rkt doesn't seem to provide /dev/stdout, /dev/stderr etc.

[NeilW]

Following on from coreos/bugs#926 I note that the trick of linking /dev/stdout and /dev/stderr to the nginx error logs in that Dockerfile doesn't work on rkt. Apparently the devices are not provided to the running filesystem.

The docker image was generated from https://github.com/deis/example-dockerfile-http

[alban]

Docker images expect to have /dev/stdout and /dev/stder according to:
https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#filesystem

But ACI images should not expect it according to:
https://github.com/appc/spec/blob/master/spec/OS-SPEC.md#devices-and-file-systems

@iaguis should docker2aci adds the missing /dev files in every image translated? Since they are symlinks, that should not add security concerns.

Note that the Docker spec does not match the implementation: the Docker spec uses /proc/1:

Source	Destination
/proc/1/fd	/dev/fd
/proc/1/fd/0	/dev/stdin
/proc/1/fd/1	/dev/stdout
/proc/1/fd/2	/dev/stderr

And the implementation in setupDevSymlinks uses /proc/self. I think /proc/self should be used (opencontainers/runc#337).

[alban]

When rkt adds the /dev/std* symlinks, it still fails with the error "No such device or address" because systemd uses unix sockets for stdout/stderr when redirecting the logs to the journal. See the thread open() "/dev/stderr" failed on the systemd mailing list.

In the nginx Dockerfile, you have:

RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log

If you use /dev/console instead of /dev/stdout and /dev/stderr, it should work because /dev/console is not an unix socket.

And in the nginx configuration, the default value for logging is:

error_log logs/error.log error;

So nginx opens the file logs/error.log, which is a symlink to /dev/stderr, which is a symlink to /proc/self/fd/2, which is a unix socket to the journal. Instead of doing that, it would be simpler to tell nginx to just write to its stdout/stderr.

The nginx configuration could use the following:

error_log stderr error;

I presume access.log will have the same problem. It can be configured with access_log but I don't see an option for stdout here. So I suggest just to use /dev/console.

[NeilW]

I appreciate the workaround note, however the point of the ticket is that this is a publicly available container spec that works fine on Docker, but not on rkt, and I want to use it without change.

To be able to use rkt rather than docker in our deployment systems, it has to be a seamless experience.

[jonboulle]

@alban @iaguis per #rkt-dev discussion, should this be added to docker2aci?

[alban]

@jonboulle I think so, I just filed appc/docker2aci#96

[jonboulle]

Looks like this just needs a docker2aci bump now.

[alban]

#1784 has been merged in rkt with the fix from appc/docker2aci#97 and it will be in the next release rkt-v0.12.0.

@NeilW I'm closing the issue. If you notice the bug again, please reopen it.