scripts/drtprod: send logs to datadog

[sudomateo]

Previously, clusters created by roachprod logged exclusively to disk, requiring operators to either SSH into the instance or use roachprod logs to view logs for a CockroachDB node.

This patch adds a new roachprod fluent-bit-start command that, when run, installs and starts Fluent Bit on the CockroachDB cluster listening on 127.0.0.1:5170. The CockroachDB logging configuration has also been updated to log to this Fluent Bit endpoint, choosing not to error if the endpoint is unavailble. Clusters still log to disk as to not break existing workflows. The drtprod script was also updated to install and configure Fluent Bit on the DRT clusters. A complementary roachprod fluent-bit-stop command was also added to stop Fluent Bit.

Epic: none

Release note: none

[cockroach-teamcity]

This change is 

[dt]

Nice!

[herkolategan]

Nice work! Thanks for adding.
I would however strongly recommend we test these changes with a TC run of roachtest that includes multitenant tests as well, since some changes are made to the log configuration.

[herkolategan]

The execution speed of this Install command could benefit from c.ParallelE since there is no reason to run these sequentially on each node.

[sudomateo]

Run documents that commands are run in parallel when running on multiple nodes, which is what's happening here. Happy to change it to Parallel or ParallelE if that's not the case.

When running on just one node, the command output is streamed to stdout. When running on multiple nodes, the commands run in parallel, their output is cached and then emitted all together once all commands are completed.

[herkolategan]

Ah sorry, you are correct; I confused myself with the loop just above that where I think I thought it could all be optimised to run in parallel.

[herkolategan]

I think what I meant is the hostname + config gen could all be grouped with Parallel if I'm not mistaken.

[sudomateo]

Moved into Parallel. Let me know what you think.

[herkolategan]

Nice Thanks!

[sudomateo]

Nice work! Thanks for adding. I would however strongly recommend we test these changes with a TC run of roachtest that includes multitenant tests as well, since some changes are made to the log configuration.

Will work on the test case Wednesday or Thursday. Meanwhile the rest of the requested changes have been made.

[herkolategan]

Nice work! Thanks for adding. I would however strongly recommend we test these changes with a TC run of roachtest that includes multitenant tests as well, since some changes are made to the log configuration.

Will work on the test case Wednesday or Thursday. Meanwhile the rest of the requested changes have been made.

Thanks for making the changes!

I have started two TC runs of roachtest [1] [2] so long as I want to double check multi-tenant works & then just a random set of 30% of the roachtests.
[1] https://teamcity.cockroachdb.com/buildConfiguration/Cockroach_Nightlies_RoachtestNightlyGceBazel/15060095
[2] https://teamcity.cockroachdb.com/buildConfiguration/Cockroach_Nightlies_RoachtestNightlyGceBazel/15060141

[sudomateo]

bors r+

[sudomateo]

@herkolategan I think we're good here since one roachtest passed and the other had at least a 30% pass rate. I can write tests on the fluentbit package to assert the configuration is generated correctly or add another roachtest if you think that'll be beneficial to these changes.

[craig]

Build succeeded:

• acceptance
• macos_arm64_build
• macos_amd64_build
• lint
• docker_image_amd64
• linux_arm64_build
• local_roachtest_fips
• linux_amd64_build
• local_roachtest
• linux_amd64_fips_build
• examples_orms
• unit_tests
• windows_build
• check_generated_code

[renatolabs]

It seems that we're unconditionally generating fluent-servers logging configuration -- can this be made opt-in? I believe most roachprod clusters won't have this enabled (including roachtest clusters), and as a result we get lots of "errors" like this in the logs:

E240503 20:21:50.574780 55 1@util/log/buffered_sink.go:353 ⋮ [-] 229  logging error from *log.fluentSink: dial tcp ‹127.0.0.1:5170›: connect: connection refused

[sudomateo]

It seems that we're unconditionally generating fluent-servers logging configuration -- can this be made opt-in? I believe most roachprod clusters won't have this enabled (including roachtest clusters), and as a result we get lots of "errors" like this in the logs:

E240503 20:21:50.574780 55 1@util/log/buffered_sink.go:353 ⋮ [-] 229  logging error from *log.fluentSink: dial tcp ‹127.0.0.1:5170›: connect: connection refused

I originally had it opt-in but removed it for simplicity. I can submit another pull request to make it opt-in again.

[sudomateo]

@renatolabs submitted #123603 to address your latest comment.

[srosenberg]

I originally had it opt-in but removed it for simplicity. I can submit another pull request to make it opt-in again.

Looks like the opt-in was also needed for another reason, namely it broke some scenarios in mixed-version tests [1], wherein an older binary was incompatible with some of the specified log channels; e.g., KV_DISTRIBUTION was added after 22.1.

[1] #123656