Postfix in Docker

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix in Docker

Niels Hofmans
Hello guys,

In order to keep my container applications to a minimum, i'm trying to slim them down.
One part of this is removing all unnecessary components.

I am running Postfix 3.3.1 on Alpine Linux 3.8 in Docker.
Is there some way to get postfix (with start-fg) to log to the console -without- having a syslog-ng running?
I see it requires /dev/log, but simply symlinking that to /dev/stdout doesn't seem to help.

Any help is appreciated.
Thank you.

Regards,
Niels
Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Viktor Dukhovni
On Thu, Aug 23, 2018 at 03:04:08PM +0200, Niels Hofmans wrote:

> In order to keep my container applications to a minimum, i'm trying to slim them down.
> One part of this is removing all unnecessary components.
>
> I am running Postfix 3.3.1 on Alpine Linux 3.8 in Docker.
> Is there some way to get postfix (with start-fg) to log to the console -without- having a syslog-ng running?
> I see it requires /dev/log

It is a unix-domain socket (make sure it is "dgram" and not a
"stream" socket).  So it can't be /dev/stdout.

> Any help is appreciated.

It should be possible to run a single syslog listener outside the
container that listens on log sockets inside each container that
needs syslog.  Logging to stdout/stderr in Postfix daemon processes
is not presently supported.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Sven Schwedas
In reply to this post by Niels Hofmans
On 2018-08-23 15:04, Niels Hofmans wrote:

> Hello guys,
>
> In order to keep my container applications to a minimum, i'm trying to
> slim them down.
> One part of this is removing all unnecessary components.
>
> I am running Postfix 3.3.1 on Alpine Linux 3.8 in Docker.
> Is there some way to get postfix (with start-fg) to log to the console
> -without- having a syslog-ng running?
> I see it requires /dev/log, but simply symlinking that to /dev/stdout
> doesn't seem to help.
Doesn't look like there's any easy way to achieve this. /dev/log is an
unix socket, while stdout… isn't; this would never work out.

AFAIK at minimum you'll need a wrapper that has one thread listening on
/dev/log to print messages to stdout while another waits for postfix to
exit, and terminates the wrapper so Docker's process monitoring works.
Not exactly ideal either.

> Any help is appreciated.
> Thank you.
>
> Regards,
> Niels

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
[hidden email] | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at


signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Niels Hofmans
In reply to this post by Viktor Dukhovni
Thank you for the input all.
I might fiddle around with running https://github.com/mcuadros/go-syslog on a UNIX socket on /dev/log.

Niels

On August 23, 2018 at 3:21:36 pm +02:00, Viktor Dukhovni <[hidden email]> wrote:
On Thu, Aug 23, 2018 at 03:04:08PM +0200, Niels Hofmans wrote:

In order to keep my container applications to a minimum, i'm trying to slim them down.
One part of this is removing all unnecessary components.

I am running Postfix 3.3.1 on Alpine Linux 3.8 in Docker.
Is there some way to get postfix (with start-fg) to log to the console -without- having a syslog-ng running?
I see it requires /dev/log

It is a unix-domain socket (make sure it is "dgram" and not a
"stream" socket). So it can't be /dev/stdout.

Any help is appreciated.

It should be possible to run a single syslog listener outside the
container that listens on log sockets inside each container that
needs syslog. Logging to stdout/stderr in Postfix daemon processes
is not presently supported.

--
Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Wietse Venema
In reply to this post by Niels Hofmans
Niels Hofmans:
> Hello guys,
>
> In order to keep my container applications to a minimum, i'm trying to slim them down.
> One part of this is removing all unnecessary components.
>
> I am running Postfix 3.3.1 on Alpine Linux 3.8 in Docker.
> Is there some way to get postfix (with start-fg) to log to the console -without- having a syslog-ng running?
> I see it requires /dev/log, but simply symlinking that to /dev/stdout doesn't seem to help.

Of course not. Please follow instructions to MOUNT /dev/log from the host.

        Wietse

> An, help is appreciated.
> Thank you.
>
> Regards,Niels
>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Niels Hofmans
Hello guys,

Just to let you know, it works perfect with the following piece of golang code I wrote: https://gist.github.com/HazCod/35d705ebf87704b976ceab58ba20ca21

So no need for full fledged syslog-ng in my container, only this binary that listens and prints to stdout.

Met vriendelijke groeten,
Niels Hofmans

BTW   BE0694785660
BANK BE76068909740795

On 23 Aug 2018, at 17:03, Wietse Venema <[hidden email]> wrote:

Niels Hofmans:
Hello guys,

In order to keep my container applications to a minimum, i'm trying to slim them down.
One part of this is removing all unnecessary components.

I am running Postfix 3.3.1 on Alpine Linux 3.8 in Docker.
Is there some way to get postfix (with start-fg) to log to the console -without- having a syslog-ng running?
I see it requires /dev/log, but simply symlinking that to /dev/stdout doesn't seem to help.

Of course not. Please follow instructions to MOUNT /dev/log from the host.

Wietse

An, help is appreciated.
Thank you.

Regards,Niels


Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Viktor Dukhovni


> On Aug 23, 2018, at 1:44 PM, Niels Hofmans <[hidden email]> wrote:
>
> Hello guys,
>
> Just to let you know, it works perfect with the following piece of golang code I wrote: https://gist.github.com/HazCod/35d705ebf87704b976ceab58ba20ca21
>
> So no need for full fledged syslog-ng in my container, only this binary that listens and prints to stdout.

