Versions Compared

Old Version 3

changes.mady.by.user Luke Parker

Saved on

compared with

New Version 4

changes.mady.by.user Luke Parker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

About This Document

Official R1 documentation snapshot in  https://onap.readthedocs.io/en/latest/submodules/logging-analytics.git/docs/

...

Original AT&T ONAP Logging guidelines: https://wiki.onap.org/download/attachments/1015849/ONAP%20application%20logging%20guidelines.pdf?api=v2

Introduction

The purpose of ONAP logging is to capture information needed to operate, troubleshoot and report on the performance of the ONAP platform and its constituent components. Log records may be viewed and consumed directly by users and systems, indexed and loaded into a datastore, and used to compute metrics and generate reports. 

...

This document proposes conventions you can follow to generate conformant, indexable logging output from your component.

How to Log

ONAP prescribes conventions. The use of certain APIs and providers is recommended, but they are not mandatory. Most components log via EELF or SLF4J to a provider like Logback or Log4j.

EELF

EELF is the Event and Error Logging Framework, described at https://github.com/att/EELF.

...

  1. By selection of a logging provider such as Logback or Log4j, typically via the classpath. 
  2. By way of a provider configuration document, typically logback.xml or log4j.xml. See ONAP Application Logging Specification v1.2 (Cassablanca)Providers.

SLF4J

SLF4J is a logging facade, and a humble masterpiece. It combines what's common to all major, modern Java logging providers into a single interface. This decouples the caller from the provider, and encourages the use of what's universal, familiar and proven. 

EELF also logs via SLF4J's abstractions as the default provider.

Providers

Logging providers are normally enabled by their presence in the classpath. This means the decision may have been made for you, in some cases implicitly by dependencies. If you have a strong preference then you can change providers, but since the implementation is typically abstracted behind EELF or SLF4J, it may not be worth the effort.

Logback

Logback is the most commonly used provider. It is generally configured by an XML document named logback.xml. See ONAP Application Logging Specification v1.2 (Cassablanca). Configuration.

Log4j 2.X

Log4j 2.X is somewhat less common than Logback, but equivalent. It is generally configured by an XML document named log4j.xml. See ONAP Application Logging Specification v1.2 (Cassablanca). Configuration.

Log4j 1.X

Strongly discouraged from Beijing onwards, since 1.X is EOL, and since it does not support escaping, so its output may not be machine-readable. See https://logging.apache.org/log4j/1.2/.

This affects OpenDaylight-based components like SDNC and APPC, since ODL releases prior to Carbon bundled Log4j 1.X, and make it difficult to replace. The Common Controller SDK Project project targets ODL Carbon, so remaining instances of Log4j 1.X should disappear by the time of the Beijing release (TODO: 20180326 verify this is true).

What to Log

The purpose of logging is to capture diagnostic information.

An important aspect of this is analytics, which requires tracing of requests between components. In a large, distributed and scalable system such as ONAP this is critical to understanding behavior and performance. 

Messages, Levels, Components and Categories

It isn't the aim of this document to reiterate the basics, so advice here is general: 

...

Context

TODO: more on the importance of transaction ID propagation and its relation to Invocation ID.

MDCs

A Mapped Diagnostic Context (MDC) allows an arbitrary string-valued attribute to be attached to a Java thread via a ThreadLocal variable. The MDC's value is then emitted with each message logged by that thread. The set of MDCs associated with a log message is serialized as unordered name-value pairs (see ONAP Application Logging Specification v1.2 (Cassablanca)) Text Output).

A good discussion of MDCs can be found at https://logback.qos.ch/manual/mdc.html

...

  • Must be set as early in invocation as possible. 
  • Must be unset on exit. 

Logging

Via SLF4J:

Code Block
languagejava
linenumberstrue
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
// ...
final Logger logger = LoggerFactory.getLogger(this.getClass());
MDC.put("SomeUUID", UUID.randomUUID().toString());
try {
    logger.info("This message will have a UUID-valued 'SomeUUID' MDC attached.");
    // ...
}
finally {
    MDC.clear();
}

...

Code Block
languagejava
linenumberstrue
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
// ...
final EELFLogger logger = EELFManager.getInstance().getLogger(this.getClass());
MDC.put("SomeUUID", UUID.randomUUID().toString());
try {
    logger.info("This message will have a UUID-valued 'SomeUUID' MDC attached.");
    // ...
}
finally {
    MDC.clear();
}

Serializing

Output of MDCs must ensure that:

...

Code Block
languagetext
linenumberstrue
%replace(%replace(%mdc){'\t','\\\\t'}){'\n','\\\\n'}

MDC - RequestID

This is often referred to by other names, including "Transaction ID", and one of several (pre-standardization) REST header names including X-ECOMP-RequestID and X-ONAP-RequestID.

