Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

logging needs to be redirected to stdout and stderr #5

Open
scbunn opened this issue May 21, 2016 · 14 comments
Open

logging needs to be redirected to stdout and stderr #5

scbunn opened this issue May 21, 2016 · 14 comments

Comments

@scbunn
Copy link
Owner

scbunn commented May 21, 2016

No description provided.

@scbunn
Copy link
Owner Author

scbunn commented May 21, 2016

symlinking /var/log/squid/*.log to /dev/(stdout|stderr) will not work because writing to logs happens with the squid user

@mgvazquez
Copy link

mgvazquez commented Dec 14, 2016

Hi!

To fix that, you can add the 'sudo' package, and then add the 'squid' user to sudoers whith this:

echo -e "Defaults:squid !requiretty" > /etc/sudoers.d/squid
echo -e "squid ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/squid

Then, add 'USER squid' label just before the ENTRYPOINT label and modify the 'ENTRIPOINT command' to be executed with 'sudo'.

With this, the '/dev/stdout', '/dev/stderr' and '/dev/stdin' will be created with the 'squid' user. The squid father-process will run as 'root' user, and its child-processes as 'squid' user; being thus, they will be able to write in '/dev/stdout', '/dev/stderr' and '/dev/stdin'.

The last thing that you need to do is add the followings lines to the 'squid.conf' to redirect the logs to the '/dev/stdout':

logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
cache_store_log stdio:/dev/stdout

If you need an example, please use this repo https://github.com/mgvazquez/docker-squid-proxy

I hope it has been helpfull.
Sorry for my limited English.

@replicajune
Copy link

replicajune commented Jun 16, 2018

Hi,

This issue is a bit outdated but another trick is to simply use /proc/self/fd/1 instead of sudo and redirecting things to /dev.

A lot is going on in /proc, and /proc/self expose a couple of interesting things regarding the current process. In this case, /proc/self/fd/0 is stdin for this process, 1 is stdout, and 2 is stderr.

@aimlessadam
Copy link

This issue is a bit outdated but another trick is to simply use /proc/self/fd/1 instead of sudo and redirecting things to /dev.

A lot is going on in /proc, and /proc/self expose a couple of interesting things regarding the current process. In this case, /proc/self/fd/0 is stdin for this process, 1 is stdout, and 2 is stderr.

I tried this but was not able to make it work, I think because it looks like squid closes all FDs as root and then forks to the user squid. If I am doing something wrong, would love if someone could point it out because I'm not thrilled with the sudo solution, though that does work in the meantime.

@replicajune
Copy link

I don't use squid anymore, but it worked. This was in my conf file :

logfile_rotate 0
access_log stdio:/proc/self/fd/1

And add the container launch as squid :

USER squid
ENTRYPOINT ["squid", "-N", "-d", "1"]

Be sure to have the related conf file to be readable by the squid user.

@blueyed
Copy link

blueyed commented Apr 15, 2019

Does not seem to work: (also tried fd/1)

2019/04/15 17:16:05| Logfile: opening log stdio:/proc/self/fd/2
2019/04/15 17:16:05| storeDirWriteCleanLogs: Starting...
2019/04/15 17:16:05|   Finished.  Wrote 0 entries.
2019/04/15 17:16:05|   Took 0.00 seconds (  0.00 entries/sec).
2019/04/15 17:16:05| FATAL: Cannot open '/proc/self/fd/2' for writing.
        The parent directory must be writeable by the
        user 'squid', which is the cache_effective_user
        set in squid.conf.
2019/04/15 17:16:05| Squid Cache (Version 4.4): Terminated abnormally.

But using USER works (#5 (comment)).

@MadMartian
Copy link

MadMartian commented Jun 12, 2019

Use tail with the retry option and run it in the background. I put these two lines in a script that supervisord calls.

tail -vn 0 -F /var/log/squid/access.log /var/log/squid/cache.log &
/usr/sbin/squid -f /etc/squid/squid.conf -N

If you are using bash you can simplify tail:

tail -vn 0 -F /var/log/squid/{cache,access}.log &

@brendonjohn
Copy link

brendonjohn commented Aug 27, 2019

I don't use squid anymore, but it worked.

