just-containers / socklog-overlay Goto Github PK

s6-overlay version: 3.1.4.2
socklog-overlay version: 3.1.2-0

socklog fails to start at docker run.

Problems:

1. s6-overlay doesn't have binaries in the /usr/bin path anymore, all binaries are moved to /command folder.
   1. #!/usr/bin/execlineb -P doesn't work.
   2. Quickfix: Unpack s6-overlay-symlinks-arch.tar.xz additionally.
2. cont-init.d/~-socklog fails to run due to numerous errors:
   1. s6-test cannot be found (it was replaced with eltest)
   2. fix-attrs cannot be found in paths (it's been wind down).
   3. execlineb and printcontenv cannot be found (unpack s6-overlay-symlinks-arch.tar.xz to fix).
   4. Even after fixing 3 items above the /var/log/* folders are not chmoded in the end of the script due to some error (chmoding from Dockerfile works though).

I added this to a Dockerfile along with s6-overlay. I want to see the log output of cron without installing rsyslog proper.

After I start my container, I see repeatedly this message in the docker logs:

s6-log: fatal: unable to mkdir /var/log/socklog/cron: Permission denied

Container is ubuntu:16:04.

root@4961014f1773:/var/log/socklog# ls -lah
total 48K
drwxr-x--- 22 32768 32768 4.0K Feb 21 01:53 .
drwxr-xr-x  8 root  root  4.0K Feb 21 01:53 ..
drwxr-x---  2 32768 32768 4.0K Nov  2 18:01 cron
```

I basically just have a single file in `/etc/services.d/cron/run` that reads:

```
#!/usr/bin/with-contenv sh

exec cron -f
```

What are the right permissions for me to use?

I have some programs that expect to find individual log files under /var/log, and having them under /var/log/socklog/ will mess things up

I check your signature from https://keybase.io/justcontainers/key.asc for s6-overlay, but there is no signature for socklog-overlay. Could you please add one?

I am looking to do some process-specific logging, and want to create directories for it. So, i added those in the socklog script under /etc/cont-init.d:

#!/usr/bin/execlineb

if { s6-mkdir -p -m 0750 /var/log/socklog/cron }
if { s6-mkdir -p -m 0750 /var/log/socklog/daemon }
if { s6-mkdir -p -m 0750 /var/log/socklog/debug }
if { s6-mkdir -p -m 0750 /var/log/socklog/errors }
if { s6-mkdir -p -m 0750 /var/log/socklog/everything }
if { s6-mkdir -p -m 0750 /var/log/socklog/kernel }
if { s6-mkdir -p -m 0750 /var/log/socklog/mail }
if { s6-mkdir -p -m 0750 /var/log/socklog/messages }
if { s6-mkdir -p -m 0750 /var/log/socklog/secure }
if { s6-mkdir -p -m 0750 /var/log/socklog/user }
if { s6-mkdir -p -m 0755 /var/log/socklog/my/process }

But, the directories are created as user root, not nobody:nogroup as they should, so S6-log fails to write to them. I found some workarounds, each less straightforward than I think it should be:

• have the extra directories created beforehand and copied in during docker build, so the permission-fix of var/log/socklog will affect them too
• manually re-own the extra directories at the bottom of the /etc/cont-init.d script

any better way?

I'm frustrated at the time it takes my container to shut down when using the S6 socklog overlay service. When i use the socklog service it takes ~10sec but when i don't it takes ~700ms.

** I realize in the example below nginx does not need syslog. The real service i want to use, postfix, does use syslog so that is why i am using socklog. I used the example below because that is what s6 uses for their example.

Dockerfile

FROM ubuntu
ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.1/s6-overlay-amd64-installer /tmp/
RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer /

# Add S6 Socklog
ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.1-1/socklog-overlay-amd64.tar.gz /tmp/
RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C /

RUN apt-get update && \
    apt-get install -y nginx && \
    echo "daemon off;" >> /etc/nginx/nginx.conf
ENTRYPOINT ["/init"]
CMD ["nginx"]

Build the image: docker build -t test .

Run the Image: docker run --name test --rm -d test

Stop the Image: time docker stop test

bryan@cave ~/s/b/shutdown (master)> time docker stop test
test

________________________________________________________
Executed in   10.31 secs   fish           external 
   usr time   15.02 millis  317.00 micros   14.70 millis 
   sys time    9.88 millis   68.00 micros    9.81 millis 

I don't know how prevalent it is, but some applications (or humans, for that matter) expect logs to be in specific places. it will not do good to state a different location for the logs, as the structure will still be foreign (/var/log/socklog/whatever/current' instead of /var/log/whatever.log`).

So, it will be very convenient to have a way to automatically create symlinks (ln -s) that point to current in the right spot. that way, socklog takes care of syslog and rotation, the symlink is always fresh (as it will keep pointing to current even if the file is swapped), and there will be much rejoicing.

(I create those symlinks manually in /etc/cont-init.d manually, for now)

Ref. just-containers/s6-overlay#296

When using docker's --read-only and s6-overlay's S6_READ_ONLY_ROOT=1, then /var/log directory needs to be created before socklog can be used. Otherwise socklog yields error similar to #2 nonstop.

Considering that this is an add-on to s6-overlay, then perhaps this overlay could install an additional script setting up /var/log directory in case of S6_READ_ONLY_ROOT is enabled?

cat > /etc/cont-init.d/00-init-varlog <<EOF
#!/usr/bin/execlineb -P
mkdir -p /var/log
EOF