OBSDOCS-2965: Modular docs refactor for Logging 6.5

Author: johnwilkins

.vale.ini

@@ -8,7 +8,7 @@ Vocab = OpenShiftDocs
 
 # Ignore files in dirs starting with `.` to avoid raising errors for `.vale/fixtures/*/testinvalid.adoc` files
 [[!.]*.adoc]
-BasedOnStyles = RedHat, AsciiDoc, OpenShiftAsciiDoc
+BasedOnStyles = RedHat, AsciiDoc, OpenShiftAsciiDoc, AsciiDocDITA
 
 # Disabling rules (NO)
 RedHat.ReleaseNotes = NO
@@ -23,6 +23,10 @@ OpenShiftAsciiDoc.NoNestingInModules = NO
 OpenShiftAsciiDoc.NoXrefInModules = NO
 OpenShiftAsciiDoc.IdHasContextVariable = NO
 OpenShiftAsciiDoc.NoTocInModules = NO
+AsciiDocDITA.AttributeReference = NO
+AsciiDoc.UnsetAttributes = NO
+RedHat.PassiveVoice = NO
+AsciiDocDITA.ConditionalCode = NO
 
 # Optional: pass doc attributes to asciidoctor before linting
 # Temp values are used for Prow CI comment linting only

.vale/styles/config/vocabularies/OpenShiftDocs/accept.txt

@@ -27,3 +27,9 @@ ubxtool
 vDUs?
 VFs?
 Westport
+MinIO
+[Ii]ngesters?
+[Qq]ueriers?
+[Ff]rontends?
+[Gg][Cc][Ss]
+otel

_topic_maps/_topic_map.yml

@@ -23,8 +23,12 @@ Name: Installing logging
 Dir: installing
 Distros: openshift-logging
 Topics:
-- Name: Installing logging
-  File: installing-logging
+- Name: Installation overview
+  File: overview-of-openshift-logging-installation
+- Name: Installing the Loki Operator
+  File: installing-the-loki-operator
+- Name: Installing the Red Hat OpenShift Logging Operator
+  File: installing-the-red-hat-openshift-logging-operator
 ---
 Name: Configuring logging
 Dir: configuring

installing/installing-logging.adoc

@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="installing-the-loki-operator"]
+= Installing the {loki-op}
+:context: installing-the-loki-operator
+
+toc::[]
+
+[role="_abstract"]
+The {loki-op} deploys and manages a `LokiStack` instance that serves as the log store for {logging}. You can install the {loki-op} by using the {oc-first} or the {ocp-product-title} web console.
+
+include::modules/loki-deployment-sizing.adoc[leveloffset=+1]
+
+include::modules/logging-loki-storage.adoc[leveloffset=+1]
+
+include::modules/installing-the-loki-operator-cli.adoc[leveloffset=+1]
+
+include::modules/installing-the-loki-operator-web-console.adoc[leveloffset=+1]
+
+include::modules/creating-the-openshift-logging-namespace.adoc[leveloffset=+1]
+
+include::modules/creating-the-loki-object-storage-secret.adoc[leveloffset=+1]
+
+include::modules/creating-the-lokistack.adoc[leveloffset=+1]
+
+[id="next-steps_{context}"]
+== Next steps
+
+* xref:../installing/installing-the-red-hat-openshift-logging-operator.adoc#installing-the-red-hat-openshift-logging-operator[Installing the {clo}]

installing/installing-the-loki-operator.adoc

@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="installing-the-red-hat-openshift-logging-operator"]
+= Installing the {clo}
+:context: installing-the-red-hat-openshift-logging-operator
+
+toc::[]
+
+[role="_abstract"]
+The {clo} deploys and manages the log collector (Vector) that tails container logs and forwards them to a log store. You can install the {clo} by using the {oc-first} or the {ocp-product-title} web console.
+
+include::modules/installing-the-clo-cli.adoc[leveloffset=+1]
+
+include::modules/creating-collector-rbac.adoc[leveloffset=+1]
+
+include::modules/creating-the-clusterlogforwarder.adoc[leveloffset=+1]
+
+include::modules/installing-the-clo-web-console.adoc[leveloffset=+1]
+
+include::modules/enabling-the-logs-tab.adoc[leveloffset=+1]
+
+include::modules/verifying-logging-installation.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-logging-installation.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../installing/installing-the-loki-operator.adoc#installing-the-loki-operator[Installing the {loki-op}]
+* link:https://docs.redhat.com/en/documentation/red_hat_openshift_logging/{logging-major-version}/html/configuring_logging/configuring-log-forwarding[Configuring log forwarding]

installing/installing-the-red-hat-openshift-logging-operator.adoc

@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="overview-of-openshift-logging-installation"]
+= Overview of {product-title} installation
+:context: overview-of-openshift-logging-installation
+
+toc::[]
+
+include::modules/logging-operator-overview.adoc[leveloffset=+1]
+
+include::modules/logging-installation-use-cases.adoc[leveloffset=+1]
+
+include::modules/logging-storage-prerequisites.adoc[leveloffset=+1]
+
+[id="next-steps_{context}"]
+== Next steps
+
+* xref:../installing/installing-the-loki-operator.adoc#installing-the-loki-operator[Installing the {loki-op}]
+* xref:../installing/installing-the-red-hat-openshift-logging-operator.adoc#installing-the-red-hat-openshift-logging-operator[Installing the {clo}]

