Re: [systemd-devel] journalctl's http://localhost:19531/browse
On Mon, 02.11.15 18:44, Kai Hendry (hen...@webconverger.com) wrote: > On Mon, 2 Nov 2015, at 06:10 PM, Lennart Poettering wrote: > > Note that the website will show only those accessible to the > > "systemd-journal" group. > > > > Did you run "logger" unprivileged? Did you run journalctl privileged? > > That might explain the difference? > > In that video earlier I ran journalctl as my user, so unprivileged, but > it still sees my logger commands, unlike http://localhost:19531/browse > > Though what you said sounds like a good explanation. However how do make > the Web interface show my user's `logger` invocations? I did try adding > my user to the systemd-journal group, but that didn't seem to solve my > issue. Hmm, maybe there's something wrong with the ACLs on the journal files or the directory they reside in? Normally, there should be an ACL that allows the "systemd-journal" group access to all files, and systemd-journal-gatewayd is running with that group among its auxiliary group ids... > > well, systemd-journal-gatewayd serves that already, you can just use > > that... > > Ah! Perfect. Oh but I need a way to setup CORS so I can access it from > my Webapp: > http://s.natalian.org/2015-11-02/systemd-journal-gatewayd.png CORS? I don't know what that means? > Shall I file a bug? > https://github.com/systemd/systemd/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aopen+systemd-journal-gatewayd Regarding what precisely? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] journalctl's http://localhost:19531/browse
On Tue, 3 Nov 2015, at 02:27 AM, Lennart Poettering wrote: > Hmm, maybe there's something wrong with the ACLs on the journal files > or the directory they reside in? Normally, there should be an ACL that > allows the "systemd-journal" group access to all files, and > systemd-journal-gatewayd is running with that group among its > auxiliary group ids... Still at a loss to resolve this. How I loathe unix permissions. I'd rather run systemd-journal-gatewayd as my user instead systemd+ as it's running now to avoid this time wasting exercise. > CORS? I don't know what that means? It's a Web server header that permits what Web apps can interact with it. https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS So a possible API would be: /usr/lib/systemd/systemd-journal-gatewayd --header="Access-Control-Allow-Origin: *" Which would be seen in the output of `curl -I 'http://localhost:19531/entries?boot'`, and the * would allow any Web app no matter where it's hosted to get log events IIUC. So not a good default but could be useful. :) Cheers, ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] journalctl's http://localhost:19531/browse
On Mon, 2 Nov 2015, at 07:58 PM, Colin Guthrie wrote: > I suspect that you'd probably want to hide this behind some kind of > proxy for security reasons. That proxy could add appropriate > authentication (e.g IP restrictions, user auth etc) and add in any > additional headers). > I could be wrong with this suggestion, but this would be my first guess > at how you would solve this problem. You are correct it could be solved by a proxy. A lot of bad APIs can be solved with a proxy. But you must concede that it is an awful obstacle/dependency to getting things done. ;) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] journalctl's http://localhost:19531/browse
On Mon, 02.11.15 13:05, Kai Hendry (hen...@webconverger.com) wrote: > Hi guys, > > Just playing around with the journalctl Web interface here: > http://s.natalian.org/2015-11-02/journalctl.mp4 > > How come messages like `logger foo` do not appear in > http://localhost:19531/browse but they do in `journalctl -b -f`? Note that the website will show only those accessible to the "systemd-journal" group. Did you run "logger" unprivileged? Did you run journalctl privileged? That might explain the difference? > Is the API for http://localhost:19531/ defined somewhere since I > wouldn't mind creating my own Web interface with the JSON. Ideally the > server could support text/event-stream like I demonstrate here: > https://www.youtube.com/watch?v=XmCDji3t7eg It's not really documented, but it should be... it's fairly easy though, and the default web page should explain most of it... > I did notice `journalctl -o json-sse`, but you need a server to hand > those off to the browser. How should that be done with libmicrohttpd ?? well, systemd-journal-gatewayd serves that already, you can just use that... Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] journalctl's http://localhost:19531/browse
On Mon, 2 Nov 2015, at 06:10 PM, Lennart Poettering wrote: > Note that the website will show only those accessible to the > "systemd-journal" group. > > Did you run "logger" unprivileged? Did you run journalctl privileged? > That might explain the difference? In that video earlier I ran journalctl as my user, so unprivileged, but it still sees my logger commands, unlike http://localhost:19531/browse Though what you said sounds like a good explanation. However how do make the Web interface show my user's `logger` invocations? I did try adding my user to the systemd-journal group, but that didn't seem to solve my issue. > well, systemd-journal-gatewayd serves that already, you can just use > that... Ah! Perfect. Oh but I need a way to setup CORS so I can access it from my Webapp: http://s.natalian.org/2015-11-02/systemd-journal-gatewayd.png Shall I file a bug? https://github.com/systemd/systemd/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aopen+systemd-journal-gatewayd Kind regards, ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] journalctl's http://localhost:19531/browse
Kai Hendry wrote on 02/11/15 10:44: >> > well, systemd-journal-gatewayd serves that already, you can just use >> > that... > Ah! Perfect. Oh but I need a way to setup CORS so I can access it from > my Webapp: > http://s.natalian.org/2015-11-02/systemd-journal-gatewayd.png > > Shall I file a bug? I suspect that you'd probably want to hide this behind some kind of proxy for security reasons. That proxy could add appropriate authentication (e.g IP restrictions, user auth etc) and add in any additional headers). I could be wrong with this suggestion, but this would be my first guess at how you would solve this problem. Col -- Colin Guthrie colin(at)mageia.org http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] journalctl's http://localhost:19531/browse
Hi guys, Just playing around with the journalctl Web interface here: http://s.natalian.org/2015-11-02/journalctl.mp4 How come messages like `logger foo` do not appear in http://localhost:19531/browse but they do in `journalctl -b -f`? Is the API for http://localhost:19531/ defined somewhere since I wouldn't mind creating my own Web interface with the JSON. Ideally the server could support text/event-stream like I demonstrate here: https://www.youtube.com/watch?v=XmCDji3t7eg I did notice `journalctl -o json-sse`, but you need a server to hand those off to the browser. How should that be done with libmicrohttpd ?? Cheers, ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel