cancel
Showing results for 
Search instead for 
Did you mean: 
jonawang
Flight Engineer
Flight Engineer
  • 828 Views

How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

I am exercising the installation of containerized version of rsyslog utility under rhel8. The image source is described in the url:

https://catalog.redhat.com/software/containers/rhel8/rsyslog/5ba2b33dbed8bd6ee819a1c9?container-tabs...

I used podman to pull it down from registry.redhat.io, using the commands as:

# podman login registry.redhat.io

# podman pull registry.redhat.io/rhel8/rsyslog:8.5-4

# podman inspect registry.redhat.io/rhel8/rsyslog:8.5-4

But from the output information provided by podman inspect command, I can not figure out how to install the subject rhel8/rsyslog. Searching through web sites got no helpful information about it.

Can anyone give me advise ? Thanks.

-- Jonathan Wang

3 Solutions

Accepted Solutions
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 811 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

Pulling an image simply stores the image on your local system. To use it, you must start a container using the image. Use podman run

Something like: podman run registry.redhat.io/rhel8/rsyslog:8.5-4

However, this is very unlikely to be sufficient. Most likely, you'll want to use a few options, such as:

-d (run in the backgroup)

-p <local_network_port>:<container_network_port> (port forwarding)

-v <local_storage>:<container_storage>[:Z] (persistent storage)

(note: if :Z isn't used, you'll need to handle the SELinux context on persistent (host) storage using semanage fcontext and restorecon commands)

--name <container_name> (give the container a friendly name)

-e <ENV_VAR=value> (set environment variable(s) within the container)

(note: if multiple environment variables are required, a -e <ENV_VAR=value> will be required to set each)

See man podman-run for explanations of what these options, and others, do.

----------

You could end up with something that looks like this:

podman run -d -p 10514:514 -v /var/log/mysyslog:/var/log/:Z --name mysyslogcontainer -e SOME_VAR=come_val -e SOME_VAR2=some_val2 registry.redhat.io/rhel8/rsyslog:8.5-4

NOTE 1: You cannot port forward host ports less than 1024 (those appearing on the left-side of the : after the -p option) unless you run the container as root. If you do this, the container image needs to be re-pulled by the root user as well (or using sudo) becasue, by default, each user keep their own copies of container images - and the containers themselves.

Take care! Best practice is to not run a container as root -- unless you really need to.

NOTE 2: Again, :Z can be used with the -v option. However, you are more likely better off "properly" setting the SELinux context on the persistent (host) storage, such as (using our example:

semanage fcontext -a -t container_file_t '/var/log/mysyslog(/.*)?'

restorecon -Rfv /var/log/mysyslog

NOTE 3: You may need to change the ownership of the local (host) storage using podman unshare:

podman unshare chown -Rv <UID>:<GID> \var\log\mysyslog

where <UID> and <GID> are the user ID and group ID of the user, inside the container, running rsyslog.

Why all this talk of persistent (host) storage? Because if you don't do this, your syslog messages will be deleted if / when the container is deleted -- unless they're stored in persistent storage located on the host system. It's kind of like mounting a block device.

Hope this helps.

 

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

View solution in original post

Reply
Loading...
jonawang
Flight Engineer
Flight Engineer
  • 791 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

Thanks. Your explanation is excellent.

 

Alternatively, I found other way of running rsyslog, in Chapter 10 (Running special container images) of the following manual, using "podman container runlabel <label>" command.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/building_runnin...

From rsyslog perspective, which way is recommended - rootless or runlabel ?

View solution in original post

Reply
Loading...
jonawang
Flight Engineer
Flight Engineer
  • 736 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

I followed the podman container runlabel steps to implement the rsyslog, it worked as expected.

1. stop and remove existing rsyslog service.

2. # podman login registry.redhat.io

3. # podman pull registry.redhat.io/rhel8/rsyslog

4. # podman container runlabel install registry.redhat.io/rhel8/rsyslog

5. # podman container runlabel run registry.redhat.io/rhel8/rsyslog:latest

6. # cd /etc/systemd/system

7. # podman generate systemd -f rsyslog

8. # mv container-e52ca007...28fe.service container-rsyslog.service

9. # systemctl daemon-reload

10. # systemctl start container-rsyslog.service

11. # systemctl enable container-rsyslog.service

12. # systemctl status container-rsyslog.service

13. # logger "*** Hello message ****"

14. # tail /var/log/messages

==> logger's message recevied in the messages file. After system reboot, container-rsyslog.service is active.  Work done.

 

Yet it's root-based with port 514. I'm struggling on rootless container way. Not knowing the problem source. It just doesn't work!

