf
    10.     mode: 0644 (1)
    11.     overwrite: true
    12.     contents:
    13.       inline: |
    14.         Compress=yes (2)
    15.         ForwardToConsole=no (3)
    16.         ForwardToSyslog=no
    17.         MaxRetentionSec=1month (4)
    18.         RateLimitBurst=10000 (5)
    19.         RateLimitIntervalSec=30s
    20.         Storage=persistent (6)
    21.         SyncIntervalSec=1s (7)
    22.         SystemMaxUse=8g (8)
    23.         SystemKeepFree=20% (9)
    24.         SystemMaxFileSize=10M (10)
    1Set the permissions for the journal.conf file. It is recommended to set 0644 permissions.
    2Specify whether you want logs compressed before they are written to the file system. Specify yes to compress the message or no to not compress. The default is yes.
    3Configure whether to forward log messages. Defaults to no for each. Specify:

    • ForwardToConsole to forward logs to the system console.

    • ForwardToKsmg to forward logs to the kernel log buffer.

    • ForwardToSyslog to forward to a syslog daemon.

    • ForwardToWall to forward messages as wall messages to all logged-in users.

    4Specify the maximum time to store journal entries. Enter a number to specify seconds. Or include a unit: “year”, “month”, “week”, “day”, “h” or “m”. Enter 0 to disable. The default is 1month.
    5Configure rate limiting. If more logs are received than what is specified in RateLimitBurst during the time interval defined by RateLimitIntervalSec, all further messages within the interval are dropped until the interval is over. It is recommended to set RateLimitIntervalSec=30s and RateLimitBurst=10000, which are the defaults.
    6Specify how logs are stored. The default is persistent:

    • volatile to store logs in memory in /var/log/journal/.

    • persistent to store logs to disk in /var/log/journal/. systemd creates the directory if it does not exist.

    • auto to store logs in /var/log/journal/ if the directory exists. If it does not exist, systemd temporarily stores logs in /run/systemd/journal.

    • none to not store logs. systemd drops all logs.

    7Specify the timeout before synchronizing journal files to disk for ERR, WARNING, NOTICE, INFO, and DEBUG logs. systemd immediately syncs after receiving a CRIT, ALERT, or EMERG log. The default is 1s.
    8Specify the maximum size the journal can use. The default is 8g.
    9Specify how much disk space systemd must leave free. The default is 20%.
    10Specify the maximum size for individual journal files stored persistently in /var/log/journal. The default is 10M.

    If you are removing the rate limit, you might see increased CPU utilization on the system logging daemons as it processes any messages that would have previously been throttled.

    For more information on systemd settings, see https://www.freedesktop.org/software/systemd/man/journald.conf.html. The default settings listed on that page might not apply to OKD.

  2. Use Butane to generate a MachineConfig object file, 40-worker-custom-journald.yaml, containing the configuration to be delivered to the nodes:

    1. $ butane 40-worker-custom-journald.bu -o 40-worker-custom-journald.yaml

  3. Apply the machine config. For example:

    1. $ oc apply -f 40-worker-custom-journald.yaml

    The controller detects the new MachineConfig object and generates a new rendered-worker-<hash> version.

  4. Monitor the status of the rollout of the new rendered configuration to each node:

    1. $ oc describe machineconfigpool/worker

    Example output

    1. Name:         worker
    2. Namespace:
    3. Labels:       machineconfiguration.openshift.io/mco-built-in=
    4. Annotations:  <none>
    5. API Version:  machineconfiguration.openshift.io/v1
    6. Kind:         MachineConfigPool
    8. ...
    10. Conditions:
    11.   Message:
    12.   Reason:                All nodes are updating to rendered-worker-913514517bcea7c93bd446f4830bc64e