Add logging project

Adds a logging daemon that collects logs in a ring buffer in a runc container. The tools logwrite and logread can be used to read/write logs. The logging daemon can be sent open file descriptors that will be read and included in the logs. Modifies init to start the daemon and use logwrite to capture logs from runc. Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
2026-01-05 12:54:03 +00:00 · 2017-04-14 11:27:54 +02:00
parent 967819afc0
commit 0511fdb431
22 changed files with 2181 additions and 0 deletions
--- a/projects/logging/pkg/init/.gitignore
+++ b/projects/logging/pkg/init/.gitignore
@@ -0,0 +1,2 @@
+sbin/
+usr/
--- a/projects/logging/pkg/init/Dockerfile
+++ b/projects/logging/pkg/init/Dockerfile
@@ -0,0 +1,9 @@
+FROM alpine:3.5
+
+RUN \
+  apk --no-cache update && \
+  apk --no-cache upgrade -a && \
+  apk --no-cache add \
+  && rm -rf /var/cache/apk/*
+
+COPY . ./
--- a/projects/logging/pkg/init/Makefile
+++ b/projects/logging/pkg/init/Makefile
@@ -0,0 +1,38 @@
+C_COMPILE=linuxkit/c-compile:63b085bbaec1aa7c42a7bd22a4b1c350d900617d@sha256:286e3a729c7a0b1a605ae150235416190f9f430c29b00e65fa50ff73158998e5
+START_STOP_DAEMON=sbin/start-stop-daemon
+
+default: push
+
+$(START_STOP_DAEMON): start-stop-daemon.c
+	mkdir -p $(dir $@)
+	tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(C_COMPILE) -o $@ | tar xf -
+
+.PHONY: tag push
+
+BASE=alpine:3.5
+IMAGE=init
+
+ETC=$(shell find etc -type f)
+
+hash: Dockerfile $(ETC) init $(START_STOP_DAEMON)
+	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+	docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
+
+push: hash
+	docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \
+		 docker push linuxkit/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash
+	docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -rf hash sbin usr
+
+.DELETE_ON_ERROR:
--- a/projects/logging/pkg/init/etc/init.d/containerd
+++ b/projects/logging/pkg/init/etc/init.d/containerd
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# bring up containerd
+ulimit -n 1048576
+ulimit -p unlimited
+
+printf "\nStarting containerd\n"
+mkdir -p /var/log
+exec /usr/bin/containerd
--- a/projects/logging/pkg/init/etc/init.d/containers
+++ b/projects/logging/pkg/init/etc/init.d/containers
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# start memlogd container
+
+/usr/bin/startmemlogd
+
+# start onboot containers, run to completion
+
+if [ -d /containers/onboot ]
+then
+	for f in $(find /containers/onboot -mindepth 1 -maxdepth 1 | sort)
+	do
+		base="$(basename $f)"
+		/bin/mount --bind "$f/rootfs" "$f/rootfs"
+		mount -o remount,rw "$f/rootfs"
+		/usr/bin/logwrite -n "$(basename $f)" /usr/bin/runc run --bundle "$f" "$(basename $f)"
+		printf " - $base\n"
+	done
+fi
+
+# start service containers
+
+if [ -d /containers/services ]
+then
+	for f in $(find /containers/services -mindepth 1 -maxdepth 1 | sort)
+	do
+		base="$(basename $f)"
+		/bin/mount --bind "$f/rootfs" "$f/rootfs"
+		mount -o remount,rw "$f/rootfs"
+		log="/var/log/$base.log"
