Skip to content
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.

rkt doesn't seem to provide /dev/stdout, /dev/stderr etc. #1617

Closed
NeilW opened this issue Oct 16, 2015 · 7 comments
Closed

rkt doesn't seem to provide /dev/stdout, /dev/stderr etc. #1617

NeilW opened this issue Oct 16, 2015 · 7 comments

Comments

@NeilW
Copy link

NeilW commented Oct 16, 2015

Following on from coreos/bugs#926 I note that the trick of linking /dev/stdout and /dev/stderr to the nginx error logs in that Dockerfile doesn't work on rkt. Apparently the devices are not provided to the running filesystem.

The docker image was generated from https://github.com/deis/example-dockerfile-http

@alban
Copy link
Member

alban commented Oct 16, 2015

Docker images expect to have /dev/stdout and /dev/stder according to:
https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#filesystem

But ACI images should not expect it according to:
https://github.com/appc/spec/blob/master/spec/OS-SPEC.md#devices-and-file-systems

@iaguis should docker2aci adds the missing /dev files in every image translated? Since they are symlinks, that should not add security concerns.

Note that the Docker spec does not match the implementation: the Docker spec uses /proc/1:

Source Destination
/proc/1/fd /dev/fd
/proc/1/fd/0 /dev/stdin
/proc/1/fd/1 /dev/stdout
/proc/1/fd/2 /dev/stderr

And the implementation in setupDevSymlinks uses /proc/self. I think /proc/self should be used (opencontainers/runc#337).

@alban
Copy link
Member

alban commented Oct 16, 2015

When rkt adds the /dev/std* symlinks, it still fails with the error "No such device or address" because systemd uses unix sockets for stdout/stderr when redirecting the logs to the journal. See the thread open() "/dev/stderr" failed on the systemd mailing list.

In the nginx Dockerfile, you have:

RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log

If you use /dev/console instead of /dev/stdout and /dev/stderr, it should work because /dev/console is not an unix socket.

And in the nginx configuration, the default value for logging is:

error_log logs/error.log error;

So nginx opens the file logs/error.log, which is a symlink to /dev/stderr, which is a symlink to /proc/self/fd/2, which is a unix socket to the journal. Instead of doing that, it would be simpler to tell nginx to just write to its stdout/stderr.

The nginx configuration could use the following:

error_log stderr error;

I presume access.log will have the same problem. It can be configured with access_log but I don't see an option for stdout here. So I suggest just to use /dev/console.

@NeilW
Copy link
Author

NeilW commented Oct 16, 2015

I appreciate the workaround note, however the point of the ticket is that this is a publicly available container spec that works fine on Docker, but not on rkt, and I want to use it without change.

To be able to use rkt rather than docker in our deployment systems, it has to be a seamless experience.

@jonboulle
Copy link
Contributor

@alban @iaguis per #rkt-dev discussion, should this be added to docker2aci?

@alban
Copy link
Member

alban commented Oct 20, 2015

@jonboulle I think so, I just filed appc/docker2aci#96

@jonboulle
Copy link
Contributor

Looks like this just needs a docker2aci bump now.

alban added a commit to alban/rkt that referenced this issue Nov 23, 2015
The last docker2aci should help with the following issues:
- rkt#1653 (whiteout-ed hard links)
- rkt#1617 (/dev/stdout)
@alban
Copy link
Member

alban commented Nov 24, 2015

#1784 has been merged in rkt with the fix from appc/docker2aci#97 and it will be in the next release rkt-v0.12.0.

@NeilW I'm closing the issue. If you notice the bug again, please reopen it.

@alban alban closed this as completed Nov 24, 2015
alban added a commit to kinvolk/rkt that referenced this issue Nov 25, 2015
The last docker2aci should help with the following issues:
- rkt#1653 (whiteout-ed hard links)
- rkt#1617 (/dev/stdout)
blixtra pushed a commit to blixtra/rkt that referenced this issue Nov 25, 2015
The last docker2aci should help with the following issues:
- rkt#1653 (whiteout-ed hard links)
- rkt#1617 (/dev/stdout)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants