picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

journal: add ability to browse journals of running OS containers

Browse source 
This adds the new library call sd_journal_open_container() and a new
"-M" switch to journalctl. Particular care is taken that journalctl's
"-b" switch resolves to the current boot ID of the container, not the
host.
This commit is contained in:
Lennart Poettering 2013-12-11 22:04:03 +01:00
parent 842129f587
commit b6741478e7
11 changed files with 211 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
TODO
View file

@ -30,6 +30,8 @@ External:
Features: Features:
* libsystemd-journal returns the object created as first param in sd_journal_new(), sd_bus_new() and suchlike as last...
* cgroups: * cgroups:
- implement system-wide DefaultCPUAccounting=1 switch (and similar for blockio, memory?) - implement system-wide DefaultCPUAccounting=1 switch (and similar for blockio, memory?)
- implement per-slice CPUFairScheduling=1 switch - implement per-slice CPUFairScheduling=1 switch

10
man/journalctl.xml
View file

@ -647,6 +647,16 @@
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><option>-M</option></term>
<term><option>--machine=</option></term>
<listitem><para>Show messages from a
running, local container. Specify a
container name to connect
to.</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>-D <replaceable>DIR</replaceable></option></term> <term><option>-D <replaceable>DIR</replaceable></option></term>
<term><option>--directory=<replaceable>DIR</replaceable></option></term> <term><option>--directory=<replaceable>DIR</replaceable></option></term>

18
man/sd_journal_open.xml
View file

@ -46,6 +46,7 @@
<refname>sd_journal_open</refname> <refname>sd_journal_open</refname>
<refname>sd_journal_open_directory</refname> <refname>sd_journal_open_directory</refname>
<refname>sd_journal_open_files</refname> <refname>sd_journal_open_files</refname>
<refname>sd_journal_open_container</refname>
<refname>sd_journal_close</refname> <refname>sd_journal_close</refname>
<refname>sd_journal</refname> <refname>sd_journal</refname>
<refname>SD_JOURNAL_LOCAL_ONLY</refname> <refname>SD_JOURNAL_LOCAL_ONLY</refname>
@ -79,6 +80,13 @@
<paramdef>int <parameter>flags</parameter></paramdef> <paramdef>int <parameter>flags</parameter></paramdef>
</funcprototype> </funcprototype>
<funcprototype>
<funcdef>int <function>sd_journal_open_container</function></funcdef>
<paramdef>sd_journal** <parameter>ret</parameter></paramdef>
<paramdef>const char* <parameter>machine</parameter></paramdef>
<paramdef>int <parameter>flags</parameter></paramdef>
</funcprototype>
<funcprototype> <funcprototype>
<funcdef>void <function>sd_journal_close</function></funcdef> <funcdef>void <function>sd_journal_close</function></funcdef>
<paramdef>sd_journal* <parameter>j</parameter></paramdef> <paramdef>sd_journal* <parameter>j</parameter></paramdef>
@ -131,6 +139,13 @@
can be rotated at any moment, and the opening of can be rotated at any moment, and the opening of
specific files is inherently racy.</para> specific files is inherently racy.</para>
<para><function>sd_journal_open_container()</function>
is similar to <function>sd_journal_open()</function>
but opens the journal files of a running
OS container. The specified machine name refers to a
container that is registered with
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
<para><varname>sd_journal</varname> objects cannot be <para><varname>sd_journal</varname> objects cannot be
used in the child after a fork. Functions which take a used in the child after a fork. Functions which take a
journal object as an argument journal object as an argument
@ -230,7 +245,8 @@
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_journal_next</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd_journal_next</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_journal_get_data</refentrytitle><manvolnum>3</manvolnum></citerefentry> <citerefentry><refentrytitle>sd_journal_get_data</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para> </para>
</refsect1> </refsect1>

