Pure CloudWatch Logs implementation with no Fluentd #8
Conversation
…PIs in aws-credentials to make it pretty.
jglick
changed the title
…an be maintained locally.
…due to exported object issues.
…rather than Channel.export.
…anted to, since we are processing records asynchronously.
| <relativePath /> | ||
| </parent> | ||
| <groupId>io.jenkins.plugins</groupId> | ||
| <artifactId>pipeline-log-fluentd-cloudwatch</artifactId> | ||
| <artifactId>pipeline-log-fluentd-cloudwatch</artifactId> <!-- TODO minus fluentd --> |
There was a problem hiding this comment.
I was waiting for a non-PR context to actually rename the plugin in full (artifact ID, package, repo…).
| @@ -151,6 +151,7 @@ FormValidation validate(String logGroupName, String region, String credentialsId | |||
|
|
|||
| try { | |||
| filter(client, logGroupName); | |||
There was a problem hiding this comment.
Do we have tickets in backlog to do these todos?
There was a problem hiding this comment.
Afraid not, this is on an “as is” basis.
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchRetriever.java
Outdated
Show resolved
Hide resolved
| List<FilteredLogEvent> events; | ||
| try { | ||
| events = client.filterLogEvents(createFilter().withFilterPattern("{$.timestamp = " + timestamp + "}").withLimit(1)).getEvents(); | ||
| events = client.filterLogEvents(createFilter().withLimit(1).withStartTime(timestamp)).getEvents(); |
There was a problem hiding this comment.
By way of background, the timestamp field in JSON (duplicating the native AWS Logs input / result event field) was there due to a bug in the Fluentd plugin that forwarded messages: fluent-plugins-nursery/fluent-plugin-cloudwatch-logs#108
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchRetriever.java
Outdated
Show resolved
Hide resolved
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/LogStreamState.java
Show resolved
Hide resolved
| synchronized (agentLogStreamNames) { | ||
| for (int i = 1; ; i++) { | ||
| String candidate = logStreamNameBase + "@agent" + i; | ||
| if (agentLogStreamNames.add(candidate)) { |
There was a problem hiding this comment.
Do we care this is unbounded? What's the likelihood of this Set getting a bit too large?
There was a problem hiding this comment.
Ought not get particularly large I think. The maximum size should be roughly the maximum number of agents being used concurrently by all builds of a given job. So, on the order of a few to dozens typically.
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/LogStreamState.java
Outdated
Show resolved
Hide resolved
| return; | ||
| } | ||
| String sequenceToken = null; | ||
| MAIN: while (true) { |
There was a problem hiding this comment.
I don't think I've ever seen this used in Java before, interesting!
There was a problem hiding this comment.
When it happens in Java, probably the code needs some refactoring :)
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/LogStreamState.java
Outdated
Show resolved
Hide resolved
…e comprehensibly using URLEncoder.
…r received all delivered events.
…get the full build log.
| <licenses> | ||
| <license> | ||
| <name>MIT License</name> | ||
| <url>https://opensource.org/licenses/MIT</url> | ||
| </license> | ||
| </licenses> | ||
| <url>https://wiki.jenkins.io/display/JENKINS/Pipeline+Log+Fluentd+CloudWatch+Plugin</url> | ||
| <url>https://wiki.jenkins.io/display/JENKINS/Pipeline+Log+Fluentd+CloudWatch+Plugin</url> <!-- TODO minus fluentd --> |
There was a problem hiding this comment.
Address these TODOs before the alpha release?
There was a problem hiding this comment.
Yes, I would expect to do that along with renaming the repository and adjusting the entry in repository-permissions-updater.
...ava/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchAwsGlobalConfiguration.java
Outdated
Show resolved
Hide resolved
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchRetriever.java
Outdated
Show resolved
Hide resolved
src/main/java/io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchRetriever.java
Outdated
Show resolved
Hide resolved
|
I also agree with some of @dominicgunn's code improvement proposals. Adding TODOs or addressing them would make sense |
…released, do not depend on it for now.
If this works out, it would be a lot simpler conceptually and for administrators—no need to host and configure a separate service (meaning Evergreen could pick it up directly à la jenkins-infra/evergreen#128), and much more precise control over timing of event ingestion. And the Fluentd implementation as it stands is not suitable for production use since it has no means of limiting log output from agents to specified jobs (or builds) only.
AssumeRole(tests fail with access denied error ifpolicy()is deliberately mistyped)aws-credentials: Correcting default credentials when using assumed roles aws-credentials-plugin#46GetFederationTokenNodesoDescribeLogStreamscan be restricted to the masterLogStorageTestBase.remotingInDockerto verify temporary credentials and job-granularity access controlsenderandtimestampfields