Logging directly to the journal

[Jeffrey Ollie]

While looking into setting up a haproxy container, I realized that none of the UNIX sockets that systemd-journald provides are mapped into a container's namespace.  haproxy doesn't like logging to anything that isn't syslog-ish so it would be great to have /dev/log available for syslog-style logging and /run/systemd/journal/socket for native journal logging.

--

Jeff Ollie

[Alban Crequy]

Hi,

rkt starts systemd-journald in the pod and creates the symlink in the
stage1 rootfs:
/dev/log -> /run/systemd/journal/dev-log (socket file)

But unfortunately it isn't directly available for the app because the
app is chrooted. I prepared this PR:
https://github.com/coreos/rkt/pull/2224
It seems to prepare /dev/log correctly for the app. I tested it by
typing "logger FooBar" in the container shell, then it got correctly
logged:

$ sudo journalctl -M rkt-9f1d7f89-8601-422f-8387-5d461806e29c
Feb 25 11:49:09 rkt-9f1d7f89-8601-422f-8387-5d461806e29c root[5]: FooBar

journalctl command from:
https://github.com/coreos/rkt/blob/master/Documentation/commands.md#logging

Would this work for your use case with haproxy?

As a workaround before this gets properly fixed in rkt, you could try
to configure haproxy to use dev-log outside of the chroot:

global
log /proc/1/root/run/systemd/journal/dev-log local0 info

Cheers,
Alban