Skip to content
This repository has been archived by the owner on Aug 14, 2020. It is now read-only.

common: create stdio symlinks if not present #97

Merged
merged 2 commits into from
Nov 17, 2015
Merged

common: create stdio symlinks if not present #97

merged 2 commits into from
Nov 17, 2015

Conversation

iaguis
Copy link
Member

@iaguis iaguis commented Oct 20, 2015

Docker images expect /dev/stdin, /dev/stdout, /dev/stderr and /dev/fd
(https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#filesystem)
but appc/spec doesn't
(https://github.com/appc/spec/blob/master/spec/OS-SPEC.md#devices-and-file-systems).

This adds the mentioned symlinks to the converted ACIs so apps can find them as expected.

Fixes #96

alban
alban reviewed Oct 22, 2015
View reviewed changes
lib/common/common.go
}

for name, target := range stdioSymlinks {
if _, ok := filemap[name]; !ok {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid one level of indentation, you could do

if _, exists := filemap[name]; exists {
    continue
}

@alban
Copy link
Member

alban commented Oct 22, 2015

Did you try to run the image https://github.com/deis/example-dockerfile-http mentioned in rkt/rkt#1617?

@iaguis
Copy link
Member Author

iaguis commented Oct 22, 2015

Did you try to run the image https://github.com/deis/example-dockerfile-http mentioned in rkt/rkt#1617?

> docker build  .
Sending build context to Docker daemon   129 kB
Step 0 : FROM alpine:3.1
 ---> 8dd8107abd2e
Step 1 : RUN apk add -U     bash    nginx   && rm -rf /var/cache/apk*
 ---> Using cache
 ---> 0066806327d8
Step 2 : RUN ln -sf /dev/stdout /var/log/nginx/access.log
 ---> Using cache
 ---> 0e090875dd75
Step 3 : RUN ln -sf /dev/stderr /var/log/nginx/error.log
 ---> Using cache
 ---> 81af5c429795
Step 4 : ENV POWERED_BY Deis
 ---> Using cache
 ---> a1612c4b24e7
Step 5 : COPY rootfs /
 ---> Using cache
 ---> 287913728fd9
Step 6 : CMD /bin/boot
 ---> Using cache
 ---> 012c6131329b
Step 7 : EXPOSE 80
 ---> Using cache
 ---> 63800ba13f46
Successfully built 63800ba13f46
> docker tag 63800ba13f46 nginx-deis
> docker save -o nginx-deis.docker nginx-deis
> docker2aci nginx-deis.docker
Extracting 8dd8107abd2e
Extracting 0066806327d8
Extracting 0e090875dd75
Extracting 81af5c429795
Extracting a1612c4b24e7
Extracting 287913728fd9
Extracting 012c6131329b
Extracting 63800ba13f46

Converted ports:
    name: "80-tcp", protocol: "tcp", port: 80, count: 1, socketActivated: false

Generated ACI(s):
nginx-deis-latest.aci

Now I start the pod and I connect to nginx from a browser:

> sudo rkt run --net=host --insecure-skip-verify nginx-deis-latest.acirkt: using image from file /home/iaguis/work/coreos/go/src/github.com/coreos/rkt/build-rkt/bin/stage1-coreos.aci
rkt: using image from file /home/iaguis/temp/rkt/nginx-deis/example-dockerfile-http/nginx-deis-latest.aci
::1 - - [22/Oct/2015:11:16:46 +0000] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36"
2015/10/22 11:16:46 [error] 6#0: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: ::1, server: , request: "GET /favicon.ico HTTP/1.1", host: "localhost", referrer: "http://localhost/"
::1 - - [22/Oct/2015:11:16:46 +0000] "GET /favicon.ico HTTP/1.1" 404 570 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36"

@alban
Copy link
Member

alban commented Oct 22, 2015

Does it work if the original Docker image does not have the /dev directory? Would the /dev directory be added in the tarball? docker://quay.io/coreos/etcd is such an image.

What if the original Docker image has a file /dev which is not a directory but a symlink or a regular file?

@iaguis
Copy link
Member Author

iaguis commented Oct 22, 2015

Does it work if the original Docker image does not have the /dev directory? Would the /dev directory be added in the tarball? docker://quay.io/coreos/etcd is such an image.

Yes. Yes.

What if the original Docker image has a file /dev which is not a directory but a symlink or a regular file?

I guess it would either fail or follow the symlink depending on the order. We could error out if we find a /dev/ that's not a directory in the original image with a meaningful message.

@jonboulle
Copy link
Contributor

ping?

@alban
Copy link
Member

alban commented Nov 17, 2015

LGTM

(this will conflict with #100 but I can rebase #100 after this gets merged)

@iaguis
Copy link
Member Author

iaguis commented Nov 17, 2015

I guess it would either fail or follow the symlink depending on the order. We could error out if we find a /dev/ that's not a directory in the original image with a meaningful message.

This wasn't implemented in the PR. It is now, we return an error if /dev in any layer is not a directory.

krnowak
krnowak reviewed Nov 17, 2015
View reviewed changes
lib/common/common.go
@@ -329,6 +329,7 @@ func writeACI(layer io.ReadSeeker, manifest schema.ImageManifest, curPwl []strin
return nil, fmt.Errorf("error writing rootfs entry: %v", err)
}

filemap := make(map[string]struct{})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fileMap? :P

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure.. :D

@krnowak
Copy link
Member

krnowak commented Nov 17, 2015

LFAD. You can probably ignore the filemap nitpicks, because we already have something like PathWhitelist instead of PathWhiteList.

iaguis and others added 2 commits November 17, 2015 11:41
@iaguis
common: create stdio symlinks if not present
2eb6610 
Docker images expect /dev/stdin, /dev/stdout, /dev/stderr and /dev/fd
(https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#filesystem)
but appc/spec doesn't
(https://github.com/appc/spec/blob/master/spec/OS-SPEC.md#devices-and-file-systems).

This adds the mentioned symlinks to the converted ACIs so apps can find
them as expected.
@iaguis
common: error if /dev is not a directory in any layer
4cad36e 
Since docker2aci is creating stdio symlinks in /dev, a layer with a /dev
that's not a directory can cause general badness.

Return an error in that case.
@krnowak
Copy link
Member

krnowak commented Nov 17, 2015

LFAD.

@iaguis
Copy link
Member Author

iaguis commented Nov 17, 2015

Whitelist is often a word so PathWhitelist is fine, but filemap is not a word.

iaguis added a commit that referenced this pull request Nov 17, 2015
@iaguis
Merge pull request #97 from iaguis/add-stdio-symlinks
ec4e5d7 
common: create stdio symlinks if not present
@iaguis iaguis merged commit ec4e5d7 into appc:master Nov 17, 2015
@alban alban mentioned this pull request Nov 24, 2015
Closed
@alban alban mentioned this pull request Mar 22, 2016
Closed
@iaguis iaguis mentioned this pull request May 20, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@iaguis iaguis

Labels
kind/friction needs review priority/P1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@iaguis @alban @jonboulle @krnowak