我在 中有一个简单的 systemd 服务/etc/systemd/system/logtest.service,它创建一个输出一些文本的 Podman 容器:
[Unit]
Description=Systemd log test
[Service]
Type=oneshot
ExecStart=podman run --rm busybox echo This should get logged.
当我启动服务时,我看到一行文本:
# systemctl start logtest
# journalctl -u logtest --since '1 min ago'
Mar 28 20:55:31 testserver systemd[1]: Starting Systemd log test...
Mar 28 20:55:32 testserver podman[435178]: 2022-03-28 20:55:32.027215747 +0000 UTC m=+0.084992872 image pull busybox
Mar 28 20:55:32 testserver podman[435178]:
Mar 28 20:55:32 testserver podman[435178]: 2022-03-28 20:55:32.27963909 +0000 UTC m=+0.337416181 container create f08d9eb3e843f601873c1b3db721c42175a56b27b9680dbd123781ca3ff7b808 (image=docker.io/library/busybox:latest, name=stupefied_gould)
Mar 28 20:55:32 testserver podman[435178]: 2022-03-28 20:55:32.611727831 +0000 UTC m=+0.669504926 container init f08d9eb3e843f601873c1b3db721c42175a56b27b9680dbd123781ca3ff7b808 (image=docker.io/library/busybox:latest, name=stupefied_gould)
Mar 28 20:55:32 testserver stupefied_gould[435330]: This should get logged.
Mar 28 20:55:32 testserver podman[435178]: 2022-03-28 20:55:32.674571326 +0000 UTC m=+0.732348424 container start f08d9eb3e843f601873c1b3db721c42175a56b27b9680dbd123781ca3ff7b808 (image=docker.io/library/busybox:latest, name=stupefied_gould)
Mar 28 20:55:32 testserver podman[435178]: 2022-03-28 20:55:32.674724261 +0000 UTC m=+0.732501430 container attach f08d9eb3e843f601873c1b3db721c42175a56b27b9680dbd123781ca3ff7b808 (image=docker.io/library/busybox:latest, name=stupefied_gould)
Mar 28 20:55:32 testserver podman[435178]: This should get logged.
Mar 28 20:55:32 testserver podman[435178]: 2022-03-28 20:55:32.707256608 +0000 UTC m=+0.765033742 container died f08d9eb3e843f601873c1b3db721c42175a56b27b9680dbd123781ca3ff7b808 (image=docker.io/library/busybox:latest, name=stupefied_gould)
Mar 28 20:55:33 testserver podman[435178]: 2022-03-28 20:55:33.291714221 +0000 UTC m=+1.349491334 container remove f08d9eb3e843f601873c1b3db721c42175a56b27b9680dbd123781ca3ff7b808 (image=docker.io/library/busybox:latest, name=stupefied_gould)
Mar 28 20:55:33 testserver systemd[1]: logtest.service: Deactivated successfully.
Mar 28 20:55:33 testserver systemd[1]: Finished Systemd log test.
同样的情况也可以在 中看到systemctl status logtest。
User=logtestuser但是,如果我通过添加到该部分来在另一个用户下以无根模式创建容器[Service],我将不再使用上述两种方法看到该消息:
# systemctl start logtest
# journalctl -u logtest --since '1 min ago'
Mar 28 20:29:24 testserver systemd[1]: Starting Systemd log test...
Mar 28 20:29:26 testserver systemd[1]: logtest.service: Deactivated successfully.
Mar 28 20:29:26 testserver systemd[1]: Finished Systemd log test.
但是,日志消息不会丢失。journalctl如果我不使用,我可以在完整输出中看到它-u:
# journalctl --since '1 min ago'
Mar 28 20:29:24 testserver systemd[1]: Starting Systemd log test...
Mar 28 20:29:25 testserver systemd[393984]: Started podman-434593.scope.
Mar 28 20:29:25 testserver podman[434593]: 2022-03-28 20:29:25.026488198 +0000 UTC m=+0.171108223 image pull busybox
Mar 28 20:29:25 testserver podman[434593]:
Mar 28 20:29:25 testserver podman[434593]: 2022-03-28 20:29:25.29202509 +0000 UTC m=+0.436645186 container create 4d81454621f7b0629bb72047e7e0df6490bfb6bf50dd09d5fe5c59de123c4fb9 (image=docker.io/library/busybox:latest, name=cool_leavitt)
Mar 28 20:29:25 testserver systemd[393984]: Started libcrun container.
Mar 28 20:29:25 testserver podman[434593]: 2022-03-28 20:29:25.575793516 +0000 UTC m=+0.720413681 container init 4d81454621f7b0629bb72047e7e0df6490bfb6bf50dd09d5fe5c59de123c4fb9 (image=docker.io/library/busybox:latest, name=cool_leavitt)
Mar 28 20:29:25 testserver cool_leavitt[434664]: This should get logged.
Mar 28 20:29:25 testserver podman[434593]: 2022-03-28 20:29:25.668965604 +0000 UTC m=+0.813585693 container start 4d81454621f7b0629bb72047e7e0df6490bfb6bf50dd09d5fe5c59de123c4fb9 (image=docker.io/library/busybox:latest, name=cool_leavitt)
Mar 28 20:29:25 testserver podman[434593]: 2022-03-28 20:29:25.669194055 +0000 UTC m=+0.813814093 container attach 4d81454621f7b0629bb72047e7e0df6490bfb6bf50dd09d5fe5c59de123c4fb9 (image=docker.io/library/busybox:latest, name=cool_leavitt)
Mar 28 20:29:25 testserver podman[434593]: This should get logged.
Mar 28 20:29:25 testserver podman[434593]: 2022-03-28 20:29:25.715669116 +0000 UTC m=+0.860289157 container died 4d81454621f7b0629bb72047e7e0df6490bfb6bf50dd09d5fe5c59de123c4fb9 (image=docker.io/library/busybox:latest, name=cool_leavitt)
Mar 28 20:29:26 testserver podman[434593]: 2022-03-28 20:29:26.417620766 +0000 UTC m=+1.562240892 container remove 4d81454621f7b0629bb72047e7e0df6490bfb6bf50dd09d5fe5c59de123c4fb9 (image=docker.io/library/busybox:latest, name=cool_leavitt)
Mar 28 20:29:26 testserver systemd[1]: logtest.service: Deactivated successfully.
Mar 28 20:29:26 testserver systemd[1]: Finished Systemd log test.
所以它只会以某种方式与服务解除关联。为什么会发生这种情况?是否有一种正确的方法或至少是一个很好的解决方法来查看来自无根容器的服务的日志?
当我直接从 shell 运行容器时,会出现以下消息:
# sudo -u logtestuser podman run --rm busybox echo This should get logged.
This should get logged.
我认为这个命令与 systemd 启动服务的方式非常相似。显然,这个过程有输出podman run。所以我不明白为什么它不会与服务相关联。
这是在相当最新的 Fedora 35 上使用的loginctl enable-linger logtestuser。
答案1
这是由于 SystemD 为以不同用户身份运行的系统服务设置日志记录的方式存在限制(如由@埃里克·索伦德据我所知,如果没有上游的配合,这个问题是无法解决的(即问题不在podman中)。
解决此问题的一个简单但有限的解决方法是配置 SystemD 将 stdout 和 stderr 重定向到简单的文本文件,然后通过其他方法处理日志轮换:
[Service]
User=USER
#...
StandardOutput=append:STDOUT_FILE
StandardError=append:STDERR_FILE
文件STDOUT_FILE并且STDERR_FILE需要可访问USER。
此方法已经过测试并确认可与 systemd 249 (2023-05) 配合使用。