Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUILD: introduce "--with-syslog=stderr" option #7827

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

BUILD: introduce "--with-syslog=stderr" option #7827

wants to merge 1 commit into from
+34 −9

Conversation

alexey-tikhonov
Copy link
Member

to be used in containers-like environments where
no system wide logger is available.

@alexey-tikhonov alexey-tikhonov added no-backport This should go to target branch only. coverity Trigger a coverity scan labels Feb 5, 2025
@alexey-tikhonov alexey-tikhonov marked this pull request as ready for review February 5, 2025 17:35
ikerexxe
ikerexxe reviewed Feb 7, 2025
View reviewed changes
src/util/sss_log.c Outdated Show resolved Hide resolved
ikerexxe
ikerexxe approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you for the patch!

@aplopez
Copy link
Contributor

aplopez commented Feb 10, 2025
edited
Loading

I have just one question, otherwise I'm OK with these changes.

Shouldn't the sssd(8) man page be updated to show the loggers (--logger command line option) that are actually available, and maybe limit the accepted values? For instance, journald will not be available if SSSD is configured with --with-syslog=stderr.

@alexey-tikhonov
Copy link
Member Author

alexey-tikhonov commented Feb 10, 2025
edited
Loading

Shouldn't the sssd(8) man page be updated to show the loggers (--logger command line option) that are actually available, and maybe limit the accepted values?

@aplopez, but this is unrelated to this PR.
--logger defines where DEBUG() will go.

--with-syslog= defines where sss_log() will go (and this is NOT configurable runtime).

There is indeed an issue with the man page: journald won't be available if SSSD is not built WITH_JOURNALD, but it is not introduced / not relevant to this PR. And it only affects systems where systemd-journald build deps aren't available in the buildroot.

@alexey-tikhonov
Copy link
Member Author

To test this one can use a copr build from #7832 and run

# su - sssd -s /usr/bin/ -c 'sssd -i --logger=files'

This helped me to realized there is a bug actually - a new line is missing:

# su - sssd -s /usr/bin/bash -c 'sssd -i --logger=files'
Starting upStarting upStarting upStarting upStarting upStarting upStarting upFailed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot contact any KDC for realm...

Another problem is that output is intermixed so it's difficult to understand what process output where.
I'll add a prefix, but that's not enough...

@alexey-tikhonov alexey-tikhonov force-pushed the stderr-syslog branch 2 times, most recently from 29e76e7 to 765e844 Compare February 10, 2025 19:44
@alexey-tikhonov
Copy link
Member Author

Updated.

Well, this is better:

# su - sssd -s /usr/bin/bash -c 'sssd -i --logger=files'
sssd: Starting up
be[subid.test]: Starting up
nss: Starting up
sudo: ssh: Starting up
Starting up
pam: Starting up
ifp: Starting up
pac: Starting up

but fflush() isn't enough to avoid lines intermix (as seen in this example - sudo vs ssh).

There is no trivial solution for this.

But taking into account this is an experimental feature for constrained (systemd/syslog-less) environments like single-app containers, and we aren't going to use/advertise it in Fedora/CS and other regular distributions, imo it's "good enough".

@aplopez
Copy link
Contributor

aplopez commented Feb 11, 2025

Shouldn't the sssd(8) man page be updated to show the loggers (--logger command line option) that are actually available, and maybe limit the accepted values?

@aplopez, but this is unrelated to this PR. --logger defines where DEBUG() will go.

Gosh! You are right. I mixed everything.

aplopez
aplopez reviewed Feb 11, 2025
View reviewed changes
src/util/sss_log.c Outdated Show resolved Hide resolved
@alexey-tikhonov
BUILD: introduce "--with-syslog=stderr" option
13ac336 
to be used in containers-like environments where
no system wide logger is available.
aplopez
aplopez approved these changes Feb 11, 2025
View reviewed changes
Copy link
Contributor

@aplopez aplopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK
Thank you.

ikerexxe
ikerexxe approved these changes Feb 11, 2025
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@alexey-tikhonov alexey-tikhonov added the Ready to push Ready to push label Feb 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikerexxe ikerexxe ikerexxe approved these changes

@aplopez aplopez aplopez approved these changes

Assignees

@ikerexxe ikerexxe

@aplopez aplopez

Labels
Accepted coverity Trigger a coverity scan no-backport This should go to target branch only. Ready to push Ready to push
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexey-tikhonov @aplopez @ikerexxe