For others that have gone down this path I want to explain why squid probably wasn't able to write to /dev/stdout

When squid is run as the squid user, writing directly to /dev/stdout or /proc/self/fd/1 shouldn't be possible.

http://www.squid-cache.org/mail-archive/squid-users/200509/0507.html

Linux denies access to /proc/self/fd/ for processes who have assumed another userid

More information on proc: https://manpages.debian.org/stretch/manpages/proc.5.en.html

@UmairRashid
Copy link

UmairRashid commented Jul 20, 2020

If you are working in Kubernetes, you can also run a parallel container in a pod containing squid container. This container will tail these (/var/log/squid/{cache,access}.log or any other) logs on its stdout.

---
kind: Pod
apiVersion: v1
metadata:
  name: squid-proxy
  labels:
    app: squid
spec:
  volumes:
  - name: log-dir
    emptyDir: {}
  containers:
  - name: squid
    image: scbunn/squid:latest
    volumeMounts:
    - name: log-dir
      mountPath: "/var/log/squid/"
  - name: tailer
    image: busybox
    command:
    - "/bin/sh"
    - "-c"
    args:
    - tail -F /var/log/squid/access.log
    volumeMounts:
    - name: log-dir
      mountPath: "/var/log/squid/"

@dansteen
Copy link

logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
cache_store_log stdio:/dev/stdout

One other point of note is that if you run the container as the "proxy" user (the user squid suid's to) then this works without any sudo needed.

@elcodedocle
Copy link

elcodedocle commented Feb 12, 2021

USER proxy worked for me on debian:buster-slim based image.
I had to create, chown, and set the pid folder first though, to avoid the initialization crashing on default pid path owned by root:

RUN mkdir -p /run/squid \
 && chown proxy:proxy /run/squid \
 && echo 'pid_filename /var/run/squid/squid.pid' >> /etc/squid/squid.conf

USER proxy

@surendarkaniops
Copy link

surendarkaniops commented Jun 22, 2021

Hi all, I am facing an issue when run the squid container. kindly help me who to fix this

error message

image

docker file

image

entrypoint.sh file

[root@ip-192-168-4-198 devops]# cat entrypoint.sh
#!/bin/bash
set -e

#Run confd to render config file(s)
CONFD_BACKEND="${CONFD_BACKEND:-env}"

echo "Run confd with backend ${CONFD_BACKEND}"
/opt/confd/bin/confd -onetime -backend $CONFD_BACKEND || exit 1
################
#Grant permissions to /dev/stdout for spawned squid process
chown ${SQUID_USER}:${SQUID_USER} /dev/stdout

create_log_dir() {
mkdir -p ${SQUID_LOG_DIR}
chmod -R 755 ${SQUID_LOG_DIR}
chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_LOG_DIR}
}

create_cache_dir() {
mkdir -p ${SQUID_CACHE_DIR}
chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_CACHE_DIR}
}

create_log_dir
create_cache_dir

#allow arguments to be passed to squid
if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
set --
elif [[ ${1} == squid || ${1} == $(which squid) ]]; then
EXTRA_ARGS="${@:2}"
set --
fi

#default behaviour is to launch squid
if [[ -z ${1} ]]; then
if [[ ! -d ${SQUID_CACHE_DIR}/00 ]]; then
echo "Initializing cache..."
$(which squid) -N -f /etc/squid/squid.conf -z
fi
echo "Starting squid..."
exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS}
else
exec "$@"
fi

@sdepablos
Copy link

Pretty old issue, but I've found myself in the same waters, and I came up with a different solution:

  1. First we add in our Dockerfile the proxy user to the tty group to be able to write to stdout (squid has already been installed, and the user proxy has been created)
RUN usermod -a -G tty proxy
  1. Then we add the following configuration to squid.cfg. I write directly to /dev/tty instead of /dev/stdout because I found that that stdout actually redirects to a different /dev/tty depending on the user
logfile_rotate 0
cache_log stdio:/dev/tty
access_log stdio:/dev/tty
cache_store_log stdio:/dev/tty

@maxwheel
Copy link

It looks like if you are using SME mod (workers > 1), the logs cannot be gathered in Docker logs... Tried /dev/stdout or symlink way but no luck. Any idea?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests