-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(Windows) Cannot Redirect the access_log output to (stderr/stdout/null) #13964
Comments
@envoyproxy/windows-dev ive shifted the conversation about |
ref #13935 |
i guess this could also potentially apply to stdin although im not aware of it being used by envoy |
one thing im still not clear about is whether the "note" about im happy to update/remove if it is not |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
I am proposing the following approach that will be part of This is a runtime best-effort translation of common UNIX paths to Windows. Given that the set of known UNIX paths is small the translation should not add much overhead. @@ -31,6 +31,14 @@ Api::IoCallBoolResult FileImplWin32::open(FlagSet in) {
return resultSuccess(true);
}
+ auto std_handle = toStandardHandle(path);
+ if (std_handle != INVALID_HANDLE) {
+ fd_ = GetStdHandle(std_handle);
+ return;
+ }
+
+ auto translated_path = translateFromUnixPath(path);
+
auto flags = translateFlag(in);
fd_ = CreateFileA(path_.c_str(), flags.access_, FILE_SHARE_READ | FILE_SHARE_WRITE, 0,
flags.creation_, 0, NULL);
@@ -274,5 +282,9 @@ bool InstanceImplWin32::illegalPath(const std::string& path) {
return false;
} Where we have two different translation types:
(Similarly fd 0 will map to
See https://docs.microsoft.com/en-us/windows/console/getstdhandle I look for your feedback |
We might have to do some validation when in service mode that a user doesn't try to use stdout/err as the console functions/GetStdHandle will likely fail, something to test out at least |
These should be non-recoverable failures scenarios right? If you run an application as service or as a detached process without a console and you request the output on the console then Envoy is misconfigured and it should fail. I will try out these scenarios there and some service tests as well, when the service code is merged. |
Yeah good point, good enough to make sure we have good error messages etc., though that becomes a little funny with services and redirecting logs etc. 🤔 |
I think we could also constrain this to just access log output paths as well? I don't see much advantage at all going through the above logic and allowing these sorts of paths for files we're watching for config updates etc. |
the change above implicitly only affects the When we are watching for config updates since this is a read operation we rely on Since this redirection are only for write and not for read I agree that they only make sense in |
I'm trying to understand the goal of this bug and accompanying PR. Do you want to be able to specify that access logs go to stdout/stderr in a configuration file? Why would you want to do that? For debug only? |
See
this issue and PR are to allow us to have parity with Linux/macos and enable using the file access logger to output to stdout/error e.g. in a containerized deployment you often have stdout/error captured by your container runtime and sent off to log aggregation etc. (rather than have a grpc service envoy sends access logs to) without a change of this sort we don’t really have a way to specify that we want this on windows AND you would have to know what platform you’re sending updates to if you are configuring access logging dynamically over xDS if we restricted it to platform specific paths |
I'm still trying to wrap my arms around why this is a good thing, but it would be possible to have special platform-independent syntax for naming stdout/stderr, which is more like this PR. I'd like to ask other @envoyproxy/maintainers if they think it's a great plan to have a special name you could put into any I'm still not understanding why containers capturing stdout is better than using gRPC to relay to your aggregator. From an implementation perspective, on Posix I'd still just referencing the already-open stdin/stderr/cerr/cout streams rather than trying to open a new one. You can use OO inheritance to or something to avoid special-casing in the existing FileSystem::File implementations, I think, as you definitely wouldn't want to allow closing stdin/stdout from that interface. |
This is probably a separate discussion, I don't think theres any value judgement which is "better" just that file based access logging is a feature that exists in Envoy and is in use so to have parity across platforms we need a solution to do the equivalent logging to stdout/err on Windows.
Yeah, this is a good question to raise again. We hadn't come to any consensus on what that name would be or gotten much input from outside so the PR went forward to emulate paths on Windows.
This is valid, but might be something to do in a separate change targeting non-Windows since we're aiming to only affect Windows codepaths (and the Windows implementation doesn't open new handles to stdout/err, but maybe could use the builtin cc @davinci26 |
@ggreenway suggested:
I like this better. The advantage is we wouldn't have "special" names for files to trigger different semantics. The main drawback is that we'd have to enumerate the places where we'd want this behavior (maybe just access logs) and add new APIs and code to handle that there. |
There was a proposal regarding that but IMO I am not sure if bending windows to the UNIX standard makes more sense than introducing an envoy standard. The reason for that is code samples/examples. We would like to have the work out of the box for Windows and if this is the case we would need to replace /dev/stdout references with
This one works but then should we have the examples use this enum instead of the |
There's not really a Unix standard in play here. It's just a software engineering question of not having a pathname interpreted in a special way, so rather than inferring different semantics from the name, we explicitly put it in the enum. I didn't totally understand the suggestion about the examples or the references to
and not specify the path at all. Then if you want it in a file, you could say
but the default value of |
I think I did not make my concern clear. If we go through we the enum approach then we should change all the samples in the current project that use |
The goal is to have the config files in the examples directory be platform-agnostic, is that right? So we need to change all those examples. That seems reasonable to me, no? |
Just making sure that we are all in agreement since examples are part of the public facing documentation for our customers (envoy users) and we will be using a new option. Closed the previous PR so I can open a new with the new approach of an ENUM. |
Just to clarify, that shouldn't be (ultimately) necessary. Until any global error log configuration setting modifies the output handle, my implementation of stderr -> Windows Event Logger for service controlled binaries just created a pipe to capture stderr and drop it as windows events line-by-line. Easily expanded to do this for stdout too (in a different event priority, of course.) The trouble I've always run into is that although most errors go through the application's error logging schema, there will always be exceptions from dependency libraries choosing to write unexpected errors to stderr. Without piping these to the event logger, those get dropped and result in extra confusion. |
yeah, a separate issue for general envoy logs but we could implement something for Service mode where if you don't specify the we could honestly also even add an extension to output the http/tcp Access Logs to the Windows event log as well (analogous to the file and grpc log mechanisms) |
I think that's a great feature to roll out in 1.18.0 - with much more granularity (explicit grouping by type, id, source)! It wouldn't replace the stderr level logging which we desperately need during startup though, since that extension would be instantiated much later. For 1.17.0 we should be ok with a blend of --log-file, treating the SCM invocation as "experimental", and focusing on readiness of invocation as a console application under whatever framework the user chooses. |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
Addressed in PR #15202, closing |
description
On Windows there is no easy way to redirect access log output to standard output/error.
original description:
The text was updated successfully, but these errors were encountered: