Skip to content

Latest commit

 

History

History
159 lines (106 loc) · 9.26 KB

ingest-from-cloud-foundry-runtime-f5a7c99.md

File metadata and controls

159 lines (106 loc) · 9.26 KB

Ingest from Cloud Foundry Runtime

You can configure shipping logs and resource usage metrics from applications deployed on SAP BTP Cloud Foundry in various ways. Even if you don't have specific application logs, you can analyze your applications using the automatically generated request logs from the Cloud Foundry router. Additionally, you benefit from default contents: dashboards, index patterns, and retention settings.

Note:

You can also Ingest via OpenTelemetry API Endpoint.

Caution:

Ensure that you consider SAP BTP Security Recommendation BTP-CLS-0002.

All configuration steps can be done either using SAP BTP Cockpit or the Cloud Foundry Command Line Interface.

Procedures

Note:

For shipping logs/metrics via Cloud Foundry, the service instance must have the ingest.enabled configuration parameter set to true (default).

Shipping logs from applications deployed on SAP BTP Cloud Foundry can be configured using one of the below options:

Bind the Application to the Service Instance

Bind the Application Using the Command Line Interface

  1. Log On to the Cloud Foundry Environment Using the Cloud Foundry Command Line Interface.

  2. To bind the application via command line interface, execute the following command:

    cf bind-service <app-name> <service-instance>

    Note:

    Although the command line interface prompts you to restage the app, the binding takes effect without restaging.

  3. Go to the Result section.

Bind the Application Using the SAP BTP Cockpit

  1. Log On to the Cloud Foundry Environment Using the SAP BTP Cockpit.
  2. Execute Bind Service Instances to Applications Using the Cockpit without binding parameters.
  3. Go to the Result section.

Share Service Instance Across Different Spaces

You can share a single service instance across multiple spaces. Skip this step if you don't need to share a single instance across multiple spaces of the same org.

  1. Log on to the Cloud Foundry Environment Using the Cloud Foundry Command Line Interface.

  2. To share the services in an additional space, execute the following command:

    cf share-service <service-instance> -s <other-space>

  3. Go to the Result section.

Note:

Be careful when deleting service keys. Credentials are invalidated if the service key is deleted, and there is no automated mechanism to track in which user provided services instances the information of a service key is used.

For more information about different contexts, tools, options, and best practices for instance sharing in Cloud Foundry, see Instance Sharing - SAP Cloud Logging.

Bind the Application to a User Provided Service

Bind the Application to the Service Instance is the recommended approach, because of simplicity in setup and maintenance. Introducing an indirection via service key and binding to a user-provided service to send logs is only advisable:

  • to reduce the dependency on bind operations in automated procedures.
  • to ingest across Cloud Foundry orgs to a single Cloud Logging instance.

Bind the Application to User Provided Service Using the Command Line Interface

  1. Log on to the Cloud Foundry Environment Using the Cloud Foundry Command Line Interface.

  2. Execute the following command to list the service instances:

    cf services

  3. Execute the following command to create a service key without binding to any application:

    cf create-service-key <service-instance> <service-key>

  4. Extract ingest-endpoint, ingest-username, and ingest-password from the response of executing:

    cf service-key <service-instance> <service-key>

  5. Create the User Provided Service (using either simple basic auth or mTLS):

    a) Simple basic auth configuration:

    To create a user-provided service, use the following template, filled with the values from the previous step and a of your choice:

    cf cups <user-provided-service-name> -l https-batch://<ingest-username>:<ingest-password>@<ingest-endpoint>/cfsyslog?drain-type=all

    b) mtls-enabled configuration:

    1. Extract the following fields from the binding JSON:

      • ingest-username
      • ingest-password
      • ingest-mtls-endpoint
      • ingest-mtls-cert
      • ingest-mtls-key
      • server-ca

    2. Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline)

      credentials.json:
{
"ca": "<server-ca>",
"cert": "<ingest-mtls-cert>",
"key": "<ingest-mtls-key>"
}

      You can also create the payload file using the following command:

      cf service-key <service-instance> <service-key> \
| jq '.credentials | {ca: ."server-ca", cert: ."ingest-mtls-cert", key: ."ingest-mtls-key"}' \
> credentials.json

    3. Create the mTLS-enabled user-provided service:

      cf cups <user-provided-service-name> \
-l "https-batch://<ingest-username>:<ingest-password>@<ingest-mtls-endpoint>/cfsyslog?drain-type=all" \
-p credentials.json

  6. Proceed with Bind the Application to the Service Instance and bind to the user provided service.

Bind the Application to User Provided Service Using SAP BTP Cockpit

  1. Log On to the Cloud Foundry Environment Using the SAP BTP Cockpit.
  2. Create a service key according to Creating Service Keys in Cloud Foundry.
  3. Create a User-Provided Service following Creating User-Provided Service Instances in Cloud Foundry Environment using Instance Name of your choice and the information from the the service key to configure System Logs Drain URL: 
    https-batch://<ingest-username>:<ingest-password>@<ingest-endpoint>/cfsyslog?drain-type=all
  4. Proceed with Bind the Application to the Service Instance and bind to the user provided service.

Result

The ingested data can be analyzed in OpenSearch Dashboards (see Access and Analyze Observability Data) based on the logs-cfsyslog-* index pattern for logs and the metrics-otel-v1-* index pattern for resource metrics.