It would be very useful to have a lxc history same as the zfs zpool history.
I was searching my history file to find what a user have done to is container.
Unfortunate the bash history file has not been update for some reason.
It would be very useful to have a lxc history same as the zfs zpool history.
I was searching my history file to find what a user have done to is container.
Unfortunate the bash history file has not been update for some reason.
Unlike ZFS, what is going on in the container is transparent to LXD. That is, when you run commands in a container, LXD is not involved at all.
A container is a process tree that is launched (or restarted) by LXD. When you run a command in a container, then that command is part of the process tree. I do not think it is fit for LXD to inspect the process tree and keep such history. You would rather use some other tool that specifically does this logging.
What is going on “In” the container is not relevant, but what is going on on the host mater, so I guess that the lxc command could be alter to save all successful operation inside a new database.
Let me know if you understand me, sorry my first language is french…
My program LXDMosaic will do this if you have recorded actions enabled,
you might be able to-do something with the events
API but I haven’t done enough digging to see if you could “watch” for the level of detail you are looking for - for that reason it requires you to use the web interface to record the actions, I.E
*Please excuse the JSON output for the detail, there is alot of events to properly account for *
That just remember me to update my LXDMosaic !
I don’t mind the jason format.
I will test the new version soon
Ok, it now makes sense. I updated the title to “lxc
commands history feature”. I hope it is OK with you.
Indeed the lxc
commands go through the LXD service, and LXD could keep a history of them per container. I did not notice a discussion on this on Issues · lxc/incus · GitHub
I suggest to create an issue/feature at Issues · lxc/incus · GitHub with title like Keep a history of lxc
commands that ran for each container.
I do not know whether it will get implemented but it would be good to have it discussion on github.
This feature can also be implemented in the client as in LXDMosaic. It superficially looks more suitable to implement in a graphical client like LXDMosaic rather than in the lxc
command. Because if it was to be implemented in the lxc
command, it would better fit to implement in the LXD service.
We have lifecycle events for this. LXD doesn’t like keeping full records of things as that’s needless DB churn, but our lifecycle API is designed such that someone could write a small auditing bridge that records those events even for a large LXD cluster.
It’s worth noting that the data in those events isn’t very detailed though.
It will tell you that a container got created, started, stopped, config updated, snapshot/backup created, … but it won’t provide details on what was changed for example, mostly because LXD itself doesn’t know (the CLI provides a new config and we apply it by replacing the old one, we don’t have a diff).
absolutly ok with me.
What would me nice is typing lxc history and see the equivalent bash " history | grep lxc " but for all user. zfs have that feature in https://github.com/illumos/illumos-gate/blob/master/usr/src/uts/common/fs/zfs/spa_history.c
I will continue to investigate how to write a wrapper for the lxc command to record all action made with the command without calling api.
I still think that having this feature is a very big plus for oper-rationalizing lxd.
Doing that would require the command line commands to be sent to the server which isn’t how things work. A single lxc
command may do a dozen API calls to the server, so there is no way to show all lxc BLAH
done on the system.
That’s obviously different for ZFS where they have a single CLI tool that directly applies the changes, no API and so can have that CLI tool maintain a global log.
There is no need to know the back end command, only need to store the exact lxc command that was use.
Where would that be stored and by what?
Notting fancy
It coult be a simple /var/log/lxc.cmd.log or journalctl
lxc history could be an alias of cat or less /var/log/lxc.cmd.log
I do understand the complexity of the relation from the lxd client and the lxd server. So maybe the lxc commend can send the info using syslog. But that would also mean that a remote client cannot retreive the remote command send to the lxd server / syslog.
You can get this functionality already with some bash
shell magic.
$ sudo touch /var/log/lxc.cmd.log
$ sudo chmod 777 /var/log/lxc.cmd.log
$ sudo chattr +a /var/log/lxc.cmd.log
Then, setup the shell so that the HISTFILE
and other bash
history environment variables are read-only.
readonly HISTFILE=/var/log/lxc.cmd.log
It took a will to get back
Here is a solution that work with bash:
#### VARIABLE TO ADD TO .bashrc to make shure that all simultanous session
#### get able to write and not overwrite the user history
shopt -s histappend
lastcmd()
{
b=$a
a=$(history 2 | sed 's/^ *[^ ]* *//' | cut -d$'\n' -f1);
if [[ $a == "lxc"* ]]; then
if [[ "$a" != "$b" ]]; then
echo $a >> ~/lxc.cmd.log
fi
fi
}
## Assign execution of the lastcmd everytime you get a prompt from bash
export PROMPT_COMMAND=lastcmd
## make shure we run lastcmd after you press enter
trap lastcmd DEBUG