一、题目要求
第八题
配置容器并使其自动启动 注册表位于 http://registry.lab.example.com,注册表用户 rhel8,密码redhat321;
利用注册表里的 rsyslog 镜像,创建一个名为 journal-server 的容器;
将其配置为 system服务的形式运行,并且仅面对用户 student;
第九题
扩展上一个任务的服务
配置主机系统日志在系统重启后保留数据,并重新启动日志记录服务;
将服务配置为启动自动将/home/student/container_logfile 挂载到容器的/var/log/journal 下;进入容器,使用下列命令 logger -p local3.info ‘this is testing logger’ 发容器日志。
二、解题过程
1、使用student
用户登录blue
[roo@host1 ~]$ ssh student@blue -X
student@blue's password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
X11 forwarding request failed on channel 0
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Thu May 27 12:58:41 2021
[student@blue ~]$
2、新建文件夹
[student@blue ~]$ mkdir /home/student/container_logfile
[student@blue ~]$ loginctl enable-linger
[student@blue ~]$
3、登录注册表
[student@blue ~]$ podman login registry.lab.example.com
Username: rhel8
Password:
Login Succeeded!
[student@blue ~]$
4、查找rsyslog
[student@blue ~]$ podman search rsyslog
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
example.com registry.lab.example.com/rhel8/rsyslog 0
[student@blue ~]$
5、拉取镜像
[student@blue ~]$ podman pull registry.lab.example.com/rhel8/rsyslog
Trying to pull registry.lab.example.com/rhel8/rsyslog...
Getting image source signatures
Copying blob 675ca883249a skipped: already exists
Copying blob 53732dad4680 [--------------------------------------] 0.0b / 0.0b
Copying blob a538c9b97609 [--------------------------------------] 0.0b / 0.0b
Copying blob a490e26747ef [--------------------------------------] 0.0b / 0.0b
Copying config 4d58530530 done
Writing manifest to image destination
Storing signatures
4d58530530f79689673c2b07d48076b3db331ef9c0e5074b1ec5a3d530523018
[student@blue ~]$
6、运行容器并查看
[student@blue ~]$ podman run -d --name=journal-server -v /home/student/container_logfile/:/var/log/journal:Z registry.lab.example.com/rhel8/rsyslog
be71fe2cdbea4e6c28de09efcfc14593bf9ca51d9c1a8bd7f8140aed3344c02d
[student@blue ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be71fe2cdbea registry.lab.example.com/rhel8/rsyslog:latest /usr/sbin/init 9 seconds ago Up 8 seconds ago journal-server
[student@blue ~]$
7、新建目标文件夹
[student@blue ~]$ mkdir -p ~/.config/systemd/user
[student@blue ~]$ cd ~/.config/systemd/user
[student@blue user]$
8、配置system服务,开机自启
[student@blue user]$ podman generate systemd --name journal-server --files --new /home/student/.config/systemd/user/container-journal-server.service
/home/student/.config/systemd/user/container-journal-server.service
[student@blue user]$ ls
container-journal-server.service
[student@blue user]$
停止并删除容器
[student@blue user]$ podman stop journal-server
be71fe2cdbea4e6c28de09efcfc14593bf9ca51d9c1a8bd7f8140aed3344c02d
[student@blue user]$ podman rm journal-server
be71fe2cdbea4e6c28de09efcfc14593bf9ca51d9c1a8bd7f8140aed3344c02d
[student@blue user]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[student@blue user]$
使生成的system服务开机自启,并立即生效
[student@blue user]$ systemctl --user enable --now container-journal-server.service
Created symlink /home/student/.config/systemd/user/multi-user.target.wants/container-journal-server.service → /home/student/.config/systemd/user/container-journal-server.service.
Created symlink /home/student/.config/systemd/user/default.target.wants/container-journal-server.service → /home/student/.config/systemd/user/container-journal-server.service.
[student@blue user]$
查看是否自动运行镜像
[student@blue user]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8ff271f0f3bd registry.lab.example.com/rhel8/rsyslog:latest /usr/sbin/init 58 seconds ago Up 58 seconds ago journal-server
[student@blue user]
重启验证
[root@host1 ~]# ssh student@blue
student@blue's password:
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Tue May 23 09:49:14 2023 from 172.24.1.254
[student@blue ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d42c5e0ba7fa registry.lab.example.com/rhel8/rsyslog:latest /usr/sbin/init 17 seconds ago Up 16 seconds ago journal-server
[student@blue ~]$
9、验证日志挂载
进入容器,执行命令生成日志
[student@blue ~]$ podman exec -it journal-server /bin/bash
[root@d42c5e0ba7fa /]# logger -p local5.info 'this is testing logger'
[root@d42c5e0ba7fa /]# logger -p local5.info 'this is testing logger'
[root@d42c5e0ba7fa /]#
10、查看日志是否生成
[root@d42c5e0ba7fa /]# cd /var/log/journal/
[root@d42c5e0ba7fa journal]# ls
b876c6ebf55f4c99bb17eff7b851aa86 rhcsa.log
[root@d42c5e0ba7fa journal]# cat rhcsa.log
May 23 14:10:57 d42c5e0ba7fa root[35]: this is testing logger
May 23 14:10:59 d42c5e0ba7fa root[36]: this is testing logger
[root@d42c5e0ba7fa journal]#
11、退出容器,查看挂载的目录是否同样有日志文件
[root@d42c5e0ba7fa journal]# exit
exit
[student@blue ~]$ ls
container_logfile
[student@blue ~]$ cd container_logfile/
[student@blue container_logfile]$ ls
b876c6ebf55f4c99bb17eff7b851aa86 rhcsa.log
[student@blue container_logfile]$ cat rhcsa.log
May 23 14:10:57 d42c5e0ba7fa root[35]: this is testing logger
May 23 14:10:59 d42c5e0ba7fa root[36]: this is testing logger
[student@blue container_logfile]$