OSDOCS-8396

_topic_maps/_topic_map_rosa.yml

@@ -202,10 +202,12 @@ Topics:
     File: cloud-experts-deploying-application-storage
   - Name: ConfigMap, secrets, and environment variables
     File: cloud-experts-deploying-configmaps-secrets-env-var
-  - Name: Using Source-to-Image (S2I) webhooks for automated deployment
-    File: cloud-experts-deploying-s2i-webhook-cicd
+  - Name: Logging
+    File: cloud-experts-deploying-application-logging
   - Name: S2i deployments
     File: cloud-experts-deploying-application-s2i-deployments
+  - Name: Using Source-to-Image (S2I) webhooks for automated deployment
+    File: cloud-experts-deploying-s2i-webhook-cicd
   - Name: Scaling an application
     File: cloud-experts-deploying-application-scaling
 ---

cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-logging.adoc

@@ -0,0 +1,177 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-deploying-application-logging"]
+= Tutorial: Logging
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-deploying-application-logging
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2024-05-01
+
+There are various methods to view your logs in {product-rosa} (ROSA). Use the following procedures to forward the logs to AWS CloudWatch and view the logs directly through the pod by using `oc logs`.
+
+[NOTE]
+====
+ROSA is not preconfigured with a logging solution.
+====
+
+.Prerequisites
+
+* Set up a logging solution before viewing your logs. See the xref:../../observability/logging/cluster-logging-deploying.adoc#cluster-logging-deploying[Installing logging] documentation for more information.
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../observability/logging/cluster-logging.adoc#cluster-logging[Cluster logging]
+
+== Forwarding logs to CloudWatch
+
+Install the logging add-on service to forward the logs to AWS CloudWatch.
+
+//These steps were adopted from the Managed OpenShift Black Belt Tutorial "Using the AWS CloudWatch agent to publish metrics to CloudWatch in ROSA".
+
+. Run the following script to configure your ROSA cluster to forward logs to CloudWatch:
++
+[source,terminal]
+----
+$ curl https://raw.githubusercontent.com/openshift-cs/rosaworkshop/master/rosa-workshop/ostoy/resources/configure-cloudwatch.sh | bash
+----
++
+[NOTE]
+====
+Configuring ROSA to send logs to CloudWatch goes beyond the scope of this tutorial. Integrating with AWS and enabling CloudWatch logging are important aspects of ROSA, so a script is included to simplify the configuration process. The script will automatically set up AWS CloudWatch. You can examine the script to understand the steps involved.
+====
++
+.Example output
++
+[source,terminal]
+----
+Varaibles are set...ok.
+Policy already exists...ok.
+Created RosaCloudWatch-mycluster role.
+Attached role policy.
+Deploying the Red Hat OpenShift Logging Operator
+namespace/openshift-logging configured
+operatorgroup.operators.coreos.com/cluster-logging created
+subscription.operators.coreos.com/cluster-logging created
+Waiting for Red Hat OpenShift Logging Operator deployment to complete...
+Red Hat OpenShift Logging Operator deployed.
+secret/cloudwatch-credentials created
+clusterlogforwarder.logging.openshift.io/instance created
+clusterlogging.logging.openshift.io/instance created
+Complete.
+----
+. After a few minutes, you should begin to see log groups inside of AWS CloudWatch. Run the following command to see the log groups:
++
+[source,terminal]
+----
+$ aws logs describe-log-groups --log-group-name-prefix rosa-mycluster
+----
++
+.Example output
++
+[source,terminal]
+----
+{
+    "logGroups": [
+        {
+            "logGroupName": "rosa-mycluster.application",
+            "creationTime": 1724104537717,
+            "metricFilterCount": 0,
+            "arn": "arn:aws:logs:us-west-2:000000000000:log-group:rosa-mycluster.application:*",
+            "storedBytes": 0,
+            "logGroupClass": "STANDARD",
