Ah… that makes sense. I don’t have a problem with this when running the service as root, but I suppose something happens when changing to the user ID that makes systemd lose track of the control process. I also appreciate now the use of Type=notify to solve part of this problem. I’ll rework and try again. Thanks for pointing out my mistake!

Ryan

On Sun, Aug 21, 2022 at 14:29 Joost Molenaar <jjm@j0057.nl> wrote:
You don't specify a PIDFile=, so systemd considers the unit started as soon as the ExecStart= process exits, and then doesn't know which process to track, and proceeds to kill the entire cgroup. See the Type=forking documentation in `man systemd.unit`.

Joost

------- Original Message -------

On Saturday, August 20th, 2022 at 00:38, Ryan Wilson <rdwilson@gmail.com> wrote:

Thanks so much! That was it. I didn't realize the logs were going to the user journal. User core on Fedora CoreOS is UID=1000.

While not directly related to logging, I'm a bit perplexed as to why forking doesn't work when User= is specified. This config launches the container, but then immediately stops it for some reason.

[Unit]
Description=Hello
After=network-online.target
Wants=network-online.target

[Service]
Type=forking
User=core
Group=core
TimeoutStartSec=70
ExecStart=/usr/bin/podman run --name hello -d --replace alpine /bin/sh -c "while true; do date; logger $(date); echo hello; logger hello; sleep 60; done"
ExecStop=/usr/bin/podman stop --ignore hello
ExecStopPost=/usr/bin/podman rm -f --ignore hello

[Install]
WantedBy=multi-user.target

On Sat, Aug 20, 2022 at 7:21 AM Joost Molenaar <jjm@j0057.nl> wrote:
Does the 'core' user have a UID smaller than 1000? If so, the stdout and stderr of the container should go to the system journal, if not, it should get sent to the user's journal, and you should be able to use `journalctl --user` as the 'user' core to read the logs of the rootless container. See this[1] on the Arch wiki.

Also I think that the alpine `logger` command should send its input to syslog (the /dev/log socket), not stdout, and so not end up in the journal.

Joost


------- Original Message -------
On Friday, August 19th, 2022 at 20:29, Ryan Wilson <rdwilson@gmail.com> wrote:

The previous thread about logging was timely as I've been experimenting with a setup to make sure I'm capturing all the logs from a few important containers I've got running. But I'm still having some inconsistencies in what shows up in the logs.

Some of my containers I want to run as root (rootful podman) and some as a user (rootless podman). I'd like to get all of their logs to journald if possible.

This systemd service file runs as a user and works correctly, but doesn't log anything to journald. I can't make it work with "type=forking" (the container starts, but is immediately stopped then killed for some reason):

[Unit]
Description=Hello
After=network-online.target
Wants=network-online.target user-runtime-dir@1000.service

[Service]
Type=simple
User=core
Group=core
TimeoutStartSec=70
ExecStart=/usr/bin/podman run --name hello --replace alpine /bin/sh -c "while true; do date; logger $(date); echo hello; logger hello; sleep 60; done"
ExecStop=/usr/bin/podman stop --ignore hello
ExecStopPost=/usr/bin/podman rm -f --ignore hello

[Install]
WantedBy=multi-user.target


This systemd service file works correctly and logs to journald, but only as root:

[Unit]
Description=Hello
After=network-online.target
Wants=network-online.target

[Service]
Type=forking
TimeoutStartSec=70
ExecStart=/usr/bin/podman run --name hello -d --replace alpine /bin/sh -c "while true; do date; logger $(date); echo hello; logger hello; sleep 60; done"
ExecStop=/usr/bin/podman stop --ignore hello
ExecStopPost=/usr/bin/podman rm -f --ignore hello

[Install]
WantedBy=multi-user.target


How do I make the logging work to journald from rootless podman?

Ryan