Bootstrap FreeKB - OpenShift - View node logs using the oc adm node-logs command
OpenShift - View node logs using the oc adm node-logs command
Updated:   |  OpenShift articles

Logging in OpenShift is separated into different systems and services that serve a specific purpose.

  • Collecting log data - typically done with filebeat, fluentd, logstash or vector
  • Storing log data, for example, in an Amazon Web Services (AWS) S3 Bucket - typically done with Loki or Elastic Search
  • Visualizing and query log data - typically done in the OpenShift console or in Kibana

There are abbreviations used as shorthand for the collection of systems and services to collect, store and visualize log data.

  • EFK (Elastic Search, Fluentd, Kibana)
  • ELK (Elastic Search, Logstash, Kibana)
  • EVK (Elastic Search, Vector, Kibana)
  • LFK (Loki, Fluentd, Kibana)
  • LLK (Loki, Logstash, Kibana)
  • LVK (Loki, Vector, Kibana)

The first step in configuring OpenShift to collect log data from various different types of resources in your OpenShift cluster, such as nodes, pods, and so on is to install an Operator that will collect the log data. This is often done by installing the Cluster Logging Operator. Check out my article OpenShift - Getting Started with Cluster Logging.

There are a few different commands that can be used to view logs.

  • oc logs command can be used to view for a particular resource, such as a pod, a service, a replica set, and so on
  • oc node-logs command can be used to view node logs (this article)

I like to think of a "machine" as OpenShift representation of a Virtual Machine, such as an Amazon Web Services (AWS) EC2 Instance, or a VMWare Virtual Machine, and then a Node, and then the pods running on the node.

There are different types of nodes.

  • compute
  • edge
  • infra
  • master
  • worker

The oc get nodes command will return the list of nodes.

~]$ oc get nodes
NAME                  STATUS   ROLES            AGE    VERSION
my-node-edge-lm6wz     Ready    infra,worker     519d   v1.23.5+012e945
my-node-edge-pmlls     Ready    infra,worker     519d   v1.23.5+012e945
my-node-infra-c4v5h    Ready    infra,worker     519d   v1.23.5+012e945
my-node-infra-mc8rc    Ready    infra,worker     519d   v1.23.5+012e945
my-node-infra-p9cjv    Ready    infra,worker     519d   v1.23.5+012e945
my-node-master-0       Ready    master           522d   v1.23.5+012e945
my-node-master-1       Ready    master           522d   v1.23.5+012e945
my-node-master-2       Ready    master           522d   v1.23.5+012e945
my-node-worker-lk5vm   Ready    compute,worker   61d    v1.23.5+012e945
my-node-worker-pj4r4   Ready    compute,worker   61d    v1.23.5+012e945

 

When using the oc adm node-logs command you must include the --role option. The role will be the type of node, such as compute, edge, infra, master or worker. The --path option can be used to view what logs are available in each node (each master node in this example).