...

Code Block
languagejava
linenumberstrue
final String txID = MDC.get("RequestID");
HttpURLConnection cx = ...;
// ...
cx.setRequestProperty("X-TransactionID", txID);

MDC - InvocationID

InvocationID is similar to RequestID, but where RequestID correlates records relating a single, top-level invocation of ONAP as it traverses many systems, InvocationID correlates log entries relating to a single invocation of a single component. Typically this means via REST, but in certain cases an InvocationID may be allocated without a new invocation, e.g. when a request is retried.

...

  • It's only a few calls. 
  • It can be largely abstracted in the case of EELF logging.

TODO: code.

MDC - PartnerName

This field should contain the name of the client application user agent or user invoking the API.

...

Usage overlaps with InvocationID, which doesn't mean PartnerName gets retired, but which might mean it serves a more descriptive purpose. (Since it hasn't proven to be a great way of generating a call graph).

MDC - ServiceName

For EELF Audit log records that capture API requests, this field contains the name of the API invoked at the component creating the record (e.g., Layer3ServiceActivateRequest).

...

Usage is the same for indexable logs. 

MDCs - the Rest

Other MDCs are logged in a wide range of contexts.

...

IDMDCDescriptionRequiredEELF Audit

EELF Metric

EELF Error

EELF Debug


RequestID

(may be renamed TransactionID)

See above.Y




InvocationID

See above.


Y




(move serverFQDN here)






ServiceName

See above.

The service inside the partner doing the call


Y




PartnerName

See above.

ONAP Application Logging Specification v1.2 (Cassablanca) MDC-PartnerName (the larger component doing the call)

for example SDC-BE instead of just SDC for the overall pods

possibly rename "subComponent" of calling entity

Y



1BeginTimestamp

Date-time that processing activities being logged begins. The value should be represented in UTC and formatted per ISO 8601, such as “2015-06-03T13:21:58+00:00”. The time should be shown with the maximum resolution available to the logging component (e.g., milliseconds, microseconds) by including the appropriate number of decimal digits. For example, when millisecond precision is available, the date-time value would be presented as, as “2015-06-03T13:21:58.340+00:00”.

framework candidate

Y (will be derived)



2EndTimestamp

Date-time that processing for the request or event being logged ends. Formatting rules are the same as for the BeginTimestamp field above.

In the case of a request that merely logs an event and has not done subsequent processing, the EndTimestamp value may equal the BeginTimestamp value.

framework candidate

Y (will be derived)



3ElapsedTime

This field contains the elapsed time to complete processing of an API call or transaction request (e.g., processing of a message that was received). This value should be the difference between. EndTimestamp and BeginTimestamp fields and must be expressed in milliseconds.

Y



4ServiceInstanceID

This field is optional and should only be included if the information is readily available to the logging component.

Transaction requests that create or operate on a particular instance of a service/resource can
identify/reference it via a unique “serviceInstanceID” value. This value can be used as a primary key for
obtaining or updating additional detailed data about that specific service instance from the inventory
(e.g., AAI). In other words:

  • In the case of processing/logging a transaction request for creating a new service instance, the serviceInstanceID value is determined by either a) the MSO client and passed to MSO or b) by MSO itself upon receipt of a such a request.
  • In other cases, the serviceInstanceID value can be used to reference a specific instance of a service as would happen in a “MACD”-type request.
  • ServiceInstanceID is associated with a requestID in log records to facilitate tracing its processing over multiple requests and for a specific service instance. Its value may be left “empty” in subsequent record to the 1 st record where a requestID value is associated with the serviceInstanceID value.

NOTE: AAI won’t have a serviceInstanceUUID for every service instance. For example, no serviceInstanceUUID is available when the request is coming from an application that may import inventory data.

(The fields specific to certain components should be clearly identified. For example, ServiceInstanceID does not apply to SDC)



5VirtualServerName

Physical/virtual server/K8S-container name. Optional: empty if determined that its value can be added by the agent that collects the log files collecting.

Upgrade for kubernetes namespace, host affinity

Duplcate of 13 - heat specific






6StatusCode

This field indicates the high level status of the request. It must have the value COMPLETE when the request is successful and ERROR when there is a failure.

Y



7ResponseCode

This field contains application-specific error codes. For consistency, common error categorizations should be used.






8ResponseDescription

This field contains a human readable description of the ResponseCode.





11
9InstanceUUID

If known, this field contains a universally unique identifier used to differentiate between multiple instances of the same (named) log writing service/application. Its value is set at instance creation time (and read by it, e.g., at start/initialization time from the environment). This value should be picked up by the component instance from its configuration file and subsequently used to enable differentiation of log records created by multiple, locally load balanced ONAP component or subcomponent instances that are otherwise identically configured.






