注册服务器信息
注册服务器地址registry.domain250.example.com
使用 admin 作为用户名,使用 redhat321 作为映像注册表的凭据
#配置容器使其自动启动
利用注册服务器上的 rsyslog 镜像,创建一个名为 logserver 的容器
面向 wallah 用户,配置一个 systemd 服务
该服务命名为 container-logserver ,并在系统重启时自动启动,无需干预
#为容器配置持久存储
通过以下方式扩展上一个任务的服务
配置主机系统的 journald 日志以在系统重启后保留数据,并重新启动日志记录服务
将主机 /var/log/journal目录下任何以 *.journal 的文件复制到 /home/wallah/container_logfile 中
将服务配置为在启动时自动将 /home/wallah/container_logfile 挂载到容器中的 /var/log/journal 下
[root@node1 ~]# man journald.conf
[root@node1 ~]# vim /etc/systemd/journald.conf
[root@node1 ~]# ll -d /run/log/journal/
drwxr-sr-x. 4 root systemd-journal 80 May 12 18:11 /run/log/journal/
[root@node1 ~]# mkdir /var/log/journal
[root@node1 ~]# ll -d /var/log/journal
drwxr-xr-x. 2 root root 6 May 12 18:57 /var/log/journal
[root@node1 ~]# chmod -R g+s /var/log/journal
[root@node1 ~]# ll -d /var/log/journal
drwxr-sr-x. 2 root root 6 May 12 18:57 /var/log/journal
[root@node1 ~]# chown root:systemd-journal /var/log/journal
[root@node1 ~]# ll -d /var/log/journal
drwxr-sr-x. 2 root systemd-journal 6 May 12 18:57 /var/log/journal
[root@node1 ~]# systemctl restart systemd-journald
[root@node1 ~]# systemctl enable systemd-journald
The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
settings in the [Install] section, and DefaultInstance for template units).
This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
4) In case of template units, the unit is meant to be enabled with some
instance name specified.
[root@node1 ~]# systemctl status systemd-journald
● systemd-journald.service - Journal Service
Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static; ve>
Active: active (running) since Fri 2023-05-12 18:59:26 EDT; 16s ago
Docs: man:systemd-journald.service(8)
man:journald.conf(5)
Main PID: 1505 (systemd-journal)
Status: "Processing requests..."
Tasks: 1 (limit: 11345)
Memory: 1.3M
CGroup: /system.slice/systemd-journald.service
└─1505 /usr/lib/systemd/systemd-journald
May 12 18:59:26 node1.domain250.example.com systemd-journald[1505]: Journal sta>
May 12 18:59:26 node1.domain250.example.com systemd-journald[1505]: System jour>
[root@node1 ~]# cp /var/log/journal/*/*.journal /home/wallah/container_logfile
[root@node1 ~]# cd /home/wallah
[root@node1 wallah]# ll
total 0
drwxr-xr-x. 2 wallah wallah 28 May 12 19:00 container_logfile
[root@node1 wallah]# cd container_logfile/
[root@node1 container_logfile]# ll
total 8192
-rw-r-----. 1 root root 8388608 May 12 19:00 system.journal
[root@node1 container_logfile]# chown wallah ~wallah
[root@node1 container_logfile]# ll
total 8192
-rw-r-----. 1 root root 8388608 May 12 19:00 system.journal
[root@node1 container_logfile]# chown -R wallah ~wallah
[root@node1 container_logfile]# ll
total 8192
-rw-r-----. 1 wallah root 8388608 May 12 19:00 system.journal
[root@node1 container_logfile]# ssh wallah@localhost
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
[wallah@node1 ~]$ podman login registry.domain250.example.com
Username: admin
Password:
Login Succeeded!
[wallah@node1 ~]$ podman search registry.domain250.example.com/
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
example.com registry.domain250.example.com/rhel8/mariadb-103 0
example.com registry.domain250.example.com/rhel8/httpd-24 0
example.com registry.domain250.example.com/library/nginx 0
example.com registry.domain250.example.com/ubi7/ubi 0
example.com registry.domain250.example.com/ubi8/ubi 0
example.com registry.domain250.example.com/rhel8/rsyslog 0
[wallah@node1 ~]$ podman run -d --name logserver -v /home/wallah/container_logfile:/var/log/journal:Z registry.domain250.example.com/rhel8/rsyslog
Trying to pull registry.domain250.example.com/rhel8/rsyslog...
Getting image source signatures
Copying blob d23202532999 done
Copying blob b6efbecbebd6 done
Copying blob 88afac75a773 done
Copying config 1ca52ef7a2 done
Writing manifest to image destination
Storing signatures
e0012a874499ca23600c9744fbd5d6cd0fd054f824924798b8d843c68eeac62a
[wallah@node1 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0012a874499 registry.domain250.example.com/rhel8/rsyslog:latest /bin/rsyslog.sh 7 seconds ago Up 6 seconds ago logserver
[wallah@node1 ~]$ podman stop logserver
e0012a874499ca23600c9744fbd5d6cd0fd054f824924798b8d843c68eeac62a
[wallah@node1 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[wallah@node1 ~]$ loginctl enable-linger
[wallah@node1 ~]$ mkdir -p ~/.config/systemd/user
[wallah@node1 ~]$ cd ~/.config/systemd/user
[wallah@node1 user]$ ll
total 0
[wallah@node1 user]$ podman generate systemd -n logserver -f
/home/wallah/.config/systemd/user/container-logserver.service
[wallah@node1 user]$ systemctl enable --user --now container-logserver.service
Created symlink /home/wallah/.config/systemd/user/multi-user.target.wants/container-logserver.service → /home/wallah/.config/systemd/user/container-logserver.service.
Created symlink /home/wallah/.config/systemd/user/default.target.wants/container-logserver.service → /home/wallah/.config/systemd/user/container-logserver.service.
[wallah@node1 user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0012a874499 registry.domain250.example.com/rhel8/rsyslog:latest /bin/rsyslog.sh 3 minutes ago Up 6 seconds ago logserver
[wallah@node1 user]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.domain250.example.com/rhel8/rsyslog latest 1ca52ef7a2f4 2 years ago 232 MB