From 72a16fd9e59c6408bca62ed38293e94c39c8164b Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Fri, 16 Mar 2018 02:26:01 -0500
Subject: [PATCH] Add container journal linking

The container and host can link journals giving operators the ability to
log stream and check on the health of a system without needing to login
(attach) to the container. This change implements journal linking for
LXC containers following the reference systemd specification.

Reference implementation:
https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--link-journal=

Change-Id: Id68cf39a77b5dd9c13c010829b47cd7a414378bc
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 defaults/main.yml                             |  6 ++++
 .../notes/journal-link-3c23aab5b5ed3441.yaml  | 14 ++++++++
 tasks/lxc_container_config.yml                | 32 +++++++++++++++++++
 tests/test-containers-functional.yml          | 24 ++++++++++++++
 4 files changed, 76 insertions(+)
 create mode 100644 releasenotes/notes/journal-link-3c23aab5b5ed3441.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index ec43e7b..d659bae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -165,3 +165,9 @@ lxc_container_enable_resolved: true
 
 # Dictionary of settings for containers
 properties: {}
+
+# Set "/var/log/journal/{{ machine_id }}" to be a bind mount to the physical
+# host. This option will link the container journal and the physical host
+# journals making it possible to log stream from the container on the physical
+# host.
+lxc_container_journal_link: true
diff --git a/releasenotes/notes/journal-link-3c23aab5b5ed3441.yaml b/releasenotes/notes/journal-link-3c23aab5b5ed3441.yaml
new file mode 100644
index 0000000..c71da0d
--- /dev/null
+++ b/releasenotes/notes/journal-link-3c23aab5b5ed3441.yaml
@@ -0,0 +1,14 @@
+---
+features:
+  - In a greenfield deployment containers will now bind link
+    their journals to the physical host machine in the
+    ``/var/log/journal/{{ machine_id }}`` location. During an
+    upgrade this change will be added to the container config but
+    will not go into effect until the container is restarted.
+    Because the restart is not forced the operator can perform
+    restarts to best suit the needs of their environment.
+    Journal linking provides operators the ability to log stream
+    and health check containerized systems without having to
+    attach or otherwise login. If this feature is not needed or
+    desired it can be disabled by setting the option
+    ``lxc_container_journal_link`` to *false*.
diff --git a/tasks/lxc_container_config.yml b/tasks/lxc_container_config.yml
index 79ea79b..a79b2e0 100644
--- a/tasks/lxc_container_config.yml
+++ b/tasks/lxc_container_config.yml
@@ -277,6 +277,38 @@
     mode: "0444"
     remote_src: "yes"
   remote_user: root
+
+- name: Link container journal to host
+  block:
+    - name: Retrieve the machine-id
+      slurp:
+        src: /etc/machine-id
+      register: machine_id
+
+    - name: Set bind mount for journal linking
+      set_fact:
+        lxc_container_journal_path: "/var/log/journal/{{ (machine_id.content | b64decode).strip() }}"
+
+    - name: Ensure journal directory exists
+      file:
+        path: "{{ lxc_container_journal_path }}"
+        state: "directory"
+        group: "systemd-journal"
+        owner: "root"
+        mode: "02755"
+      delegate_to: "{{ item }}"
+      with_items:
+        - "{{ physical_host }}"
+        - "{{ inventory_hostname }}"
+
+    - name: Add bind mount configuration to container
+      lineinfile:
+        dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
+        line: "lxc.mount.entry = {{ lxc_container_journal_path }} {{ lxc_container_journal_path.lstrip('/') }} none bind,create=dir 0 0"
+        backup: "true"
+      delegate_to: "{{ physical_host }}"
+  when:
+    - lxc_container_journal_link | bool
 # ENVIRONMENT AND HOSTNAME SETTINGS
 
 
diff --git a/tests/test-containers-functional.yml b/tests/test-containers-functional.yml
index ff2f676..0a31a5b 100644
--- a/tests/test-containers-functional.yml
+++ b/tests/test-containers-functional.yml
@@ -164,3 +164,27 @@
       assert:
         that:
           - "'1' in nonlocalbind.stdout"
+
+- name: Test journal linking
+  hosts: all_containers
+  user: root
+  become: true
+  gather_facts: false
+  tasks:
+    - name: Get container machine-id
+      command: "cat /etc/machine-id"
+      changed_when: false
+      register: container_machine_id
+
+    - name: Stat linked journal on the host
+      stat:
+        path: "/var/log/journal/{{ container_machine_id.stdout.strip() }}/system.journal"
+      register: journal_stat
+      delegate_to: "{{ physical_host }}"
+
+    - name: Check for linked journal
+      fail:
+        msg: >-
+          Container journal [/var/log/journal/{{ container_machine_id.stdout.strip() }}] not found
+      when:
+        - not journal_stat.stat.exists