+		/usr/bin/logwrite -n "$(basename $f)" /sbin/start-stop-daemon --start --pidfile /run/$base.pid --exec /usr/bin/runc -- run --bundle "$f" --pid-file /run/$base.pid "$(basename $f)" </dev/null 2>$log >$log &
+		printf " - $base\n"
+	done
+fi
+
+wait
--- a/projects/logging/pkg/init/etc/init.d/rcS
+++ b/projects/logging/pkg/init/etc/init.d/rcS
@@ -0,0 +1,114 @@
+#!/bin/sh
+
+# mount filesystems
+mkdir -p -m 0755 /proc /run /tmp /sys /dev
+
+mount -n -t proc proc /proc -o ndodev,nosuid,noexec,relatime
+
+mount -n -t tmpfs tmpfs /run -o nodev,nosuid,noexec,relatime,size=10%,mode=755
+mount -n -t tmpfs tmpfs /tmp -o nodev,nosuid,noexec,relatime,size=10%,mode=1777
+
+# mount devfs
+mount -n -t devtmpfs dev /dev -o nosuid,noexec,relatime,size=10m,nr_inodes=248418,mode=755
+# devices
+[ -c /dev/console ] || mknod -m 600 /dev/console c 5 1
+[ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1
+[ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0
+
+[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
+[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+
+# extra symbolic links not provided by default
+[ -e /dev/fd ] || ln -snf /proc/self/fd /dev/fd
+[ -e /dev/stdin ] || ln -snf /proc/self/fd/0 /dev/stdin
+[ -e /dev/stdout ] || ln -snf /proc/self/fd/1 /dev/stdout
+[ -e /dev/stderr ] || ln -snf /proc/self/fd/2 /dev/stderr
+[ -e /proc/kcore ] && ln -snf /proc/kcore /dev/core
+
+# devfs filesystems
+mkdir -p -m 1777 /dev/mqueue
+mkdir -p -m 1777 /dev/shm
+mkdir -p -m 0755 /dev/pts
+mount -n -t mqueue -o noexec,nosuid,nodev mqueue /dev/mqueue
+mount -n -t tmpfs -o noexec,nosuid,nodev,mode=1777 shm /dev/shm
+mount -n -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts
+
+# mount sysfs
+sysfs_opts=nodev,noexec,nosuid
+mount -n -t sysfs -o ${sysfs_opts} sysfs /sys
+[ -d /sys/kernel/security ] && mount -n -t securityfs -o ${sysfs_opts} securityfs /sys/kernel/security
+[ -d /sys/kernel/debug ] && mount -n -t debugfs -o ${sysfs_opts} debugfs /sys/kernel/debug
+[ -d /sys/kernel/config ] && mount -n -t configfs -o ${sysfs_opts} configfs /sys/kernel/config
+[ -d /sys/fs/fuse/connections ] && mount -n -t fusectl -o ${sysfs_opts} fusectl /sys/fs/fuse/connections
+[ -d /sys/fs/selinux ] && mount -n -t selinuxfs -o nosuid,noexec selinuxfs /sys/fs/selinux
+[ -d /sys/fs/pstore ] && mount -n -t pstore pstore -o ${sysfs_opts} /sys/fs/pstore
+[ -d /sys/firmware/efi/efivars ] && mount -n -t efivarfs -o ro,${sysfs_opts} efivarfs /sys/firmware/efi/efivars
+
+# misc /proc mounted fs
+[ -d /proc/sys/fs/binfmt_misc ] && mount -t binfmt_misc -o nodev,noexec,nosuid binfmt_misc /proc/sys/fs/binfmt_misc
+
+# mount cgroups
+mount -n -t tmpfs -o nodev,noexec,nosuid,mode=755,size=10m cgroup_root /sys/fs/cgroup
+
+while read name hier groups enabled rest
+do
+	case "${enabled}" in
+	1)	mkdir -p /sys/fs/cgroup/${name}
+		mount -n -t cgroup -o ${sysfs_opts},${name} ${name} /sys/fs/cgroup/${name}
+	;;
+	esac
+done < /proc/cgroups
+
+# use hierarchy for memory
+echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy
+
+# for compatibility
+mkdir -p /sys/fs/cgroup/systemd
+mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
+
+# start mdev for hotplug
+echo "/sbin/mdev" > /proc/sys/kernel/hotplug
+
