From 9c0d2dc2f0cc141832917fad0b2fd05f1954caed Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Wed, 15 Feb 2023 19:23:58 +0100 Subject: [PATCH] podman logs passthrough driver support --cgroups=split When run with --cgroups=split mode (e.g. quadlet) we do not use the a separate cgroup for the container and just run in the unit cgroup. When we filter logs we thus must match the unit name. Added a small test to the quadlet test to make sure it will work. Signed-off-by: Paul Holzinger --- libpod/container_log.go | 6 +++--- libpod/container_log_linux.go | 17 ++++++++++++----- libpod/container_log_unsupported.go | 2 +- test/system/252-quadlet.bats | 6 +++++- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/libpod/container_log.go b/libpod/container_log.go index 680adfd389..3ae0c70e84 100644 --- a/libpod/container_log.go +++ b/libpod/container_log.go @@ -38,14 +38,14 @@ func (c *Container) ReadLog(ctx context.Context, options *logs.LogOptions, logCh switch c.LogDriver() { case define.PassthroughLogging: // if running under systemd fallback to a more native journald reading - if _, ok := c.config.Labels[systemdDefine.EnvVariable]; ok { - return c.readFromJournal(ctx, options, logChannel, colorID, true) + if unitName, ok := c.config.Labels[systemdDefine.EnvVariable]; ok { + return c.readFromJournal(ctx, options, logChannel, colorID, unitName) } return fmt.Errorf("this container is using the 'passthrough' log driver, cannot read logs: %w", define.ErrNoLogs) case define.NoLogging: return fmt.Errorf("this container is using the 'none' log driver, cannot read logs: %w", define.ErrNoLogs) case define.JournaldLogging: - return c.readFromJournal(ctx, options, logChannel, colorID, false) + return c.readFromJournal(ctx, options, logChannel, colorID, "") case define.JSONLogging: // TODO provide a separate implementation of this when Conmon // has support. diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go index 7d1e360b2b..a708ad46da 100644 --- a/libpod/container_log_linux.go +++ b/libpod/container_log_linux.go @@ -32,7 +32,7 @@ func init() { } func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOptions, - logChannel chan *logs.LogLine, colorID int64, isPassthrough bool) error { + logChannel chan *logs.LogLine, colorID int64, passthroughUnit string) error { // We need the container's events in the same journal to guarantee // consistency, see #10323. if options.Follow && c.runtime.config.Engine.EventsLogger != "journald" { @@ -69,7 +69,7 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption return fmt.Errorf("adding filter disjunction to journald logger: %w", err) } - if isPassthrough { + if passthroughUnit != "" { // Match based on systemd unit which is the container is cgroup // so we get the exact logs for a single container even in the // play kube case where a single unit starts more than one container. @@ -77,9 +77,16 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption if rootless.IsRootless() { unitTypeName = "_SYSTEMD_USER_UNIT" } - // FIXME: It looks like it is hardcoded to libpod-ID.scope but I am not - // sure were we set this with all the different cgroup modes??? - match = sdjournal.Match{Field: unitTypeName, Value: "libpod-" + c.ID() + ".scope"} + // By default we will have our own systemd cgroup with the name libpod-.scope. + value := "libpod-" + c.ID() + ".scope" + if c.config.CgroupsMode == cgroupSplit { + // If cgroup split the container runs in the unit cgroup so we use this for logs, + // the good thing is we filter the podman events already out below. + // Thus we are left with the real container log and possibly podman output (e.g. logrus). + value = passthroughUnit + } + + match = sdjournal.Match{Field: unitTypeName, Value: value} if err := journal.AddMatch(match.String()); err != nil { return fmt.Errorf("adding filter to journald logger: %v: %w", match, err) } diff --git a/libpod/container_log_unsupported.go b/libpod/container_log_unsupported.go index 736378a6b7..d524561f42 100644 --- a/libpod/container_log_unsupported.go +++ b/libpod/container_log_unsupported.go @@ -11,6 +11,6 @@ import ( "github.com/containers/podman/v4/libpod/logs" ) -func (c *Container) readFromJournal(_ context.Context, _ *logs.LogOptions, _ chan *logs.LogLine, _ int64, _ bool) error { +func (c *Container) readFromJournal(_ context.Context, _ *logs.LogOptions, _ chan *logs.LogLine, _ int64, _ string) error { return fmt.Errorf("journald logging only enabled with systemd on linux: %w", define.ErrOSNotSupported) } diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index 1dc54a1bc4..d85f30057a 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -117,7 +117,7 @@ function service_cleanup() { cat > $quadlet_file <