Pipelines Nodes have an agent running in them. This agent is responsible for fetching their work load from Pipelines, triggering the run at the node, and reporting everything that happened during the run to Pipelines. This agent produces logs while doing that work, which can be streamed to a Logstash service if available. This is especially useful for troubleshooting dynamic nodes that can be already gone when an error is detected, making it impossible to inspect the logs inside the node.
Logstash Requirements
Pipelines agent uses a TCP socket when writing logs to Logstash. For that to work, Logstash needs to have a TCP input enabled.
The following snippet shows an example of how to enable TCP input in Logstash:
input {
tcp {
port => 5000
ssl_enable => true
ssl_verify => true
ssl_cert => "/usr/share/certs/logstash.crt"
ssl_key => "/usr/share/certs/logstash.key"
ssl_certificate_authorities => ["/usr/share/certs/rootca.crt"]
}
}Enabling Logstash Integration
To enable Pipelines Nodes Agent integration with Logstash, add the following entries to your Pipelines system yaml runtime section:
runtime:
logging:
logstash:
host: logstash.my_company.com
port: 5000
clientCertificatePath: /opt/jfrog/pipelines/var/etc/security/keys/trusted/node.ca.crt
clientPrivateKeyPath: /opt/jfrog/pipelines/var/etc/security/keys/trusted/node.ca.key
logstashCaCertificatePath: /opt/jfrog/pipelines/var/etc/security/keys/trusted/rootca.crtConfiguration name | Description | Mandatory |
|---|---|---|
host | Logstash service host | Mandatory |
port | Logstash service port | Mandatory |
clientCertificatePath | Path to the certificate to be presented to the Logstash service | Optional |
clientPrivateKeyPath | Path to the private key corresponding to the specified certificate | Optional |
logstashCaCertificatePath | Path to the root certificate authorities to be used to validate Logstash certificate | Optional |