17
src/journal/journalctl.c
View file

@ -93,6 +93,7 @@ static bool arg_catalog = false;
static bool arg_reverse = false; static bool arg_reverse = false;
static int arg_journal_type = 0; static int arg_journal_type = 0;
static const char *arg_root = NULL; static const char *arg_root = NULL;
static const char *arg_machine = NULL;
static enum { static enum {
ACTION_SHOW, ACTION_SHOW,
@ -120,6 +121,7 @@ static int help(void) {
"Flags:\n" "Flags:\n"
" --system Show only the system journal\n" " --system Show only the system journal\n"
" --user Show only the user journal for current user\n" " --user Show only the user journal for current user\n"
" -M --machine=CONTAINER Operate on local container\n"
" --since=DATE Start showing entries newer or of the specified date\n" " --since=DATE Start showing entries newer or of the specified date\n"
" --until=DATE Stop showing entries older or of the specified date\n" " --until=DATE Stop showing entries older or of the specified date\n"
" -c --cursor=CURSOR Start showing entries from specified cursor\n" " -c --cursor=CURSOR Start showing entries from specified cursor\n"
@ -247,6 +249,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG }, { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
{ "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG }, { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
{ "reverse", no_argument, NULL, 'r' }, { "reverse", no_argument, NULL, 'r' },
{ "machine", required_argument, NULL, 'M' },
{} {}
}; };
@ -255,7 +258,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0); assert(argc >= 0);
assert(argv); assert(argv);
while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:u:F:xr", options, NULL)) >= 0) { while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:u:F:xrM:", options, NULL)) >= 0) {
switch (c) { switch (c) {
@ -389,6 +392,10 @@ static int parse_argv(int argc, char *argv[]) {
arg_journal_type |= SD_JOURNAL_CURRENT_USER; arg_journal_type |= SD_JOURNAL_CURRENT_USER;
break; break;
case 'M':
arg_machine = optarg;
break;
case 'D': case 'D':
arg_directory = optarg; arg_directory = optarg;
break; break;
@ -576,8 +583,8 @@ static int parse_argv(int argc, char *argv[]) {
if (arg_follow && !arg_no_tail && arg_lines < 0) if (arg_follow && !arg_no_tail && arg_lines < 0)
arg_lines = 10; arg_lines = 10;
if (arg_directory && arg_file) { if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
log_error("Please specify either -D/--directory= or --file=, not both."); log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
return -EINVAL; return -EINVAL;
} }
@ -881,7 +888,7 @@ static int add_boot(sd_journal *j) {
return 0; return 0;
if (!arg_boot_descriptor) if (!arg_boot_descriptor)
return add_match_this_boot(j); return add_match_this_boot(j, arg_machine);
if (strlen(arg_boot_descriptor) >= 32) { if (strlen(arg_boot_descriptor) >= 32) {
char tmp = arg_boot_descriptor[32]; char tmp = arg_boot_descriptor[32];
@ -1460,6 +1467,8 @@ int main(int argc, char *argv[]) {
r = sd_journal_open_directory(&j, arg_directory, arg_journal_type); r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
else if (arg_file) else if (arg_file)
r = sd_journal_open_files(&j, (const char**) arg_file, 0); r = sd_journal_open_files(&j, (const char**) arg_file, 0);
else if (arg_machine)
r = sd_journal_open_container(&j, arg_machine, 0);
else else
r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type); r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
if (r < 0) { if (r < 0) {

5
src/journal/libsystemd-journal.sym
View file

@ -109,3 +109,8 @@ LIBSYSTEMD_JOURNAL_205 {
global: global:
sd_journal_open_files; sd_journal_open_files;
} LIBSYSTEMD_JOURNAL_202; } LIBSYSTEMD_JOURNAL_202;
LIBSYSTEMD_JOURNAL_209 {
global:
sd_journal_open_container;
} LIBSYSTEMD_JOURNAL_205;