10SeverityOptional: 0, 1, 2, 3 see Nagios monitoring/alerting for specifics/details.




11TargetEntity

It contains the name of the ONAP component or sub-component, or external entity, at which the operation activities captured in this metrics log record is invoked.

Y



12TargetServiceNameIt contains the name of the API or operation activities invoked at the TargetEntity.Y



13

Server

This field contains the Virtual Machine (VM) Fully Qualified Domain Name (FQDN) if the server is virtualized. Otherwise, it contains the host name of the logging component.

Upgrade for kubernetes namespace, host affinity

heat specific

N (should be optional)

remove





14ServerIPAddress

This field contains the logging component host server’s IP address if known (e.g. Jetty container’s listening IP address). Otherwise it is empty.

Upgrade for kubernetes namespace, host affinity, nodeport

remove



15

ServerFQDN

(use for k8s cluster)

Unclear, but possibly duplicating one or both of Server and ServerIPAddress.

Upgrade for kubernetes namespace, host affinity

may keep this one - remove all other server fields



16ClientIPAddress

This field contains the requesting remote client application’s IP address if known. Otherwise this field can be empty.

remove



17ProcessKey

This field can be used to capture the flow of a transaction through the system by indicating the components and operations involved in processing. If present, it can be denoted by a comma separated list of components and applications.






18RemoteHostUnknown.




19AlertSeverityUnknown.




20TargetVirtualEntityUnknown




21ClassNameDefunct. Doesn't require an MDC.




22ThreadIDDefunct. Doesn't require an MDC.




23CustomField1(Defunct now that MDCs are serialized as NVPs.(Name Value Pairs)




24CustomField2(Defunct now that MDCs are serialized as NVPs.)




25CustomField3(Defunct now that MDCs are serialized as NVPs.)




26CustomField4(Defunct now that MDCs are serialized as NVPs.)




Deprecation

Indexing makes many of the remaining attributes redundant. So for example:

...

  
Some of that is contentious, but it's just talking points at this stage. We've tiptoed around the issue of extant conventions, and the ongoing result is a lot of attributes that nobody's really sure how to use, and which don't result in better logs. In Casablanca it's time to be less conservative. 

Examples

SDC-BE

20170907: audit.log - reverify for 201803

...

This example is taken from pre-Amsterdam logging. It is almost completely irrelevant to the discussion.

Markers

Markers differ from MDCs in two important ways:

...

(Markers are attached to individual messages. They don't propagate. A code example will help, but note that EELF's implementation can be modified to emit Markers, but its public APIs do not allow them to be passed in by callers.)

Logging

Via SLF4J:

Code Block
languagejava
linenumberstrue
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;
// ...
final Logger logger = LoggerFactory.getLogger(this.getClass());
final Marker marker = MarkerFactory.getMarker("MY_MARKER");
logger.warn(marker, "This warning has a 'MY_MARKER' annotation.");

EELF does not allow Markers to be set directly. See notes on the InvocationID MDC.

Serializing

Marker names also need to be escaped, though they're much less likely to contain problematic characters than MDC values.

...

Code Block
languagetext
linenumberstrue
%replace(%replace(%marker){'\t','\\\\t'}){'\n','\\\\n'}


Marker - ENTRY

This should be reported as early in invocation as possible, immediately after setting the RequestID and InvocationID MDCs.

...

Code Block
languagejava
titleSLF4J
linenumberstrue
public static final Marker ENTRY = MarkerFactory.getMarker("ENTRY");
// ... 
final Logger logger = LoggerFactory.getLogger(this.getClass());
logger.debug(ENTRY, "Entering.");

Marker - EXIT

This should be reported as late in invocation as possible, immediately before unsetting the RequestID and InvocationID MDCs.

...

Code Block
languagejava
titleSLF4J
linenumberstrue
public static final Marker EXIT = MarkerFactory.getMarker("EXIT");
// ... 
final Logger logger = LoggerFactory.getLogger(this.getClass());
logger.debug(EXIT, "Exiting.");

Marker - INVOKE

This should be reported by the caller of another ONAP component via REST, including a newly allocated InvocationID, which will be passed to the caller. 

...

TODO: EELF examples of INVOCATION_ID reporting, without changing published APIs.

Marker - SYNCHRONOUS

This should accompany INVOKE when the invocation is synchronous.

...

TODO: EELF example of SYNCHRONOUS reporting, without changing published APIs. 

Errorcodes

Errorcodes are reported as MDCs. 

...

Code Block
languagetext
linenumberstrue
COMPONENT_X.STORAGE_ERROR

Output Format

Several considerations:

  1. Logs should be human-readable (within reason). 
  2. Shipper and indexing performance and durability depends on logs that can be parsed quickly and reliably.
  3. Consistency means fewer shipping and indexing rules are required.

