[syslog-ng] Unbale to mount syslog-ng.conf to /etc/syslog-ng using docker image
László Várady
laszlo.varady at balabit.com
Fri May 25 17:21:02 UTC 2018
Hi,
Thanks.
Could you share what version of Docker you are using?
The output of "docker version" and "docker info" might be interesting.
--
László Várady
On Fri, May 25, 2018 at 6:41 PM Mujeeb Baig <baig.mujeeb at gmail.com> wrote:
> Hi Laci
>
> Here is the output, this time I created another folder /demo/syslog-ng and
> copied the syslog-ng.conf file there, but same issue. I had also attached
> the output of
> docker volume inspect syslog-ng (see attcahment)
> By the way thanks for your help so far.
>
> root at hdata3:/home/smb/code/conf# docker rmi balabit/syslog-ng:latest
> Untagged: balabit/syslog-ng:latest
> Untagged: balabit/syslog-ng at sha256
> :55ed29d3f68e6ce5c0494580af0b49bdfbbd83232902d9db0596486dbc2f0d3f
> Deleted:
> sha256:aea40146388e85ca11d2b8b4ee7877d2939a71bed41b727431d48b21084967e1
> Deleted:
> sha256:b97aefa7a738770d348b4c7b5ba8d6cfcaada9453e41603db7b57b01a6bf6773
> Deleted:
> sha256:11aa7498ed3edbf74eea2ee5de418fb8789055e278e750d1db5e4fe9057cada4
> Deleted:
> sha256:a15ea7dac472320a77dfffe1066680e7dfd46eea735376a5b8a2040f4d0ca57e
> Deleted:
> sha256:f2f7b467bea911acac35d8a24c3b14cf163bb00370209f5214e5950813d45686
> Deleted:
> sha256:42a1952fea491565f3b8fb19d5869576c8d12a9192f867c4b72234349fa9059a
> Deleted:
> sha256:e30891f348eea2928d4027527455904b5933426cbbef4be4b9a908c97a09ba68
> Deleted:
> sha256:ffc4c11463ee21b7532b63abd6079393c619a5d0f4b00397a4b9d1cf9efc4d9b
> root at hdata3:/home/smb/code/conf#
> root at hdata3:/home/smb/code/conf# docker pull balabit/syslog-ng
> Using default tag: latest
> latest: Pulling from balabit/syslog-ng
> 4176fe04cefe: Pull complete
> af68cba418f8: Pull complete
> 9b2b4fba2935: Pull complete
> 6297af76ec77: Pull complete
> 7bf2bd8c0da2: Pull complete
> 85f1f826e469: Pull complete
> 24a506d1872d: Pull complete
> Digest:
> sha256:55ed29d3f68e6ce5c0494580af0b49bdfbbd83232902d9db0596486dbc2f0d3f
> Status: Downloaded newer image for balabit/syslog-ng:latest
> root at hdata3:/home/smb/code/conf#
> root at hdata3:/home/smb/code/conf#
> root at hdata3:/home/smb/code/conf# docker run -it -v
> /demo/syslog-ng/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf --name
> syslog-ng -p 514:514 -p 601:601 balabit/syslog-ng:latest
> docker: Error response from daemon: OCI runtime create failed:
> container_linux.go:348: starting container process caused
> "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting
> \\\"/demo/syslog-ng/syslog-ng.conf\\\" to rootfs
> \\\"/var/lib/docker/devicemapper/mnt/4751fd8ef1ddb782156a57749429486610b6c3d532a77c6ebf0727ca72ea451a/rootfs\\\"
> at
> \\\"/var/lib/docker/devicemapper/mnt/4751fd8ef1ddb782156a57749429486610b6c3d532a77c6ebf0727ca72ea451a/rootfs/etc/syslog-ng/syslog-ng.conf\\\"
> caused \\\"not a directory\\\"\"": unknown: Are you trying to mount a
> directory onto a file (or vice-versa)? Check if the specified host path
> exists and is the expected type.
> root at hdata3:/home/smb/code/conf#
> root at hdata3:/home/smb/code/conf# docker volume ls
> DRIVER VOLUME NAME
> root at hdata3:/home/smb/code/conf#
>
>
> On 25 May 2018 at 17:01, László Várady <laszlo.varady at balabit.com> wrote:
>
>> Hi Mujeeb,
>>
>> Something weird happened when you executed
>>
>> docker run -it -v "$PWD"/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
>> --name syslog-ng -p 514:514 -p 601:601 balabit/syslog-ng:latest
>>
>> for the first time, so I would like to ask you to start from a clean
>> environment.
>>
>> - You've made sure that /home/smb/code/conf/syslog-ng.conf exists on your
>> host and it is a file.