66
src/journal/sd-journal.c
View file

@ -41,6 +41,7 @@
#include "missing.h" #include "missing.h"
#include "catalog.h" #include "catalog.h"
#include "replace-var.h" #include "replace-var.h"
#include "fileio.h"
#define JOURNAL_FILES_MAX 1024 #define JOURNAL_FILES_MAX 1024
@ -1465,7 +1466,7 @@ static int add_directory(sd_journal *j, const char *prefix, const char *dirname)
return 0; return 0;
} }
static int add_root_directory(sd_journal *j, const char *p) { static int add_root_directory(sd_journal *j, const char *p, const char *prefix) {
_cleanup_closedir_ DIR *d = NULL; _cleanup_closedir_ DIR *d = NULL;
Directory *m; Directory *m;
int r; int r;
@ -1477,6 +1478,9 @@ static int add_root_directory(sd_journal *j, const char *p) {
!path_startswith(p, "/run")) !path_startswith(p, "/run"))
return -EINVAL; return -EINVAL;
if (prefix)
p = strappenda(prefix, p);
d = opendir(p); d = opendir(p);
if (!d) if (!d)
return -errno; return -errno;
@ -1576,7 +1580,7 @@ static int remove_directory(sd_journal *j, Directory *d) {
return 0; return 0;
} }
static int add_search_paths(sd_journal *j) { static int add_search_paths(sd_journal *j, const char *prefix) {
int r; int r;
const char search_paths[] = const char search_paths[] =
"/run/log/journal\0" "/run/log/journal\0"
@ -1589,7 +1593,7 @@ static int add_search_paths(sd_journal *j) {
* what's actually accessible, and ignore the rest. */ * what's actually accessible, and ignore the rest. */
NULSTR_FOREACH(p, search_paths) { NULSTR_FOREACH(p, search_paths) {
r = add_root_directory(j, p); r = add_root_directory(j, p, prefix);
if (r < 0 && r != -ENOENT) { if (r < 0 && r != -ENOENT) {
r = set_put_error(j, r); r = set_put_error(j, r);
if (r < 0) if (r < 0)
@ -1619,7 +1623,7 @@ static int add_current_paths(sd_journal *j) {
if (!dir) if (!dir)
return -ENOMEM; return -ENOMEM;
r = add_root_directory(j, dir); r = add_root_directory(j, dir, NULL);
if (r < 0) { if (r < 0) {
set_put_error(j, r); set_put_error(j, r);
return r; return r;
@ -1684,18 +1688,13 @@ _public_ int sd_journal_open(sd_journal **ret, int flags) {
int r; int r;
assert_return(ret, -EINVAL); assert_return(ret, -EINVAL);
assert_return((flags & ~(SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_RUNTIME_ONLY|SD_JOURNAL_SYSTEM|SD_JOURNAL_CURRENT_USER)) == 0, -EINVAL);
if (flags & ~(SD_JOURNAL_LOCAL_ONLY|
SD_JOURNAL_RUNTIME_ONLY|
SD_JOURNAL_SYSTEM|
SD_JOURNAL_CURRENT_USER))
return -EINVAL;
j = journal_new(flags, NULL); j = journal_new(flags, NULL);
if (!j) if (!j)
return -ENOMEM; return -ENOMEM;
r = add_search_paths(j); r = add_search_paths(j, NULL);
if (r < 0) if (r < 0)
goto fail; goto fail;
@ -1708,6 +1707,45 @@ fail:
return r; return r;
} }
_public_ int sd_journal_open_container(sd_journal **ret, const char *machine, int flags) {
_cleanup_free_ char *root = NULL, *class = NULL;
sd_journal *j;
char *p;
int r;
assert_return(machine, -EINVAL);
assert_return(ret, -EINVAL);
assert_return((flags & ~(SD_JOURNAL_LOCAL_ONLY|SD_JOURNAL_SYSTEM)) == 0, -EINVAL);
assert_return(filename_is_safe(machine), -EINVAL);
p = strappenda("/run/systemd/machines/", machine);
r = parse_env_file(p, NEWLINE, "ROOT", &root, "CLASS", &class, NULL);
if (r == -ENOENT)
return -EHOSTDOWN;
if (r < 0)
return r;
if (!root)
return -ENODATA;
if (!streq_ptr(class, "container"))
return -EIO;
j = journal_new(flags, NULL);
if (!j)
return -ENOMEM;
r = add_search_paths(j, root);
if (r < 0)
goto fail;
*ret = j;
return 0;
fail:
sd_journal_close(j);
return r;
}
_public_ int sd_journal_open_directory(sd_journal **ret, const char *path, int flags) { _public_ int sd_journal_open_directory(sd_journal **ret, const char *path, int flags) {
sd_journal *j; sd_journal *j;
int r; int r;
@ -1720,7 +1758,7 @@ _public_ int sd_journal_open_directory(sd_journal **ret, const char *path, int f
if (!j) if (!j)
return -ENOMEM; return -ENOMEM;
r = add_root_directory(j, path); r = add_root_directory(j, path, NULL);
if (r < 0) { if (r < 0) {
set_put_error(j, r); set_put_error(j, r);
goto fail; goto fail;
@ -2083,9 +2121,9 @@ _public_ int sd_journal_get_fd(sd_journal *j) {
if (j->no_new_files) if (j->no_new_files)
r = add_current_paths(j); r = add_current_paths(j);
else if (j->path) else if (j->path)
r = add_root_directory(j, j->path); r = add_root_directory(j, j->path, NULL);
else else
r = add_search_paths(j); r = add_search_paths(j, NULL);
if (r < 0) if (r < 0)
return r; return r;

