[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Logs from container app stored to local disk on nodes



You may need to modify the file permissions and/or selinux context for the volume so that the container user can write to it. Under the default SCC the container user/group are randomized. Under the privileged SCC it will probably be whatever user the Dockerfile indicates (and you can choose an selinux context in the pod security context if needed).

On Wed, Jul 6, 2016 at 3:49 AM, Ronan O Keeffe <ronanok donedeal ie> wrote:
Hi Clayton, 

Much appreciated. I have run the following: 

oadm policy add-scc-to-user privileged -n staging -z default (It's a test box and we're deploying our own images, I can edit the scc to hostaccess or hostmount-anyuid later). 

I have then run 
oc volume dc/<webapp> --add --name=logging --type=hostPath --mount-path=/var/log/<webapp>

The app deploys alright is is up and running sucesfully, but there is nothing logging to the node. 

In case it matters I created the log storage by adding a 10Gb disk to the VM the node lives on, created an xfs partition on it and mounted it in the folder that the webapps should log to. 

Any pointers would be appreciated. 

Regards, 
Ronan. 

On 5 Jul 2016, at 01:44, Clayton Coleman <ccoleman redhat com> wrote:

In the future there is an ongoing design to have a specific "log volume" defined on a per pod basis that will be respected by the system.

For now, the correct way is to use hostPath, but there's a catch - security.  The reason why it failed to deploy is because users have to be granted the permission to access the host (for security reasons).  You'll want to grant access to an SCC that allows host volumes to your service account (do "oc get scc" to see the full list, then "oadm policy add-scc-to-user NAME -z default" to grant access to that SCC to a named service account).

On Mon, Jul 4, 2016 at 5:26 AM, Ronan O Keeffe <ronanok donedeal ie> wrote:
Hi, 

Just wondering is it possible to have an app living in a container log back to the box the container lives on. 

Our test set up is as follows: 

All web apps identical
webapp1 > node1
webapp2 > node2
webapp3 > node3
webapp4 > node4

Ideally we'd like logs from the webapp inside a container on node1 to log to a dedicated logging partition on the host OS of node1 and so on for the other nodes. 
Ultimately we'd like the logs to persist beyond the life of the container I suppose. 

We've tried oc edit dc/webapp and specifying a volume to log to
oc volume dc/<webapp> --add --name=v1 --type=hostPath --path=/var/log/<webapp>

And then specifying that the webapp log to the above partition. 

However the webapp fails to deploy. I'll need to dig in to why that is, but in the meantime is this vaguely the correct way to go about logging?

Cheers, 
Ronan. 


P.S. I went to thank Scott Dodson and for help with a previous matter recently but for some reason the mail has not been received on the list. 



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]