日拱一卒
0%

RHCSA (EX200) - 配置容器使其自动启动(A卷 & B卷) & 为容器配置持久存储(A卷)

Posted on

配置容器使其自动启动(A卷)

利用注册服务器上的 rsyslog 镜像,创建一个名为 logserver 的容器

面向 wallah 用户,配置一个 systemd 服务

该服务命名为 container-logserver ,并在系统重启时自动启动,无需干预

为容器配置持久存储(A卷)

通过以下方式扩展上一个任务的服务

配置主机系统的 journald 日志以在系统重启后保留数据,并重新启动日志记录服务

将主机 /var/log/journal 目录下任何以 *.journal 的文件复制到 /home/wallah/container_logfile

将服务配置为在启动时自动将 /home/wallah/container_logfile 挂载到容器中的 /var/log/journal

配置容器使其自动启动(B卷)

利用注册服务器上的 rsyslog 镜像,创建一个名为 logger 的容器

面向 wallah 用户,配置一个 systemd 服务

该服务命名为 container-logger,并在系统重启时自动启动,无需干预

将服务配置为在启动时自动将 /home/wallah/var_log 挂载到容器中的 /var/log

在容器中执行命令 podman exec logger logger -p authpriv.info SUIBIAN

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@node1 ~]# man -k journal
journald.conf (5)    - Journal service configuration files
systemd-journald.service (8) - Journal service
...
[root@node1 ~]# systemctl is-enabled systemd-journald.service; systemctl is-active systemd-journald.service 
static
active
[root@node1 ~]# man journald.conf
[root@node1 ~]# vim /etc/systemd/journald.conf 
[Journal]
Storage=persistent
[root@node1 ~]# systemctl restart systemd-journald.service
[root@node1 ~]# ls /var/log/journal/
f874df04639f474cb0a9881041f4f7d4
[root@node1 ~]# ls -ld /home/wallah/container_logfile/
drwxr-xr-x. 2 wallah wallah 6 Feb 19 11:56 /home/wallah/container_logfile/
[root@node1 ~]# cp /var/log/journal/*/*.journal /home/wallah/container_logfile/
[root@node1 ~]# chown -R wallah:wallah /home/wallah/container_logfile/
[root@node1 ~]# ls -l /home/wallah/container_logfile/
total 8192
-rw-r-----. 1 wallah wallah 8388608 Feb 19 12:14 system.journal
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
[root@node1 ~]# ssh wallah@localhost 
[wallah@node1 ~]$ podman login registry.domain250.example.com
Username: admin
Password: 
Login Succeeded!
[wallah@node1 ~]$ podman search registry.domain250.example.com/
INDEX         NAME                                               DESCRIPTION   STARS   OFFICIAL   AUTOMATED
example.com   registry.domain250.example.com/rhel8/mariadb-103                 0  
example.com   registry.domain250.example.com/rhel8/httpd-24                    0  
example.com   registry.domain250.example.com/library/nginx                     0  
example.com   registry.domain250.example.com/ubi7/ubi                          0  
example.com   registry.domain250.example.com/ubi8/ubi                          0  
example.com   registry.domain250.example.com/rhel8/rsyslog                     0  
[wallah@node1 ~]$ podman pull registry.domain250.example.com/rhel8/rsyslog
Trying to pull registry.domain250.example.com/rhel8/rsyslog...
Getting image source signatures
Copying blob 68a85f8ea16b done  
Copying blob 864ad45e3300 done  
Copying blob 5bbc26867c5f done  
Copying blob e36a18df25d4 done  
Copying config 8411a1edd4 done  
Writing manifest to image destination
Storing signatures
8411a1edd4bb97aeae6bf9124cb00c66ff577ae68848e50704e9157263127aeb
[wallah@node1 ~]$ podman run -d --name logserver -v /home/wallah/container_logfile:/var/log/journal:Z registry.domain250.example.com/rhel8/rsyslog
9b4395be4aeb8aeeaf22dfb1503c72a6f9541cc815738adff94c048bbb7c9540
[wallah@node1 ~]$ podman exec logserver ls -l /var/log/journal
total 8192
-rw-r-----    1 root     root       8388608 Feb 19 17:17 system.journal
[wallah@node1 ~]$ podman stop logserver 
9b4395be4aeb8aeeaf22dfb1503c72a6f9541cc815738adff94c048bbb7c9540
[wallah@node1 ~]$ 
[wallah@node1 ~]$ man -k systemd
...
loginctl (1)         - Control the systemd login manager