~]$ oc adm node-logs --role master --path=/
lab001-master-0 README
lab001-master-0 audit/
lab001-master-0 btmp
lab001-master-0 btmp-20250301
lab001-master-0 chrony/
lab001-master-0 containers/
lab001-master-0 crio/
lab001-master-0 etcd/
lab001-master-0 glusterfs/
lab001-master-0 journal/
lab001-master-0 kube-apiserver/
lab001-master-0 lastlog
lab001-master-0 oauth-apiserver/
lab001-master-0 oauth-server/
lab001-master-0 openshift-apiserver/
lab001-master-0 openvswitch/
lab001-master-0 ovn/
lab001-master-0 pods/
lab001-master-0 private/
lab001-master-0 qemu-ga/
lab001-master-0 samba/
lab001-master-0 sssd/
lab001-master-0 tallylog
lab001-master-0 vmware-network.1.log
lab001-master-0 vmware-network.2.log
lab001-master-0 vmware-network.3.log
lab001-master-0 vmware-network.4.log
lab001-master-0 vmware-network.5.log
lab001-master-0 vmware-network.6.log
lab001-master-0 vmware-network.7.log
lab001-master-0 vmware-network.log
lab001-master-0 vmware-vgauthsvc.log.0
lab001-master-0 vmware-vmsvc-root.1.log
lab001-master-0 vmware-vmsvc-root.10.log
lab001-master-0 vmware-vmsvc-root.2.log
lab001-master-0 vmware-vmsvc-root.3.log
lab001-master-0 vmware-vmsvc-root.4.log
lab001-master-0 vmware-vmsvc-root.5.log
lab001-master-0 vmware-vmsvc-root.6.log
lab001-master-0 vmware-vmsvc-root.7.log
lab001-master-0 vmware-vmsvc-root.8.log
lab001-master-0 vmware-vmsvc-root.9.log
lab001-master-0 vmware-vmsvc-root.log
lab001-master-0 vmware-vmtoolsd-root.log
lab001-master-0 wtmp
lab001-master-1 README
lab001-master-1 audit/
lab001-master-1 btmp
lab001-master-1 btmp-20250301
lab001-master-1 chrony/
lab001-master-1 containers/
lab001-master-1 crio/
lab001-master-1 etcd/
lab001-master-1 glusterfs/
lab001-master-1 journal/
lab001-master-1 kube-apiserver/
lab001-master-1 lastlog
lab001-master-1 oauth-apiserver/
lab001-master-1 oauth-server/
lab001-master-1 openshift-apiserver/
lab001-master-1 openvswitch/
lab001-master-1 ovn/
lab001-master-1 pods/
lab001-master-1 private/
lab001-master-1 qemu-ga/
lab001-master-1 samba/
lab001-master-1 sssd/
lab001-master-1 tallylog
lab001-master-1 vmware-network.1.log
lab001-master-1 vmware-network.2.log
lab001-master-1 vmware-network.3.log
lab001-master-1 vmware-network.4.log
lab001-master-1 vmware-network.5.log
lab001-master-1 vmware-network.6.log
lab001-master-1 vmware-network.7.log
lab001-master-1 vmware-network.log
lab001-master-1 vmware-vgauthsvc.log.0
lab001-master-1 vmware-vmsvc-root.1.log
lab001-master-1 vmware-vmsvc-root.10.log
lab001-master-1 vmware-vmsvc-root.2.log
lab001-master-1 vmware-vmsvc-root.3.log
lab001-master-1 vmware-vmsvc-root.4.log
lab001-master-1 vmware-vmsvc-root.5.log
lab001-master-1 vmware-vmsvc-root.6.log
lab001-master-1 vmware-vmsvc-root.7.log
lab001-master-1 vmware-vmsvc-root.8.log
lab001-master-1 vmware-vmsvc-root.9.log
lab001-master-1 vmware-vmsvc-root.log
lab001-master-1 vmware-vmtoolsd-root.log
lab001-master-1 wtmp
lab001-master-2 README
lab001-master-2 audit/
lab001-master-2 btmp
lab001-master-2 btmp-20250301
lab001-master-2 chrony/
lab001-master-2 containers/
lab001-master-2 crio/
lab001-master-2 etcd/
lab001-master-2 glusterfs/
lab001-master-2 journal/
lab001-master-2 kube-apiserver/
lab001-master-2 lastlog
lab001-master-2 oauth-apiserver/
lab001-master-2 oauth-server/
lab001-master-2 openshift-apiserver/
lab001-master-2 openvswitch/
lab001-master-2 ovn/
lab001-master-2 pods/
lab001-master-2 private/
lab001-master-2 qemu-ga/
lab001-master-2 samba/
lab001-master-2 sssd/
lab001-master-2 tallylog
lab001-master-2 vmware-network.1.log
lab001-master-2 vmware-network.2.log
lab001-master-2 vmware-network.3.log
lab001-master-2 vmware-network.4.log
lab001-master-2 vmware-network.5.log
lab001-master-2 vmware-network.6.log
lab001-master-2 vmware-network.7.log
lab001-master-2 vmware-network.8.log
lab001-master-2 vmware-network.9.log
lab001-master-2 vmware-network.log
lab001-master-2 vmware-vgauthsvc.log.0
lab001-master-2 vmware-vmsvc-root.1.log
lab001-master-2 vmware-vmsvc-root.10.log
lab001-master-2 vmware-vmsvc-root.2.log
lab001-master-2 vmware-vmsvc-root.3.log
lab001-master-2 vmware-vmsvc-root.4.log
lab001-master-2 vmware-vmsvc-root.5.log
lab001-master-2 vmware-vmsvc-root.6.log
lab001-master-2 vmware-vmsvc-root.7.log
lab001-master-2 vmware-vmsvc-root.8.log
lab001-master-2 vmware-vmsvc-root.9.log
lab001-master-2 vmware-vmsvc-root.log
lab001-master-2 vmware-vmtoolsd-root.log
lab001-master-2 wtmp

 

Notice in the above output that one of the directories listed is etcd. You can list the files/directories in each node (each master node in this example).

~]$ oc adm node-logs --role master --path=etcd
lab001-master-0 etcd-health-probe.log
lab001-master-1 etcd-health-probe.log
lab001-master-2 etcd-health-probe.log

 

Then you can view the log events in each node.

 oc adm node-logs --role master --path=/etcd/etcd-health-probe.log

 

If you want to return logs for a particular unit in each node, such as kubelet or sssd, the -u or --unit option can be used.

oc adm node-logs --role master --unit=kubelet

 

You can tail the events in each node, such as the last 10 events in the log in each node.

oc adm node-logs --role master --unit=kubelet --tail=10

 

--path='journal' can be used to return events similar to the journalctl command. This is nice if you are looking for something particular in the logs since this should query all logs in each node.

oc adm node-logs --role worker --path='journal' --tail=10

 

This is often used in conjunction with --since and --until to only return log events in a certain time period.

oc adm node-logs --role worker --path='journal' --since '2025-03-11 01:24:15' --until '2025-03-11 01:24:20'

 

---grep can be used to filter the results using a regular expression. In this example only events containing DNS will be returned.

oc adm node-logs --role worker --path='journal' --grep 'dns'

 

The --boot option can be used to show messages from a specific boot. In this example, -1 means the prior boot.

oc adm node-logs --role worker --path='journal' --boot=-1

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 6c497c in the box below so that we can be sure you are a human.