[Podman] Re: no logs from container

On 04/05/2021 20:23, Daniel Walsh wrote: > On 5/4/21 10:09, lejeczek via Podman wrote: >> >> >> On 03/05/2021 20:27, Daniel Walsh wrote: >>> On 4/30/21 06:47, lejeczek via Podman wrote: >>>> >>>> >>>> On 29/04/2021 20:47, Daniel Walsh wrote: >>>>> On 4/28/21 16:46, lejeczek via Podman wrote: >>>>>> >>>>>> >>>>>> On 28/04/2021 19:56, Daniel Walsh wrote: >>>>>>> On 4/28/21 11:02, lejeczek via Podman wrote: >>>>>>>> Hi guys >>>>>>>> >>>>>>>> I'm trying a popular image, perhaps very popular(not sure if >>>>>>>> with podman consumers though) off which a rootful container >>>>>>>> produces no logs. >>>>>>>> I've tried podman vers 2.0 & 3.1, with the same results. >>>>>>>> Adding debug to: >>>>>>>> >>>>>>>> -> $ podman container restart cni-net.disc --log-level=debug >>>>>>>> ... >>>>>>>> INFO[0000] Running conmon under slice >>>>>>>> machine-libpod_pod_6ef5202d6954f3616a530f188954465e27ff4730dfad32b68d9467c26e789d18.slice >>>>>>>> and unitName >>>>>>>> libpod-conmon-7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97.scope >>>>>>>> >>>>>>>> DEBU[0000] Received: 310116 >>>>>>>> INFO[0000] Got Conmon PID as 310113 >>>>>>>> DEBU[0000] Created container >>>>>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>>>>> in OCI runtime >>>>>>>> DEBU[0000] Starting container >>>>>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>>>>> with command [/bin/bash] >>>>>>>> DEBU[0000] Started container >>>>>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>>>>> DEBU[0000] Called restart.PersistentPostRunE(podman container >>>>>>>> restart cni-net.discourse --log-level=debug) >>>>>>>> >>>>>>>> does not reveal much as you can see. >>>>>>>> I can: >>>>>>>> -> $ podman exec -it cni-net.disc sh >>>>>>>> and shell is availble. >>>>>>>> >>>>>>>> How to troubleshoot issues like this? >>>>>>>> many thanks, L. >>>>>>>> _______________________________________________ >>>>>>>> Podman mailing list -- podman(a)lists.podman.io >>>>>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>>>>> >>>>>>> I would first attempt it --privileged and see if it works. If >>>>>>> it does, then we got to find out what security mechanism is >>>>>>> blocking it. >>>>>>> >>>>>> '--privileged' gets me back to what I inquired about and filed >>>>>> bugzilla earlier - CAP_PERFMON >>>>>> I wonder, is a 'proper' fix moving to appear on the horizon? >>>>>> >>>>> If --privileged works, now I would try each of the following >>>>> separately. >>>>> >>>>> --security-opt label=disable >>>>> >>>>> --security-opt seccomp=unconfined >>>>> >>>>> --cap-add all >>>>> >>>>> Which would tell you that SELinux is blocking it, Seccomp, or >>>>> capabilities. >>>>> >>>>> If it is capabilities, then we can start playing with which >>>>> capability is needed. >>>> Sorry, I did not make it straight enough, it fails with: >>>> >>>> -> $ _P=cni-net _N=disco-dev; podman run --privileged -td >>>> --pod=$_P.${HOSTNAME%%.*} --volume >>>> /srv/containers/FLATfiles/net.disco:/shared:z --name ${_P}.$_N >>>> docker.io/discourse/discourse_dev >>>> Error: OCI runtime error: unknown cap: `CAP_PERFMON` >>>> >>>> By 'fails' I mean - container gets created by still no logs. >>>> Only config where 'logs -f' actually connects and hangs onto >>>> something is: >>>> -> $ podman run --security-opt label=disable --restart=always -td >>>> --pod=.... >>>> But still that something is 'blank' output, otherwise '-f' returns >>>> to prompt immediately. >>>> >>>> many thanks, L. >>> Please update to the lastes libcap version.  This basically means >>> that the tools are using CAP_PERFMON which is not translated to the >>> correct constants by the library, because the library is out of date. >> Which version of the lib should have it fixed? I have >> libcap-2.26-4.el8.x86_64. (which I think it the high/latest >> available in CentOS Stream) > > We are using 2.48 on Fedora. > > Where did you get the Podman from? I'm on CentOS Stream, so it's all Centos. Seems that the default module - container-tools:rhel8 lags behind 3.0 module, although podman itself is in higher version. I've now reverted to lower ver of podman but higher version of other bits, all from container-tools:3.0 Meanwhile I've tired 2.48-2.el8, rebuilt on CentOS but still no luck, with it I get: ... ERRO[0000] error starting some container dependencies ERRO[0000] "unknown cap: `CAP_CHECKPOINT_RESTORE`: OCI runtime error" Error: error starting some containers: internal libpod error podman-3.0.1-6.module_el8.5.0+736+58cc1a5a.x86_64 criu-3.15-1.module_el8.5.0+736+58cc1a5a.x86_64 libcap-2.48-2.el8.x86_64 > >>>>> >>>>>>> _______________________________________________ >>>>>>> Podman mailing list -- podman(a)lists.podman.io >>>>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>>>> _______________________________________________ >>>>>> Podman mailing list -- podman(a)lists.podman.io >>>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>>> >>>>> _______________________________________________ >>>>> Podman mailing list -- podman(a)lists.podman.io >>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>> _______________________________________________ >>>> Podman mailing list -- podman(a)lists.podman.io >>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>> >>> _______________________________________________ >>> Podman mailing list -- podman(a)lists.podman.io >>> To unsubscribe send an email to podman-leave(a)lists.podman.io >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io