Conjur failover : Missing conjur_authenticator variable

gautamkanithi · March 17, 2021, 10:39pm

Hello,

We have configured to add multiple authenticators to the conjur container as an variable that will be placed under conjur.conf, however when there is a failover happening, the new elected master and the standby attached to it wipes out the added authenticator list ( CONJUR_AUTHENTICATORS) from the configuration and have only default authn, this is having major issue while the followers trying to contact the master.

Any idea how can this be fixed, we tried with as adding env variable while container build, however this is the not solution in case need to add a new, the complete container need to be rebuilt.

Appreciate your responses.

Kr,
Gautam

AndreaCappuccinello · March 18, 2021, 6:02pm

For anyone who is also interested: in version 12.0 this got solved by using possum.conf instead of conjur.conf.
They are both located under /opt/conjur/etc/ so please use possum.conf for variables, like CONJUR_AUTHENTICATORS, that require surviving a failover.

Topic		Replies	Views
Setting CONJUR_AUTHENTICATORS in docker-compose.yml Secrets Management - Conjur, Secrets Hub & CP docker	8	945	August 17, 2020
Authenticator Client Error Secrets Management - Conjur, Secrets Hub & CP opensource , kubernetes , conjur	10	1026	September 27, 2022
Followers /info API endpoint shows no authenticators enabled (except default), cluster shows custom authenticators Conjur Enterprise conjur	2	164	June 14, 2023
Authenticator pod failing to authenticate Secrets Management - Conjur, Secrets Hub & CP	21	7085	November 18, 2019
Conjur Standby Nodes rebuild issue Secrets Management - Conjur, Secrets Hub & CP	3	649	June 17, 2021

Conjur failover : Missing conjur_authenticator variable

Related Topics