View solution in original post

Reply
Loading...
5 Replies
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 812 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

Pulling an image simply stores the image on your local system. To use it, you must start a container using the image. Use podman run

Something like: podman run registry.redhat.io/rhel8/rsyslog:8.5-4

However, this is very unlikely to be sufficient. Most likely, you'll want to use a few options, such as:

-d (run in the backgroup)

-p <local_network_port>:<container_network_port> (port forwarding)

-v <local_storage>:<container_storage>[:Z] (persistent storage)

(note: if :Z isn't used, you'll need to handle the SELinux context on persistent (host) storage using semanage fcontext and restorecon commands)

--name <container_name> (give the container a friendly name)

-e <ENV_VAR=value> (set environment variable(s) within the container)

(note: if multiple environment variables are required, a -e <ENV_VAR=value> will be required to set each)

See man podman-run for explanations of what these options, and others, do.

----------

You could end up with something that looks like this:

podman run -d -p 10514:514 -v /var/log/mysyslog:/var/log/:Z --name mysyslogcontainer -e SOME_VAR=come_val -e SOME_VAR2=some_val2 registry.redhat.io/rhel8/rsyslog:8.5-4

NOTE 1: You cannot port forward host ports less than 1024 (those appearing on the left-side of the : after the -p option) unless you run the container as root. If you do this, the container image needs to be re-pulled by the root user as well (or using sudo) becasue, by default, each user keep their own copies of container images - and the containers themselves.

Take care! Best practice is to not run a container as root -- unless you really need to.

NOTE 2: Again, :Z can be used with the -v option. However, you are more likely better off "properly" setting the SELinux context on the persistent (host) storage, such as (using our example:

semanage fcontext -a -t container_file_t '/var/log/mysyslog(/.*)?'

restorecon -Rfv /var/log/mysyslog

NOTE 3: You may need to change the ownership of the local (host) storage using podman unshare:

podman unshare chown -Rv <UID>:<GID> \var\log\mysyslog

where <UID> and <GID> are the user ID and group ID of the user, inside the container, running rsyslog.

Why all this talk of persistent (host) storage? Because if you don't do this, your syslog messages will be deleted if / when the container is deleted -- unless they're stored in persistent storage located on the host system. It's kind of like mounting a block device.

Hope this helps.

 

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Reply
Loading...
jonawang
Flight Engineer
Flight Engineer
  • 792 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

Thanks. Your explanation is excellent.

 

Alternatively, I found other way of running rsyslog, in Chapter 10 (Running special container images) of the following manual, using "podman container runlabel <label>" command.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/building_runnin...

From rsyslog perspective, which way is recommended - rootless or runlabel ?

Reply
Loading...
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 770 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

I cannot answer this as I don't have any experience with podman container runlabel

It'd be worth giving it a shot -- it does speak specifically to rsyslog

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Reply
Loading...
jonawang
Flight Engineer
Flight Engineer
  • 737 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

I followed the podman container runlabel steps to implement the rsyslog, it worked as expected.

1. stop and remove existing rsyslog service.

2. # podman login registry.redhat.io

3. # podman pull registry.redhat.io/rhel8/rsyslog

4. # podman container runlabel install registry.redhat.io/rhel8/rsyslog

5. # podman container runlabel run registry.redhat.io/rhel8/rsyslog:latest

6. # cd /etc/systemd/system

7. # podman generate systemd -f rsyslog

8. # mv container-e52ca007...28fe.service container-rsyslog.service

9. # systemctl daemon-reload

10. # systemctl start container-rsyslog.service

11. # systemctl enable container-rsyslog.service

12. # systemctl status container-rsyslog.service

13. # logger "*** Hello message ****"

14. # tail /var/log/messages

==> logger's message recevied in the messages file. After system reboot, container-rsyslog.service is active.  Work done.

 

Yet it's root-based with port 514. I'm struggling on rootless container way. Not knowing the problem source. It just doesn't work!

Reply
Loading...
jonawang
Flight Engineer
Flight Engineer
  • 727 Views

Re: How to install the containerized version of rhel8/rsyslog utility ?

Jump to solution

For building rootless rsyslog container, I typed the following command (on user "contsvc", id=1016) to create a rsyslog container.

$ podman run -d --name mysyslog -p 20514:514 -v /home/contsvc/mysyslog:/var/log/:Z registry.redhat.io/rhel8/rsyslog:latest

Next, I used the logger command to verify whether the log function works or not.  But this log message can not be found in ~/mysyslog directory!

$ logger -P 20514 "**** logger message to rsyslog container ****"

No idea about what is missing!

 

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.