3.8. Querying cluster node journal logs
You can gather journald unit logs and other logs within /var/log on individual cluster nodes.
Prerequisites
-
You have access to the cluster as a user with the
cluster-adminrole. - Your API service is still functional.
-
You have installed the OpenShift CLI (
oc). - You have SSH access to your hosts.
Procedure
Query
kubeletjournaldunit logs from OpenShift Container Platform cluster nodes. The following example queries master nodes only:$ oc adm node-logs --role=master -u kubelet 1- 1
- Replace
kubeletas appropriate to query other unit logs.
Collect logs from specific subdirectories under
/var/log/on cluster nodes.Retrieve a list of logs contained within a
/var/log/subdirectory. The following example lists files in/var/log/openshift-apiserver/on all master nodes:$ oc adm node-logs --role=master --path=openshift-apiserver
Inspect a specific log within a
/var/log/subdirectory. The following example outputs/var/log/openshift-apiserver/audit.logcontents from all master nodes:$ oc adm node-logs --role=master --path=openshift-apiserver/audit.log
If the API is not functional, review the logs on each node using SSH instead. The following example tails
/var/log/openshift-apiserver/audit.log:$ ssh core@<master-node>.<cluster_name>.<base_domain> sudo tail -f /var/log/openshift-apiserver/audit.log
注意OpenShift Container Platform 4.5 cluster nodes running Red Hat Enterprise Linux CoreOS (RHCOS) are immutable and rely on Operators to apply cluster changes. Accessing cluster nodes using SSH is not recommended and nodes will be tainted as accessed. Before attempting to collect diagnostic data over SSH, review whether the data collected by running
oc adm must gatherand otheroccommands is sufficient instead. However, if the OpenShift Container Platform API is not available, or the kubelet is not properly functioning on the target node,ocoperations will be impacted. In such situations, it is possible to access nodes usingssh core@<node>.<cluster_name>.<base_domain>.