>>
>> - In the original balabit/syslog-ng image, /etc/syslog-ng/syslog-ng.conf
>> is also a file, so the mount should work.
>>
>> Please run the following commands:
>>
>> 1. docker rm syslog-ng
>>
>> 2. docker rmi balabit/syslog-ng
>>
>> 3. docker pull balabit/syslog-ng
>>
>> And finally, what you actually wanted to run:
>>
>> 4. docker run -it -v /home/smb/code/conf/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
>> --name syslog-ng -p 514:514 -p 601:601 balabit/syslog-ng:latest
>>
>> If you still experience problems after this, please send us the output of
>> "docker volume ls".
>>
>> One more question:
>> Is it possible that "/home/smb/code/conf/" is a mounted network
>> filesystem (NFS, SMB)?
>>
>> --
>> László Várady
>>
>> On Fri, May 25, 2018 at 5:33 PM Mujeeb Baig <baig.mujeeb at gmail.com>
>> wrote:
>>
>>> Hi Laci,
>>>
>>> It runs fine
>>> root at hdata3:/home/smb/code/conf# file /home/smb/code/conf/syslog-ng.conf
>>> /home/smb/code/conf/syslog-ng.conf: ASCII text
>>>
>>> Regards
>>> Mujeeb
>>>
>>> On 25 May 2018 at 16:20, Szemere, László <laszlo.szemere at balabit.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> Thank you for the output. Can you run the
>>>>
>>>> *file /home/smb/code/conf/syslog-ng.conf*
>>>>
>>>> command on your HOST machine?
>>>>
>>>>
>>>> Br,
>>>> Laci
>>>>
>>>>
>>>> On Fri, May 25, 2018 at 5:04 PM, Mujeeb Baig <baig.mujeeb at gmail.com>
>>>> wrote:
>>>>
>>>>> It is locating the source correctly, this is what I see under 'Mounts'
>>>>> section of inspect
>>>>>
>>>>> "Mounts": [
>>>>> {
>>>>> "Type": "bind",
>>>>> "Source": "/home/smb/code/conf/syslog-ng.conf",
>>>>> "Destination": "/1234",
>>>>> "Mode": "",
>>>>> "RW": true,
>>>>> "Propagation": "rprivate"
>>>>> }
>>>>> ],
>>>>>
>>>>>
>>>>> On 25 May 2018 at 15:57, Szemere, László <laszlo.szemere at balabit.com>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> From the Docker documentation:
>>>>>> https://docs.docker.com/v17.09/engine/admin/volumes/bind-mounts/#differences-between--v-and---mount-behavior
>>>>>>
>>>>>> If you use -v or --volume to bind-mount a file or directory that
>>>>>>> does not yet exist on the Docker host, -v will create the endpoint
>>>>>>> for you.
>>>>>>> *It is always created as a directory.*If you use --mount to
>>>>>>> bind-mount a file or directory that does not yet exist on the Docker host,
>>>>>>> Docker does *not* automatically create it for you, but generates an
>>>>>>> error.
>>>>>>
>>>>>>
>>>>>>
>>>>>> It looks like docker daemon still can not find your file
>>>>>> *"$PWD"/syslog-ng.conf* and creates a directory instead.
>>>>>> Instead of heavy debugging, I suggest to run *docker inspect
>>>>>> syslog-ng* to see what path was actually mounted by the docker
>>>>>> daemon. You should see something like this in the output:
>>>>>>
>>>>>> "Mounts": [
>>>>>>> {
>>>>>>> "Type": "bind",
>>>>>>> "Source": "XXX/syslog-ng.conf",
>>>>>>> "Destination": "/1234",
>>>>>>> "Mode": "",
>>>>>>> "RW": true,
>>>>>>> "Propagation": "rprivate"
>>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>> Once we have the actual mounted path, it will be easier to figure
>>>>>> out why the docker daemon can not find your original config file.