8
src/libsystemd-bus/bus-container.c
View file

@ -29,8 +29,9 @@
#include "bus-container.h" #include "bus-container.h"
int bus_container_connect(sd_bus *b) { int bus_container_connect(sd_bus *b) {
_cleanup_free_ char *p = NULL, *s = NULL, *ns = NULL, *root = NULL, *class = NULL; _cleanup_free_ char *s = NULL, *ns = NULL, *root = NULL, *class = NULL;
_cleanup_close_ int nsfd = -1, rootfd = -1; _cleanup_close_ int nsfd = -1, rootfd = -1;
char *p;
siginfo_t si; siginfo_t si;
pid_t leader, child; pid_t leader, child;
int r; int r;
@ -39,10 +40,7 @@ int bus_container_connect(sd_bus *b) {
assert(b->input_fd < 0); assert(b->input_fd < 0);
assert(b->output_fd < 0); assert(b->output_fd < 0);
p = strappend("/run/systemd/machines/", b->machine); p = strappenda("/run/systemd/machines/", b->machine);
if (!p)
return -ENOMEM;
r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL); r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
if (r == -ENOENT) if (r == -ENOENT)
return -EHOSTDOWN; return -EHOSTDOWN;

3
src/libsystemd-bus/sd-bus.c
View file

@ -764,6 +764,9 @@ static int parse_container_address(sd_bus *b, const char **p, char **guid) {
if (!machine) if (!machine)
return -EINVAL; return -EINVAL;
if (!filename_is_safe(machine))
return -EINVAL;
free(b->machine); free(b->machine);
b->machine = machine; b->machine = machine;
machine = NULL; machine = NULL;

