EDIT: This was fixed by @sgnn7. Link.
OS: Ubuntu 16.04.4 LTS
While trying to follow the Quick Start Tutorial I ran into some issues that were not happening when I followed it on MacOS. Here’s a write up of everything @AndrewCopeland and I did to get the it working on Ubuntu.
The first issue I ran into was originally posted here. I was getting the error:
$ docker-compose up -d
Creating postgres_database ... done
Creating openssl ... done
Creating bot_app ... done
Creating conjur_server ... done
Creating nginx_proxy ... error
ERROR: for nginx_proxy Cannot start service proxy: b'OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \\"rootfs_linux.go:58: mounting \\\\\\"/home/scrapbook/tutorial/conjur-quickstart/conf/default.conf\\\\\\" to rootfs \\\\\\"/var/lib/docker/overlay/3b578a083ce7833e47d08cee715d2c5db63a159dc80f69e8f3183a13ee7def6a/merged\\\\\\" at \\\\\\"/var/lib/docker/overlay/3b578a083ce7833e47d08cee715d2c5db63a159dc80f69e8f3183a13ee7def6a/merged/etc/nginx/conf.d/default.conf\\\\\\" caused \\\\\\"not a directory\\\\\\"\\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type'
ERROR: for proxy Cannot start service proxy: b'OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \\"rootfs_linux.go:58: mounting \\\\\\"/home/scrapbook/tutorial/conjur-quickstart/conf/default.conf\\\\\\" to rootfs \\\\\\"/var/lib/docker/overlay/3b578a083ce7833e47d08cee715d2c5db63a159dc80f69e8f3183a13ee7def6a/merged\\\\\\" at \\\\\\"/var/lib/docker/overlay/3b578a083ce7833e47d08cee715d2c5db63a159dc80f69e8f3183a13ee7def6a/merged/etc/nginx/conf.d/default.conf\\\\\\" caused \\\\\\"not a directory\\\\\\"\\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type'
ERROR: Encountered errors while bringing up the project.
The NGINX container was failing to run, because of some weird error with Docker mounting volumes on Ubuntu.
Our workaround was to build the NGINX container separately using a Dockerfile and copying over the cert files in in the Dockerfile.
mkdir nginx
mv conf/policy .
cp -r conf nginx/
rm -r conf
cat <<EOF > nginx/Dockerfile
FROM nginx:1.13.6-alpine
COPY ./conf/default.conf /etc/nginx/conf.d/default.conf
COPY ./conf/tls/nginx.key /etc/nginx/nginx.key
COPY ./conf/tls/nginx.crt /etc/nginx/nginx.crt
EOF
Next we had to change the docker-compose.yml to reflect this:
version: '2'
services:
openssl:
image: svagi/openssl:latest
container_name: openssl
entrypoint:
- openssl
- req
- -newkey
- rsa:2048
- -days
- "365"
- -nodes
- -x509
- -config
- tmp/conf/tls.conf
- -extensions
- v3_ca
- -keyout
- tmp/conf/nginx.key
- -out
- tmp/conf/nginx.crt
bot_app:
image: cfmanteiga/alpine-bash-curl-jq
privileged: true
container_name: bot_app
command: tail -F anything
database:
image: postgres:9.4
container_name: postgres_database
conjur:
image: cyberark/conjur
container_name: conjur_server
command: server
environment:
DATABASE_URL: postgres://postgres@database/postgres
CONJUR_DATA_KEY:
depends_on: [ database ]
proxy:
build: ./nginx
container_name: nginx_proxy
ports:
- "8443:443"
depends_on: [ conjur ]
client:
image: cyberark/conjur-cli:5
container_name: conjur_client
depends_on: [ proxy ]
entrypoint: sleep
command: infinity
As you can see, we deleted all of the volume mounts from the docker-compose.yml and also changed the proxy config to tell it to build from our Dockerfile.
Then, we manually copied over the other two files we would need to finish the tutorial:
docker cp ./policy/BotApp.yml conjur_client:/BotApp.yml
docker cp ./program.sh bot_app:/
(If you wanted to you could also make Dockerfiles for these two containers to copy the files, like we did with NGINX)
Finally, to start the containers we use docker-compose up -d --build to also build the NGINX container while starting the others.
This is still a work in progress. You can find the repo we’re working out of here, if you have any suggestions.