Text Output

ONAP needs to strike a balance between human-readable and machine-readable logs. This means:

...

Default Logstash indexing rules understand output in this format.

XML Output

For Log4j 1.X output, since escaping is not supported, the best alternative is to emit logs in XML format. 

...

Note that we're hoping that support for indexing of XML output can be deprecated during Beijing. This relies on the adoption of ODL Carbon, which should eliminate any remnant of Log4J1.X.

Output Location

Standardization of output locations makes logs easier to locate and ship for indexing. 

...

Code Block
languagetext
linenumberstrue
/var/log/ONAP_EELF/<component>[/<subcomponent>]/*.log

Configuration

Logging providers should be configured by file. Files should be at a predictable, static location, so that they can be written by deployment automation. Ideally this should be under /etc/ONAP, but compliance is low.

Locations

All logger provider configuration document locations namespaced by component and (if applicable) subcomponent by default:

...

  1. logback.xml
  2. log4j.xml
  3. log4j.properties

Reconfiguration

Logger providers should reconfigure themselves automatically when their configuration file is rewritten. All major providers should support this. 

The default interval is 10s. 

Overrides

The location of the configuration file MAY be overrideable, for example by an environment variable, but this is left for individual components to decide. 

Archetypes

Configuration archetypes can be found in the ONAP codebase (TODO: post git.onap.org tree location). Choose according to your provider, and whether you're logging via EELF. Efforts to standardize them are underway (TODO: link to specific epics), so the ones you should be looking for are where pipe (|) is used as a separator. (Previously it was "|").

Retention

Logfiles are often large. Logging providers allow retention policies to be configured. 

...

Code Block
languagexml
linenumberstrue
<appender name="file" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>${outputDirectory}/${outputFilename}.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
        <fileNamePattern>${outputDirectory}/${outputFilename}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
        <maxFileSize>50MB</maxFileSize>
        <maxHistory>30</maxHistory>
        <totalSizeCap>10GB</totalSizeCap>
    </rollingPolicy>
    <encoder>
        <!-- ... -->
    </encoder>
</appender>

Types of EELF Logs

EELF guidelines stipulate that an application should output log records to four separate files:

...

This applies only to EELF logging. Components which log directly to a provider may choose to emit the same set of logs, but most do not. 

Audit Log

An audit log is required for EELF-enabled components, and provides a summary view of the processing of a (e.g., transaction) request within an application. It captures activity requests that are received by an ONAP component, and includes such information as the time the activity is initiated, then it finishes, and the API that is invoked at the component.

Audit log records are intended to capture the high level view of activity within an ONAP component. Specifically, an API request handled by an ONAP component is reflected in a single Audit log record that captures the time the request was received, the time that processing was completed, as well as other information about the API request (e.g., API name, on whose behalf it was invoked, etc).

Metrics Log

A metrics log is required for EELF-enabled components, and provides a more detailed view into the processing of a transaction within an application. It captures the beginning and ending of activities needed to complete it. These can include calls to or interactions with other ONAP or non-ONAP entities.

...

Note that a single request may result in multiple Audit log records at an ONAP component and may result in multiple Metrics log records generated by the component when multiple suboperations are required to satisfy the API request captured in the Audit log record.

Error Log

An error log is required for EELF-enabled components, and is intended to capture info, warn, error and fatal conditions sensed (“exception handled”) by the software components.

Debug Log

A debug log is optional for EELF-enabled components, and is intended to capture whatever data may be needed to debug and correct abnormal conditions of the application.

Engine.out

Console logging may also be present, and is intended to capture “system/infrastructure” records. That is stdout and stderr assigned to a single “engine.out” file in a directory configurable (e.g. as an environment/shell variable) by operations personnel.

New ONAP Component Checklist

TODO: add this procedure to the Project Proposal Template

...

  1. Choose a Logging provider and/or EELF. Decisions, decisions.
  2. Create a configuration file based on an existing archetype. See ONAP Application Logging Specification v1.2 (Cassablanca).Configuration.
  3. Read your configuration file when your components initialize logging.
  4. Write logs to a standard location so that they can be shipped by Filebeat for indexing. See ONAP Application Logging Specification v1.2 (Cassablanca)Output Location.
  5. Report transaction state:
    1. Retrieve, default and propagate RequestID. See ONAP Application Logging Specification v1.2 (Cassablanca). MDC - RequestID.
    2. At each invocation of one ONAP component by another:
      1. Initialize and propagate InvocationID. See ONAP Application Logging Specification v1.2 (Cassablanca) MDC - Invocation ID.
      2. Report INVOKE and SYNCHRONOUS markers in caller. 
      3. Report ENTRY and EXIT markers in recipient. 
  6. Write useful logs!

 They are unordered. 

What's New

(Including what WILL be new in v1.2  / R2). 

...