I’m using HAProxy 1.7 which needs rsyslog to push logs to stdout. Once the container writes logs to stdout, programs like filebeat or fluentd will pickup.
Docker container has: Ubuntu 20.04, HAProxy 1.7.12 2019/10/25, rsyslog v8.2001.0
docker-entrypoint.sh
#!/bin/sh
set -e
readonly RSYSLOG_PID="/app/rsyslogd.pid"
start_rsyslogd() {
rm -f $RSYSLOG_PID
rsyslogd -n -i "/app/rsyslogd.pid"
}
# Start rsyslog
start_rsyslogd
# Launch HAProxy
./haproxy-start.sh "$@"
rsyslog part config in Dockerfile:
# Install & run setcap to enable non-root user to bind sockets
RUN apt-get update && apt-get install -y --no-install-recommends
rsyslog
rm -rf /var/lib/apt/lists/* &&
setcap CAP_NET_BIND_SERVICE=+eip "$(which haproxy)" &&
touch /var/log/haproxy.log &&
ln -sf /dev/stdout /var/log/haproxy.log
COPY docker-entrypoint.sh /app
COPY haproxy-start.sh /app
COPY haproxy-rsyslog.conf /etc/rsyslog.d/haproxy.conf
COPY rsyslog.conf /etc/rsyslog.conf
RUN chmod a+x /app/*.sh &&
chown -R ${USER}:${GROUP} /app
USER ${USER}
WORKDIR /app
ENTRYPOINT ("/usr/local/bin/dumb-init","--","./docker-entrypoint.sh")
CMD ("-f", "./config/haproxy.cfg")
rsyslog.conf:
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 5140
local1.* /var/log/haproxy.log
& ~
Error on haproxy container logs:
│ rsyslogd: No UDP socket could successfully be initialized, some functionality may be disabled. (v8.2001.0) │
│ rsyslogd: imudp: Could not create udp listener, ignoring port 514 bind-address 127.0.0.1. (v8.2001.0) │
│ rsyslogd: imudp: no listeners could be started, input not activated. (v8.2001.0) │
│ rsyslogd: activation of module imudp failed (v8.2001.0 try https://www.rsyslog.com/e/-3 ) │
│ rsyslogd: could not remove supplemental group IDs: Operation not permitted (v8.2001.0 try https://www.rsyslog.com/e/2432 ) │
│ rsyslogd: run failed with error -2432 (see rsyslog.h or try https://www.rsyslog.com/e/2432 to learn what that number means) │
│ stream closed
It looks like a permissions issue but not sure how to configure rsyslog completely in userspace. Any suggestions around it would be great! TYA!
Ref: https://ops.tips/gists/haproxy-docker-container-logs/