This is a cache of https://docs.openshift.com/container-platform/4.5/logging/config/cluster-logging-systemd.html. It is a snapshot of the page at 2024-11-23T00:28:28.882+0000.
Configuring systemd-journald for cluster <strong>logging</strong> - Configuring your cluster <strong>logging</strong> deployment | <strong>logging</strong> | OpenShift Container Platform 4.5
×

Because Fluentd reads from the journal, and the journal default settings are very low, journal entries can be lost because the journal cannot keep up with the logging rate from system services.

We recommend setting RateLimitInterval=1s and RateLimitBurst=10000 (or even higher if necessary) to prevent the journal from losing entries.

Configuring systemd-journald for cluster logging

As you scale up your project, the default logging environment might need some adjustments.

For example, if you are missing logs, you might have to increase the rate limits for journald. You can adjust the number of messages to retain for a specified period of time to ensure that cluster logging does not use excessive resources without dropping logs.

You can also determine if you want the logs compressed, how long to retain logs, how or if the logs are stored, and other settings.

Procedure
  1. Create a journald.conf file with the required settings:

    Compress=yes (1)
    ForwardToConsole=no (2)
    ForwardToSyslog=no
    MaxRetentionSec=1month (3)
    RateLimitBurst=10000 (4)
    RateLimitInterval=1s
    Storage=persistent (5)
    SyncIntervalSec=1s (6)
    SystemMaxUse=8g (7)
    SystemKeepFree=20% (8)
    SystemMaxFileSize=10M (9)
    
    1 Specify whether you want logs compressed before they are written to the file system. Specify yes to compress the message or no to not compress. The default is yes.
    2 Configure whether to forward log messages. Defaults to no for each. Specify:
    • ForwardToConsole to forward logs to the system console.

    • ForwardToKsmg to forward logs to the kernel log buffer.

    • ForwardToSyslog to forward to a syslog daemon.

    • ForwardToWall to forward messages as wall messages to all logged-in users.

    3 Specify the maximum time to store journal entries. Enter a number to specify seconds. Or include a unit: "year", "month", "week", "day", "h" or "m". Enter 0 to disable. The default is 1month.
    4 Configure rate limiting. If, during the time interval defined by RateLimitIntervalSec, more logs than specified in RateLimitBurst are received, all further messages within the interval are dropped until the interval is over. It is recommended to set RateLimitInterval=1s and RateLimitBurst=10000, which are the defaults.
    5 Specify how logs are stored. The default is persistent:
    • volatile to store logs in memory in /var/log/journal/.

    • persistent to store logs to disk in /var/log/journal/. systemd creates the directory if it does not exist.

    • auto to store logs in in /var/log/journal/ if the directory exists. If it does not exist, systemd temporarily stores logs in /run/systemd/journal.

    • none to not store logs. systemd drops all logs.

    6 Specify the timeout before synchronizing journal files to disk for ERR, WARNING, NOTICE, INFO, and DEBUG logs. systemd immediately syncs after receiving a CRIT, ALERT, or EMERG log. The default is 1s.
    7 Specify the maximum size the journal can use. The default is 8g.
    8 Specify how much disk space systemd must leave free. The default is 20%.
    9 Specify the maximum size for individual journal files stored persistently in /var/log/journal. The default is 10M.

    If you are removing the rate limit, you might see increased CPU utilization on the system logging daemons as it processes any messages that would have previously been throttled.

    For more information on systemd settings, see https://www.freedesktop.org/software/systemd/man/journald.conf.html. The default settings listed on that page might not apply to OpenShift Container Platform.

  2. Convert the journal.conf file to base64:

    $ export jrnl_cnf=$( cat /journald.conf | base64 -w0 )
  3. Create a new MachineConfig object for master or worker and add the journal.conf parameters:

    For example:

    apiVersion: machineconfiguration.openshift.io/v1
    kind: MachineConfig
    metadata:
      labels:
        machineconfiguration.openshift.io/role: worker
      name: 50-corp-journald
    spec:
      config:
        ignition:
          version: 2.2.0
        storage:
          files:
          - contents:
              source: data:text/plain;charset=utf-8;base64,${jrnl_cnf}
            mode: 0644 (1)
            overwrite: true
            path: /etc/systemd/journald.conf (2)
    1 Set the permissions for the journal.conf file. It is recommended to set 0644 permissions.
    2 Specify the path to the base64-encoded journal.conf file.
  4. Create the machine config:

    $ oc apply -f <filename>.yaml

    The controller detects the new MachineConfig object and generates a new rendered-worker-<hash> version.

  5. Monitor the status of the rollout of the new rendered configuration to each node:

    $ oc describe machineconfigpool/worker
    Example output
    Name:         worker
    Namespace:
    Labels:       machineconfiguration.openshift.io/mco-built-in=
    Annotations:  <none>
    API Version:  machineconfiguration.openshift.io/v1
    Kind:         MachineConfigPool
    
    ...
    
    Conditions:
      Message:
      Reason:                All nodes are updating to rendered-worker-913514517bcea7c93bd446f4830bc64e