A sidecar container for rotating, compressing and backing up log files to object storage.
The container is a Typescipt Node.js application that uses a SQLite database to track the files as they are stepped through each stage. The stages run independantely on a configurable cron schedule.
Configurable environment variables will be shown like ENV_VAR below.
The application logs to disk. Files to be rotated must end with LOGROTATE_SUFFIX.
The environment variable CRON_ROTATE is used to schedule the rotation of the files. The LOGROTATE_DIRECTORY is examined for files with the LOGROTATE_SUFFIX (default: log).
If any files are rotated then, optionally, LOGROTATE_POSTROTATE_COMMAND is called. It can be necessary to signal the application that the rotation occurred so it can open a new file.
Files are normally just renamed. You can set LOGROTATE_COPYTRUNCATE_SUFFIXES to instead copy and then truncate the file. Some files, like redirected output, can't be renamed and then deleted.
Rotated files are appended with the file's change date and the current UTC timestamp. See: https://nodejs.org/api/fs.html#stat-time-values
The environment variable CRON_COMPRESS is used to schedule the compression of the rotated files. The each file is compressed into a 'tgz' archive.
This stage can run frequently with little cost. If you wish to skip this stage, set the environment variable COMPRESS_SKIP to be true.
The environment variable CRON_BACKUP is used to schedule the backup of the compressed files to object storage.
If you have massive files or slow connectivity, increase the cron settings period. Otherwise, this stage can run frequently with little cost.
Any arbitrary metadata can be set by setting OBJECT_STORAGE_METADATA to be a key/value JSON string.
If you are sending similarly named files from multiple sources (OpenShift/Kubernetes nodes), then it is recommended that you set OBJECT_STORAGE_FILENAME_PREFIX to identify the source and avoid collisions.
If you set OBJECT_STORAGE_ENABLED to anything but the default of 'true' then the backup to object storage is skipped.
The following are the environment variables that need to be set for the tool to use object storage.
OBJECT_STORAGE_END_POINTOBJECT_STORAGE_ACCESS_KEYOBJECT_STORAGE_BUCKETOBJECT_STORAGE_SECRET_KEY
The environment variable CRON_JANITOR is used to schedule the janitor which removes files after they have been backed up. The number of log files to retain can be configured by setting JANITOR_COPIES.
This stage can run frequently with little cost.
The SQLite database can be viewed by running a command like:
sqlite3 ./logs/cron.db 'select * from logs'
Prior to each stage, the database and the file system are compared. Any file missing from the file system will be logged and deleted from the database.
If you are moving the location of the files, you will need to update the path column of the logs table in the SQLite database. As well, you should take care not to trigger the missing files process.
This tool does not manage the lifecycle policies for the bucket the data is uploaded to. Please refer to the documentation for the object storage service you are using to setup a bucket lifecycle.
The default rotates files once every day. If you change the cron to run hourly, then it will rotate hourly. The minimum file size environment variable can be set to skip rotating files until they grow larger enough. The age maximum can ensure files don't remain on the server indefinitely.
The minimum file size (in bytes) before the file is rotated. Empty files are always skipped. If you set the minimum and run cron frequently, you will prevent files from growing much larger than this size. Default: 0
The maximum age (in milliseconds) of a file before it is rotated (even if the minimum file size is not met). Values less than 1 are ignored. Default: 0
The backup stage can read credentials from NR Vault and report the backed up files to NR Broker if the NR Broker environment variables (BROKER_*) are set.
The required environment variables to set are:
BROKER_JWTBROKER_PROJECTBROKER_SERVICEBROKER_ENVIRONMENT
This will set it up to read secrets from the standard key/value credential location in NR Vault for the service. The VAULT_CRED_PATH_SUFFIX variable can be set to include a path from the service's root.
The key/value document read from NR Vault will do nothing by default. The VAULT_CRED_KEYS_* variables replace the equivalent OBJECT_STORAGE_* with the value of the key read from Vault.
- VaultDoc[
VAULT_CRED_KEYS_END_POINT] ->OBJECT_STORAGE_END_POINT - VaultDoc[
VAULT_CRED_KEYS_ACCESS_KEY] ->OBJECT_STORAGE_ACCESS_KEY - VaultDoc[
VAULT_CRED_KEYS_SECRET_KEY] ->OBJECT_STORAGE_SECRET_KEY - VaultDoc[
VAULT_CRED_KEYS_BUCKET] ->OBJECT_STORAGE_BUCKET
You are free to set as many (or as few) of the VAULT_CRED_KEYS_*.
- Copy
setenv-tmpl.shtosetenv-local.sh. - Modify cron to run every minute ("*/1 * * * *").
- Change LOGROTATE_DIRECTORY to "logs". Add your OBJECT_STORAGE_ secrets.
- Source env:
source ./setenv-local.sh - Start sidecar:
npm run start - Create sample log files:
./test/create-log-files.sh - View DB as cron executes:
sqlite3 ./logs/cron.db 'select * from logs' - Use https://min.io/docs/minio/linux/reference/minio-mc.html# to view files
- Stop and delete test files in objectstore
See: LICENSE