Hey @andresguisado,
Conjur quick-start does not use permanent volumes for database storage as it is mainly a quick way to start working on Conjur. Because of this, when you restart your containers, the data in your environment will need to be recreated. If you want a quick fix for this where the data is saved through reboots of containers, you can modify the docker-compose.yaml and add that in.
Then, I ran the get started guide from scratch and when I am creating the Conjur account and initializing the admin user, I have got the following error in the admin_data output file:
chmod 777 to /Users/andresguisado/postgresql_conjur
Now, I got the API Key for admin user
However, by configuring docker volumes in the docker-compose as above and restarting the containers with docker-compose, it is still showing the same error:
error: Failed to open TCP connection to conjur:80 (Connection refused - connect(2) for "conjur" port 80)
@andresguisado Hmm… not sure what could be happening there as the info should have been retained. I can try running that here locally and I’ll let you know what I find.
@andresguisado, thank you for the detailed info on reproducing this issue!
I think this is a bug in Conjur. If you take a look at the conjur container logs after
the services are brought up with docker-compose up -d, there’s one telling line:
A server is already running. Check /opt/conjur-server/tmp/pids/server.pid.
For some reason, the PID that’s stored in /opt/conjur-server/tmp/pids/server.pid is
not getting properly cleaned when the conjur container is stopped & restarted after a connection/authentication has been established. There seems to be
a history or state in Conjur that keeps track of connections/authentications, and
that’s checked before clearing the server.pid file. I have to do some digging in
the code to see why that is so.
For now, what you could do is to add one step to your workflow: Completely remove the Conjur container, i.e.:
dockercompose rm -f conjur
after doing docker-compose stop, and before doing docker-compose up -d. This should remove
the container completely (i.e. delete all of its state).
Here’s an example session where I recreate and then recover from this error:
dane@dane-vbox:~/cyberark2/conjur-quickstart$ docker-compose exec client conjur authn login -u admin
Please enter admin's password (it will not be echoed):
error: Failed to open TCP connection to conjur:80 (Connection refused - connect(2) for "conjur" port 80)
dane@dane-vbox:~/cyberark2/conjur-quickstart$ docker-compose stop conjur
Stopping conjur_server ... done
dane@dane-vbox:~/cyberark2/conjur-quickstart$ docker-compose rm -f conjur
Going to remove conjur_server
Removing conjur_server ... done
dane@dane-vbox:~/cyberark2/conjur-quickstart$ docker-compose up -d conjur
postgres_database is up-to-date
Creating conjur_server ... done
dane@dane-vbox:~/cyberark2/conjur-quickstart$ docker-compose exec client conjur authn login -u admin
Please enter admin's password (it will not be echoed):
Logged in
dane@dane-vbox:~/cyberark2/conjur-quickstart$