110
src/shared/logs-show.c
View file

@ -24,12 +24,14 @@
#include <errno.h> #include <errno.h>
#include <sys/poll.h> #include <sys/poll.h>
#include <string.h> #include <string.h>
#include <fcntl.h>
#include "logs-show.h" #include "logs-show.h"
#include "log.h" #include "log.h"
#include "util.h" #include "util.h"
#include "utf8.h" #include "utf8.h"
#include "hashmap.h" #include "hashmap.h"
#include "fileio.h"
#include "journal-internal.h" #include "journal-internal.h"
/* up to three lines (each up to 100 characters), /* up to three lines (each up to 100 characters),
@ -1112,17 +1114,113 @@ int add_matches_for_user_unit(sd_journal *j, const char *unit, uid_t uid) {
return r; return r;
} }
int add_match_this_boot(sd_journal *j) { static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) {
_cleanup_free_ char *leader = NULL, *class = NULL;
_cleanup_close_pipe_ int sock[2] = { -1, -1 };
_cleanup_close_ int nsfd = -1;
const char *p, *ns;
pid_t pid, child;
siginfo_t si;
char buf[37];
ssize_t k;
int r;
assert(machine);
assert(boot_id);
if (!filename_is_safe(machine))
return -EINVAL;
p = strappenda("/run/systemd/machines/", machine);
r = parse_env_file(p, NEWLINE, "LEADER", &leader, "CLASS", &class, NULL);
if (r < 0)
return r;
if (!leader)
return -ENODATA;
if (!streq_ptr(class, "container"))
return -EIO;
r = parse_pid(leader, &pid);
if (r < 0)
return r;
ns = procfs_file_alloca(pid, "ns/mnt");
nsfd = open(ns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
if (nsfd < 0)
return -errno;
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sock) < 0)
return -errno;
child = fork();
if (child < 0)
return -errno;
if (child == 0) {
int fd;
close_nointr_nofail(sock[0]);
sock[0] = -1;
r = setns(nsfd, CLONE_NEWNS);
if (r < 0)
_exit(EXIT_FAILURE);
fd = open("/proc/sys/kernel/random/boot_id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0)
_exit(EXIT_FAILURE);
k = loop_read(fd, buf, 36, false);
close_nointr_nofail(fd);
if (k != 36)
_exit(EXIT_FAILURE);
k = send(sock[1], buf, 36, MSG_NOSIGNAL);
if (k != 36)
_exit(EXIT_FAILURE);
_exit(EXIT_SUCCESS);
}
close_nointr_nofail(sock[1]);
sock[1] = -1;
k = recv(sock[0], buf, 36, 0);
if (k != 36)
return -EIO;
r = wait_for_terminate(child, &si);
if (r < 0 || si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS)
return r < 0 ? r : -EIO;
buf[36] = 0;
r = sd_id128_from_string(buf, boot_id);
if (r < 0)
return r;
return 0;
}
int add_match_this_boot(sd_journal *j, const char *machine) {
char match[9+32+1] = "_BOOT_ID="; char match[9+32+1] = "_BOOT_ID=";
sd_id128_t boot_id; sd_id128_t boot_id;
int r; int r;
assert(j); assert(j);
r = sd_id128_get_boot(&boot_id); if (machine) {
if (r < 0) { r = get_boot_id_for_machine(machine, &boot_id);
log_error("Failed to get boot id: %s", strerror(-r)); if (r < 0) {
return r; log_error("Failed to get boot id of container %s: %s", machine, strerror(-r));
return r;
}
} else {
r = sd_id128_get_boot(&boot_id);
if (r < 0) {
log_error("Failed to get boot id: %s", strerror(-r));
return r;
}
} }
sd_id128_to_string(boot_id, match + 9); sd_id128_to_string(boot_id, match + 9);
@ -1166,7 +1264,7 @@ int show_journal_by_unit(
if (r < 0) if (r < 0)
return r; return r;
r = add_match_this_boot(j); r = add_match_this_boot(j, NULL);
if (r < 0) if (r < 0)
return r; return r;

2
src/shared/logs-show.h
View file

@ -38,7 +38,7 @@ int output_journal(
OutputFlags flags, OutputFlags flags,
bool *ellipsized); bool *ellipsized);
int add_match_this_boot(sd_journal *j); int add_match_this_boot(sd_journal *j, const char *machine);
int add_matches_for_unit( int add_matches_for_unit(
sd_journal *j, sd_journal *j,

1
src/systemd/sd-journal.h
View file

@ -86,6 +86,7 @@ enum {
int sd_journal_open(sd_journal **ret, int flags); int sd_journal_open(sd_journal **ret, int flags);
int sd_journal_open_directory(sd_journal **ret, const char *path, int flags); int sd_journal_open_directory(sd_journal **ret, const char *path, int flags);
int sd_journal_open_files(sd_journal **ret, const char **paths, int flags); int sd_journal_open_files(sd_journal **ret, const char **paths, int flags);
int sd_journal_open_container(sd_journal **ret, const char *machine, int flags);
void sd_journal_close(sd_journal *j); void sd_journal_close(sd_journal *j);
int sd_journal_previous(sd_journal *j); int sd_journal_previous(sd_journal *j);