+            "logGroupArn": "arn:aws:logs:us-west-2:000000000000:log-group:rosa-mycluster.application"
+        },
+        {
+            "logGroupName": "rosa-mycluster.audit",
+            "creationTime": 1724104152968,
+            "metricFilterCount": 0,
+            "arn": "arn:aws:logs:us-west-2:000000000000:log-group:rosa-mycluster.audit:*",
+            "storedBytes": 0,
+            "logGroupClass": "STANDARD",
+            "logGroupArn": "arn:aws:logs:us-west-2:000000000000:log-group:rosa-mycluster.audit"
+        },
+----
+
+== Outputting the data to the streams and logs
+. Output a message to `stdout`.
+.. In the OSToy application, click *Home* and then click the message box for *Log Message (stdout)*.
+.. Write a message to output to the `stdout` stream, for example "All is well!".
+.. Click *Send Message*.
++
+image:cloud-experts-deploying-application-logging-ostoy-stdout.png[]
++
+. Output a message to `stderr`.
+.. Click the message box for *Log Message (stderr)*.
+.. Write a message to output to the `stderr` stream, for example "Oh no! Error!".
+.. Click *Send Message*.
++
+image:cloud-experts-deploying-application-logging-ostoy-stderr.png[]
+
+== Viewing the application logs by using the `oc` command
+. Enter the following command in the command line interface (CLI) to retrieve the name of your frontend pod:
++
+[source,terminal]
+----
+$ oc get pods -o name
+----
++
+.Example output
++
+[source,terminal]
+----
+pod/ostoy-frontend-679cb85695-5cn7x <1>
+pod/ostoy-microservice-86b4c6f559-p594d
+----
+<1> The pod name is `ostoy-frontend-679cb85695-5cn7x`.
++  
+. Run the following command to see both the `stdout` and `stderr` messages:
++
+[source,terminal]
+----
+$ oc logs <pod-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+$ oc logs ostoy-frontend-679cb85695-5cn7x
+[...]
+ostoy-frontend-679cb85695-5cn7x: server starting on port 8080
+Redirecting to /home
+stdout: All is well!
+stderr: Oh no! Error!
+----
+
+== Viewing the logs with CloudWatch
+. Navigate to *CloudWatch* on the link:https://aws.amazon.com/free/?gclid=EAIaIQobChMIoq2X27fZhgMVaAutBh1Q2w1jEAAYASAAEgL5y_D_BwE&trk=7541ebd3-552d-4f98-9357-b542436aa66c&sc_channel=ps&ef_id=EAIaIQobChMIoq2X27fZhgMVaAutBh1Q2w1jEAAYASAAEgL5y_D_BwE:G:s&s_kwcid=AL!4422!3!651751058796!e!!g!!aws%20console!19852662149!145019243977&all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=*all&awsf.Free%20Tier%20Categories=*all[AWS web console].
+. In the left menu, click *Logs* and then *Log groups* to see the different groups of logs. You should see 3 groups:
+
+** `rosa-<cluster-name>.application`
+** `rosa-<cluster-name>.audit`
+** `rosa-<cluster-name>.infrastructure`
++
+image:cloud-experts-deploying-application-logging-cw.png[]
++
+. Click `rosa-<cluster-name>.application`.
+. Click the log stream for the frontend pod.
++
+image:cloud-experts-deploying-application-logging-logstream2.png[]
++
+. Filter for `stdout` and `stderr`.
+. Expand the row to show the messages you entered earlier and other pertinent information.
++
+image:cloud-experts-deploying-application-logging-stderr.png[]
++
+. Return to the log streams and select the microservice.
+. Enter "microservice" in the search bar to see other messages in your logs.
+. Expand one of the entries to see the color the frontend pod received from microservice and which pod sent that color to the frontend pod.
++
+image:cloud-experts-deploying-application-logging-messages.png[]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html[What is Amazon CloudWatch]

trust.json

@@ -0,0 +1,17 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "arn:aws:iam::269733383066:oidc-provider/oidc.op1.openshiftapps.com/2bsd7fnevjg1k8e6b3t3jsforlhrrgoc"
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity",
+      "Condition": {
+        "StringEquals": {
+          "oidc.op1.openshiftapps.com/2bsd7fnevjg1k8e6b3t3jsforlhrrgoc:sub": "system:serviceaccount:ack-system:ack-s3-controller"
+        }
+      }
+    }
+  ]
+}