installing/overview-of-openshift-logging-installation.adoc

@@ -0,0 +1,50 @@
+// Module is included in the following assemblies:
+//
+// * installing/installing-the-red-hat-openshift-logging-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-collector-rbac_{context}"]
+= Creating the collector service account and RBAC
+
+[role="_abstract"]
+The log collector requires a service account with specific cluster roles to read container logs and write to the `LokiStack`.
+
+.Procedure
+
+. Create a service account for the log collector:
++
+[source,terminal]
+----
+$ oc create sa logging-collector -n openshift-logging
+----
+
+. Assign the required cluster roles to the service account:
++
+[source,terminal]
+----
+$ oc adm policy add-cluster-role-to-user logging-collector-logs-writer \
+    -z logging-collector -n openshift-logging
+----
++
+[source,terminal]
+----
+$ oc adm policy add-cluster-role-to-user collect-application-logs \
+    -z logging-collector -n openshift-logging
+----
++
+[source,terminal]
+----
+$ oc adm policy add-cluster-role-to-user collect-infrastructure-logs \
+    -z logging-collector -n openshift-logging
+----
++
+[NOTE]
+====
+These three cluster roles are created by the {clo}:
+
+* `logging-collector-logs-writer`: Allows writing logs to the `LokiStack`.
+* `collect-application-logs`: Allows reading application container logs.
+* `collect-infrastructure-logs`: Allows reading infrastructure container logs.
+
+If you also want to collect audit logs, add the `collect-audit-logs` cluster role.
+====

modules/creating-collector-rbac.adoc

@@ -0,0 +1,65 @@
+// Module is included in the following assemblies:
+//
+// * installing/installing-the-red-hat-openshift-logging-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-the-clusterlogforwarder_{context}"]
+= Creating the ClusterLogForwarder
+
+[role="_abstract"]
+Create a `ClusterLogForwarder` CR to define how logs are collected and where they are forwarded.
+
+.Procedure
+
+. Create a `ClusterLogForwarder` CR:
++
+[source,yaml]
+----
+apiVersion: observability.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  serviceAccount:
+    name: logging-collector
+  outputs:
+  - name: lokistack-out
+    type: lokiStack
+    lokiStack:
+      target:
+        name: logging-loki
+        namespace: openshift-logging
+      authentication:
+        token:
+          from: serviceAccount
+    tls:
+      ca:
+        key: service-ca.crt
+        configMapName: openshift-service-ca.crt
+  pipelines:
+  - name: infra-app-logs
+    inputRefs:
+    - application
+    - infrastructure
+    outputRefs:
+    - lokistack-out
+----
++
+`spec.serviceAccount.name`:: Specify the service account created in the previous step.
+`outputs[0].type`:: Select the `lokiStack` output type to send logs to the `LokiStack` instance.
+`outputs[0].lokiStack.target.name`:: Must match the name of the `LokiStack` instance you created.
+`outputs[0].tls.ca`:: Required. The `LokiStack` gateway uses the OpenShift service-serving CA for TLS. Without this block, the collector fails with `certificate verify failed: self-signed certificate in certificate chain`.
+`pipelines[0].inputRefs`:: Select the log types to forward. Options: `application`, `infrastructure`, and `audit`.
++
+[IMPORTANT]
+====
+The `tls.ca` block is required when forwarding logs to a `LokiStack` in the same cluster. The `LokiStack` gateway endpoint uses a TLS certificate signed by the cluster's service-serving CA, which is not in the system truststore. If you omit this block, the `ClusterLogForwarder` status might show `Ready: True`, but the collector pods fail to connect at runtime.
+====
+
+. Apply the `ClusterLogForwarder` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----

modules/creating-the-clusterlogforwarder.adoc

@@ -0,0 +1,50 @@
+// Module is included in the following assemblies:
+//
+// * installing/installing-the-loki-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-the-loki-object-storage-secret_{context}"]
+= Creating the object storage secret
+
+[role="_abstract"]
+Create a secret with the credentials for your S3-compatible object store. The {loki-op} requires this secret to configure the `LokiStack` to store log data.
+
+.Procedure
+
+. Create a `Secret` object with your object storage credentials:
++
+.Example `Secret` object for {aws-short} S3
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: logging-loki-s3
+  namespace: openshift-logging
+stringData:
+  access_key_id: <your_access_key_id>
+  access_key_secret: <your_secret_access_key>
+  bucketnames: <your_bucket_name>
+  endpoint: <your_s3_endpoint>
+  region: <your_region>
+----
++
+`metadata.name`:: Use the name `logging-loki-s3` to match the reference in the `LokiStack` CR.
+`metadata.namespace`:: You must create this secret in the `openshift-logging` namespace.
+`access_key_id`:: Your S3 access key ID.
+`access_key_secret`:: Your S3 secret access key.
+`bucketnames`:: The name of a pre-created S3 bucket, for example `loki`.
+`endpoint`:: The full endpoint URL. For {aws-short}: `\https://s3.<region>.amazonaws.com`. For in-cluster MinIO: `\http://minio.openshift-logging.svc:9000`.
+`region`:: The S3 region, for example `us-east-1`.
++
+[NOTE]
+====
+The field names `access_key_id`, `access_key_secret`, `bucketnames`, and `endpoint` are specific to the {loki-op}. They do not match the standard {aws-short} SDK environment variable names.
+====
+
+. Apply the `Secret` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----