+# mdev -s will not create /dev/usb[1-9] devices with recent kernels
+# so we trigger hotplug events for usb for now
+for i in $(find /sys/devices -name 'usb[0-9]*'); do
+	[ -e $i/uevent ] && echo add > $i/uevent
+done
+
+mdev -s
+
+# set hostname
+if [ -s /etc/hostname ]
+then
+	hostname -F /etc/hostname
+fi
+
+if [ $(hostname) = "moby" -a -f /sys/class/net/eth0/address ]
+then
+	mac=$(cat /sys/class/net/eth0/address)
+	hostname moby-$(echo $mac | sed 's/://g')
+fi
+
+# set system clock from hwclock
+hwclock --hctosys --utc
+
+# bring up loopback interface
+ip addr add 127.0.0.1/8 dev lo brd + scope host
+ip route add 127.0.0.0/8 dev lo scope host
+ip link set lo up
+
+# for containerising dhcpcd and other containers that need writable etc
+mkdir /tmp/etc
+mv /etc/resolv.conf /tmp/etc/resolv.conf
+ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
+
+# remount rootfs as readonly
+mount -o remount,ro /
+
+# make /var writeable and shared
+mount -o bind /var /var
+mount -o remount,rw,nodev,nosuid,noexec,relatime /var /var
+mount --make-rshared /var
+
+# make / rshared
+mount --make-rshared /
--- a/projects/logging/pkg/init/etc/inittab
+++ b/projects/logging/pkg/init/etc/inittab
@@ -0,0 +1,15 @@
+# /etc/inittab
+
+::sysinit:/etc/init.d/rcS
+::once:/etc/init.d/containerd
+::once:/etc/init.d/containers
+
+# Stuff to do for the 3-finger salute
+::ctrlaltdel:/sbin/reboot
+
+# Stuff to do before rebooting
+::shutdown:/usr/sbin/killall5 -15
+::shutdown:/bin/sleep 5
+::shutdown:/usr/sbin/killall5 -9
+::shutdown:/bin/echo "Unmounting filesystems"
+::shutdown:/bin/umount -a -r
--- a/projects/logging/pkg/init/etc/issue
+++ b/projects/logging/pkg/init/etc/issue
@@ -0,0 +1,12 @@
+
+Welcome to LinuxKit
+
+                        ##         .
+                  ## ## ##        ==
+               ## ## ## ## ##    ===
+           /"""""""""""""""""\___/ ===
+      ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
+           \______ o           __/
+             \    \         __/
+              \____\_______/
+
--- a/projects/logging/pkg/init/init
+++ b/projects/logging/pkg/init/init
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+setup_console() {
+	tty=${1%,*}
+	speed=${1#*,}
+	inittab="$2"
+	securetty="$3"
+	line=
+	term="linux"
+	[ "$speed" = "$1" ] && speed=115200
+
+	case "$tty" in
+	ttyS*|ttyAMA*|ttyUSB*|ttyMFD*)
+		line="-L"
+		term="vt100"
+		;;
+	tty?)
+		line=""
+		speed="38400"
+		term=""
+		;;
+	esac
+	# skip consoles already in inittab
+	grep -q "^$tty:" "$inittab" && return
+
+	echo "$tty::once:cat /etc/issue" >> "$inittab"
+	echo "$tty::respawn:/sbin/getty -n -l /bin/sh $line $speed $tty $term" >> "$inittab"
+	if ! grep -q -w "$tty" "$securetty"; then
+		echo "$tty" >> "$securetty"
+	fi
+}
+
+/bin/mount -t tmpfs tmpfs /mnt
+
+/bin/cp -a / /mnt 2>/dev/null
+
+/bin/mount -t proc -o noexec,nosuid,nodev proc /proc
+for opt in $(cat /proc/cmdline); do
+	case "$opt" in
+	console=*)
+		setup_console ${opt#console=} /mnt/etc/inittab /mnt/etc/securetty;;
+	esac
+done
+
+exec /bin/busybox switch_root /mnt /sbin/init
--- a/projects/logging/pkg/init/start-stop-daemon.c
+++ b/projects/logging/pkg/init/start-stop-daemon.c