>>>>>>
>>>>>> Br,
>>>>>> Laci
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, May 25, 2018 at 4:19 PM, Mujeeb Baig <baig.mujeeb at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Andrew,
>>>>>>>
>>>>>>> Thanks for your response. Yes the path is correct
>>>>>>>
>>>>>>> When I execute with host location as /1234 it creates the container,
>>>>>>> but nothing inside /1234 folder
>>>>>>>
>>>>>>> root at hdata3:/home/smb/code/conf# docker run -it -v
>>>>>>> "$PWD"/syslog-ng.conf:/1234 --name syslog-ng -p 514:514 -p 601:601
>>>>>>> balabit/syslog-ng:latest
>>>>>>> syslog-ng: Error setting capabilities, capability management
>>>>>>> disabled; error='Operation not permitted'
>>>>>>> [2018-05-25T14:12:15.695588] WARNING: Configuration file format is
>>>>>>> too old, syslog-ng is running in compatibility mode. Please update it to
>>>>>>> use the syslog-ng 3.14 format at your time of convenience. To upgrade the
>>>>>>> configuration, please review the warnings about incompatible changes
>>>>>>> printed by syslog-ng, and once completed change the @version header at the
>>>>>>> top of the configuration file.;
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I can see inside the container that /etc/syslog-ng/ this folder is
>>>>>>> not updated
>>>>>>>
>>>>>>> root at hdata3:/home/smb# docker exec -ti syslog-ng /bin/bash
>>>>>>> root at d634d32aee4c:/#
>>>>>>> root at d634d32aee4c:/# ls -l /1234/
>>>>>>> total 0
>>>>>>> root at d634d32aee4c:/#
>>>>>>> root at d634d32aee4c:/# ls -l /sy/etcslog-ng/
>>>>>>> conf.d/ patterndb.d/ scl.conf syslog-ng.conf
>>>>>>> root at d634d32aee4c:/# ls -lrt /etc/syslog-ng/
>>>>>>> total 12
>>>>>>> -rw-r--r--. 1 root root 5910 Feb 23 13:17 syslog-ng.conf
>>>>>>> drwxr-xr-x. 2 root root 6 Mar 2 12:58 conf.d
>>>>>>> drwxr-xr-x. 2 root root 6 Mar 2 12:58 patterndb.d
>>>>>>> -rw-r--r--. 1 root root 1336 Mar 2 12:58 scl.conf
>>>>>>> root at d634d32aee4c:/#
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 25 May 2018 at 13:31, Mitzki, András <andras.mitzki at balabit.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Mujeeb,
>>>>>>>>
>>>>>>>> Maybe the problem is with the config file path:
>>>>>>>> "/home/smb/code/conf/syslog-ng.conf"
>>>>>>>> Could you check that path is correct?
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Andrew
>>>>>>>>
>>>>>>>> On Fri, May 25, 2018 at 1:13 PM, Mujeeb Baig <baig.mujeeb at gmail.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> This is my first trial of syslog-ng. I've tried to start syslog-ng
>>>>>>>>> just like described on the official bolg page
>>>>>>>>> https://syslog-ng.com/blog/central-log-server-docker/
>>>>>>>>> https://syslog-ng.com/blog/collecting-docker-infrastructure-logs-using-syslog-ng/
>>>>>>>>>
>>>>>>>>> I am starting docker container as:
>>>>>>>>>
>>>>>>>>> docker run -it -v
>>>>>>>>> "$PWD"/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf --name syslog-ng -p
>>>>>>>>> 514:514 -p 601:601 balabit/syslog-ng:latest
>>>>>>>>>
>>>>>>>>> But unfortunately it is failing to mount my custom (local)
>>>>>>>>> configuration file from source to host, complaining about mounting a
>>>>>>>>> directory onto file
>>>>>>>>>
>>>>>>>>> Error:
>>>>>>>>>
>>>>>>>>> docker: Error response from daemon: OCI runtime create failed:
>>>>>>>>> container_linux.go:348: starting container process caused
>>>>>>>>> "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting
>>>>>>>>> \\"/home/smb/code/conf/syslog-ng.conf\\" to rootfs
>>>>>>>>> \\"/var/lib/docker/devicemapper/mnt/52d32f854a030b396b03e7596ab5d71eb1a18f34a09d5e4997c437568749b259/rootfs\\"
>>>>>>>>> at
>>>>>>>>> \\"/var/lib/docker/devicemapper/mnt/52d32f854a030b396b03e7596ab5d71eb1a18f34a09d5e4997c437568749b259/rootfs/etc/syslog-ng/syslog-ng.conf\\"
>>>>>>>>> caused \\"not a directory\\"\"": unknown: Are you trying to mount a
>>>>>>>>> directory onto a file (or vice-versa)? Check if the specified host path
>>>>>>>>> exists and is the expected type.
>>>>>>>>>
>>>>>>>>> Am I missing something?
>>>>>>>>>
>>>>>>>>> Please let me know
>>>>>>>>>
>>>>>>>>> Many Thanks
>>>>>>>>>
>>>>>>>>> Mujeeb
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ______________________________________________________________________________
>>>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>>>> Documentation:
>>>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ______________________________________________________________________________
>>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>>> Documentation:
>>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ______________________________________________________________________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation:
>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180525/c38a7253/attachment-0001.html>
More information about the syslog-ng
mailing list