[wallah@node1 ~]$ loginctl enable-linger
[wallah@node1 ~]$ loginctl show-user wallah 
...
Linger=yes
[wallah@node1 ~]$ man systemd.unit
[wallah@node1 ~]$ mkdir -p ~/.config/systemd/user/
[wallah@node1 ~]$ cd ~/.config/systemd/user/
[wallah@node1 user]$ podman generate systemd --name logserver --files
/home/wallah/.config/systemd/user/container-logserver.service
[wallah@node1 user]$ systemctl --user enable --now container-logserver.service
Created symlink /home/wallah/.config/systemd/user/multi-user.target.wants/container-logserver.service → /home/wallah/.config/systemd/user/container-logserver.service.
Created symlink /home/wallah/.config/systemd/user/default.target.wants/container-logserver.service → /home/wallah/.config/systemd/user/container-logserver.service.
[wallah@node1 user]$ systemctl --user is-active container-logserver.service; systemctl --user is-enabled container-logserver.service 
active
enabled
[wallah@node1 ~]$ podman ps
CONTAINER ID  IMAGE                                                COMMAND  CREATED             STATUS                 PORTS  NAMES
9b4395be4aeb  registry.domain250.example.com/rhel8/rsyslog:latest           5 minutes ago       Up About a minute ago         logserver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[wallah@node1 ~]$ ls -ld /home/wallah/var_log/
drwxr-xr-x. 2 wallah wallah 6 Feb 19 11:56 /home/wallah/var_log/
[wallah@node1 ~]$ ls -l /home/wallah/var_log/
total 0
[wallah@node1 ~]$ podman run -d --name logger -v /home/wallah/var_log:/var/log:Z registry.domain250.example.com/rhel8/rsyslog
e3ce1a94d1ede3f69a3280b4112c0b5fdad70f9c70784dc8235aebebe9b86094
[wallah@node1 ~]$ podman stop logger 
e3ce1a94d1ede3f69a3280b4112c0b5fdad70f9c70784dc8235aebebe9b86094
[wallah@node1 ~]$ cd ~/.config/systemd/user/
[wallah@node1 user]$ podman generate systemd --name logger --files
/home/wallah/.config/systemd/user/container-logger.service
[wallah@node1 user]$ systemctl --user enable --now container-logger.service
Created symlink /home/wallah/.config/systemd/user/multi-user.target.wants/container-logger.service → /home/wallah/.config/systemd/user/container-logger.service.
Created symlink /home/wallah/.config/systemd/user/default.target.wants/container-logger.service → /home/wallah/.config/systemd/user/container-logger.service.
[wallah@node1 user]$ podman ps
CONTAINER ID  IMAGE                                                COMMAND  CREATED        STATUS            PORTS  NAMES
e3ce1a94d1ed  registry.domain250.example.com/rhel8/rsyslog:latest           2 minutes ago  Up 3 seconds ago         logger
...
[wallah@node1 user]$ podman exec logger logger -p authpriv.info SUIBIAN
[wallah@node1 user]$ ls -lZ /home/wallah/var_log/
total 8
-rw-r--r--. 1 wallah wallah system_u:object_r:container_file_t:s0:c593,c702 666 Feb 19 20:36 messages
-rw-r--r--. 1 wallah wallah system_u:object_r:container_file_t:s0:c593,c702  60 Feb 19 20:36 secure
[wallah@node1 user]$ cat /home/wallah/var_log/secure 
2023-02-20T01:36:46.475110+00:00 e3ce1a94d1ed root: SUIBIAN

/etc/systemd/journald.conf 文件中的 Storage 参数决定系统日志以易失性方式存储,还是在系统重启后持久保留。按照如下所示,将该参数设置为 persistent、volatile 或 auto:

persistent:将日志存储在 /var/log/journal 目录中,这可在系统重启后持久保留。

如果 /var/log/journal 目录不存在,systemd-journald 服务会创建它。

volatile:将日志存储在易失性 /run/log/journal 目录中。

因为 /run 文件系统是临时的,仅存在于运行时内存中,存储在其中的数据(包括系统日志)不会在系统重启后持久保留。

auto:rsyslog 决定要使用持久存储还是易失性存储。如果 /var/log/journal 目录存在,那么 rsyslog 会使用持久存储,否则使用易失性存储。

如果未设置 Storage 参数,此为默认操作。

--volume host_dir:container_dir:Z

借助 Z 选项,Podman 会自动将 SELinux container_file_t 上下文类型应用