If the container image persists across restarts (which I'd expect is the case
for an MTA that might have queued mail) then this code may fail to start if/when
/dev/log already exists.  With unix-domain sockets a server typically needs to
unlink() the socket before creating and listening on a new one.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Niels Hofmans
Hello Viktor,

My logger binary is only ran on startup, so would mean the socket disappears again on next start.
Also, it does close/unlink the socket whenever the program exits.

Met vriendelijke groeten,
Niels Hofmans

BTW   BE0694785660
BANK BE76068909740795

On 23 Aug 2018, at 19:53, Viktor Dukhovni <[hidden email]> wrote:



On Aug 23, 2018, at 1:44 PM, Niels Hofmans <[hidden email]> wrote:

Hello guys,

Just to let you know, it works perfect with the following piece of golang code I wrote: https://gist.github.com/HazCod/35d705ebf87704b976ceab58ba20ca21

So no need for full fledged syslog-ng in my container, only this binary that listens and prints to stdout.

If the container image persists across restarts (which I'd expect is the case
for an MTA that might have queued mail) then this code may fail to start if/when
/dev/log already exists.  With unix-domain sockets a server typically needs to
unlink() the socket before creating and listening on a new one.

--
Viktor.


Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Wietse Venema
In reply to this post by Niels Hofmans
Niels Hofmans:
> Hello guys,
>
> Just to let you know, it works perfect with the following piece of golang code I wrote: https://gist.github.com/HazCod/35d705ebf87704b976ceab58ba20ca21 <https://gist.github.com/HazCod/35d705ebf87704b976ceab58ba20ca21>
>
> So no need for full fledged syslog-ng in my container, only this binary that listens and prints to stdout.

I think that it is better to mount the host's /dev/log into the
container because Postfix can produce intense bursts of logs.

Using syslog (in the host) allows existing tools to be used for
Postfix log analysis.

Also, you are gratuitously truncating Postfix logs to 1024-byte
lines, and you will drop logs when the stdout receiver (dockerd
infrastructure) can't keep up.

I do not recommennd that people use your solution.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Viktor Dukhovni
In reply to this post by Niels Hofmans


> On Aug 23, 2018, at 2:00 PM, Niels Hofmans <[hidden email]> wrote:
>
> My logger binary is only ran on startup, so would mean the socket disappears again on next start.
> Also, it does close/unlink the socket whenever the program exits.

Sure, if /dev/ is a non-persistent directory.  And I don't
how Go-lang implements the unix-domain listen and close
methods.  If those do the unlink, you're fine.  Still,
worth checking that this is sure to be reliable.

In some cases /dev is persistent, but if it is a ramfs,
created fresh each time, then you're fine.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Niels Hofmans
Hello Wietse,

I am just reading 1024 bytes at a time, I do not think I am truncating anything?
And with not keeping up, I will take a look.

Niels

Sent from my mobile

On 23 Aug 2018, at 20:10, Viktor Dukhovni <[hidden email]> wrote:



> On Aug 23, 2018, at 2:00 PM, Niels Hofmans <[hidden email]> wrote:
>
> My logger binary is only ran on startup, so would mean the socket disappears again on next start.
> Also, it does close/unlink the socket whenever the program exits.

Sure, if /dev/ is a non-persistent directory.  And I don't
how Go-lang implements the unix-domain listen and close
methods.  If those do the unlink, you're fine.  Still,
worth checking that this is sure to be reliable.

In some cases /dev is persistent, but if it is a ramfs,
created fresh each time, then you're fine.

--
   Viktor.


Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Viktor Dukhovni


> On Aug 23, 2018, at 2:12 PM, Niels Hofmans <[hidden email]> wrote:
>
> I am just reading 1024 bytes at a time, I do not think I am truncating anything?

With a datagram socket, each read() discards any packet content in excess
of the requested length.  Datagram reads do not cross packet boundaries.

I would not expect Go-lang to implement a buffered stream abstract above
the underlying datagram socket...

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix in Docker

Wietse Venema
In reply to this post by Niels Hofmans
Niels Hofmans:
> Hello Wietse,
>
> I am just reading 1024 bytes at a time, I do not think I am truncating anything?

                buf := make([]byte, 1024)
                _, err := conn.Read(buf)

I suspect that this will not read a larger than 1024-byte datagram
properly. That's primarily based on searching the web and finding
that people use more sophisticated APIs than Read() for handling
I/O over UDP. Unfortunately, I don't have time for a deep dive into
Go documentation.

I do appreciate that one may want to be isolated from host details
such as where the logging is filed. I would be more at ease with a
making a real syslogd write to stream, because that is what they are
designed to do well.

        Wietse

> And with not keeping up, I will take a look.
>
> Niels
>
> Sent from my mobile
>
> On 23 Aug 2018, at 20:10, Viktor Dukhovni <[hidden email]> wrote:
>
>
>
> > On Aug 23, 2018, at 2:00 PM, Niels Hofmans <[hidden email]> wrote:
> >
> > My logger binary is only ran on startup, so would mean the socket disappears again on next start.
> > Also, it does close/unlink the socket whenever the program exits.
>
> Sure, if /dev/ is a non-persistent directory.  And I don't
> how Go-lang implements the unix-domain listen and close
> methods.  If those do the unlink, you're fine.  Still,
> worth checking that this is sure to be reliable.
>
> In some cases /dev is persistent, but if it is a ramfs,
> created fresh each time, then you're fine.
>
> --
>    Viktor.
>
>
>