Merge "Add container journal linking"

2018-03-24 14:58:59 +00:00 · 2018-03-24 14:58:59 +00:00 · 61fcf1af80
parent 846b4f9ed2 72a16fd9e5
commit 61fcf1af80
4 changed files with 76 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -174,3 +174,9 @@ lxc_user_defined_container: null

 # Dictionary of settings for containers
 properties: {}
+
+# Set "/var/log/journal/{{ machine_id }}" to be a bind mount to the physical
+# host. This option will link the container journal and the physical host
+# journals making it possible to log stream from the container on the physical
+# host.
+lxc_container_journal_link: true
--- a/releasenotes/notes/journal-link-3c23aab5b5ed3441.yaml
+++ b/releasenotes/notes/journal-link-3c23aab5b5ed3441.yaml
@ -0,0 +1,14 @@
+---
+features:
+  - In a greenfield deployment containers will now bind link
+    their journals to the physical host machine in the
+    ``/var/log/journal/{{ machine_id }}`` location. During an
+    upgrade this change will be added to the container config but
+    will not go into effect until the container is restarted.
+    Because the restart is not forced the operator can perform
+    restarts to best suit the needs of their environment.
+    Journal linking provides operators the ability to log stream
+    and health check containerized systems without having to
+    attach or otherwise login. If this feature is not needed or
+    desired it can be disabled by setting the option
+    ``lxc_container_journal_link`` to *false*.
--- a/tasks/lxc_container_config.yml
+++ b/tasks/lxc_container_config.yml
@ -277,6 +277,38 @@
    mode: "0444"
    remote_src: "yes"
  remote_user: root
+
+- name: Link container journal to host
+  block:
+    - name: Retrieve the machine-id
+      slurp:
+        src: /etc/machine-id
+      register: machine_id
+
+    - name: Set bind mount for journal linking
+      set_fact:
+        lxc_container_journal_path: "/var/log/journal/{{ (machine_id.content | b64decode).strip() }}"
+
+    - name: Ensure journal directory exists
+      file:
+        path: "{{ lxc_container_journal_path }}"
+        state: "directory"
+        group: "systemd-journal"
+        owner: "root"
+        mode: "02755"
+      delegate_to: "{{ item }}"
+      with_items:
+        - "{{ physical_host }}"
+        - "{{ inventory_hostname }}"
+
+    - name: Add bind mount configuration to container
+      lineinfile:
+        dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
+        line: "lxc.mount.entry = {{ lxc_container_journal_path }} {{ lxc_container_journal_path.lstrip('/') }} none bind,create=dir 0 0"
+        backup: "true"
+      delegate_to: "{{ physical_host }}"
+  when:
+    - lxc_container_journal_link | bool
 # ENVIRONMENT AND HOSTNAME SETTINGS


--- a/tests/test-containers-functional.yml
+++ b/tests/test-containers-functional.yml
@ -164,3 +164,27 @@
      assert:
        that:
          - "'1' in nonlocalbind.stdout"
+
+- name: Test journal linking
+  hosts: all_containers
+  user: root
+  become: true
+  gather_facts: false
+  tasks:
+    - name: Get container machine-id
+      command: "cat /etc/machine-id"
+      changed_when: false
+      register: container_machine_id
+
+    - name: Stat linked journal on the host
+      stat:
+        path: "/var/log/journal/{{ container_machine_id.stdout.strip() }}/system.journal"
+      register: journal_stat
+      delegate_to: "{{ physical_host }}"
+
+    - name: Check for linked journal
+      fail:
+        msg: >-
+          Container journal [/var/log/journal/{{ container_machine_id.stdout.strip() }}] not found
+      when:
+        - not journal_stat.stat.exists