Conjur Upgrade Issue

sonny · February 26, 2020, 9:56pm

I’m trying to upgrade from v5.x to v11.2.1 and I’m following the documentation below. When I try to run the command for step 2, I got the error that the ports are already in used (by the current master container). Does anybody know any workaround for this? This is running the command on the existing docker engine on a host. I appreciate any help! Thanks!

Command:
docker run --name conjur-new -d --restart=always --security-opt seccomp:unconfined -p “443:443” -p “636:636” -p “5432:5432” -p “1999:1999” registry.tld/conjur-appliance:11.2.1

Output:
docker: Error response from daemon: driver failed programming external connectivity on endpoint conjur_new: Bind for 0.0.0.0:5432 failed: port is already allocated.

Conjur Upgrade Doc

jason.vanderhoof · February 27, 2020, 12:13am

Sonny,
It looks like you might still have the v5.x container running when you try to upgrade. You’ll need to either start v11.2.1 on a separate machine, or perform a backup on the v5.x instance, stop that container (don’t delete it), then start the v11.2.1 container and perform a restore.

nathan.whipple · February 27, 2020, 2:10pm

Jason is correct. The process I use when upgrading:

Generate a backup on the existing master using evoke backup
Copy the backup and key file created by ^ outside of the container (I prefer to use a volume mount in my docker run command to map /opt/conjur/backup to the same directory in the container. Doing that would save you this step as the backup and key would already be on the host’s /opt/conjur/backup directory)
Stop the existing master
docker run to start your new master with the new appliance image
Copy the backup and key into the master (skip if you did the volume mount I suggested)
Run docker exec <container> evoke unpack backup -k /opt/conjur/backup/key /opt/conjur/backup/<yourbackupfile>
Run docker exec <container> evoke restore master
Confirm master is healthy
redeploy stanbys and followers
remove old containers
grab a coffee

HTH!

Regards,
Nate

sonny · February 27, 2020, 8:20pm

Hi Jason & Nate - Thank you so much for you input! I’ll run these steps in my environment and will update this topic if I have any issues. I really appreciate your help, thanks!

nathan.whipple · April 21, 2020, 8:28pm

Another tip here: There is a risk that if you forget to delete the old containers, you can downgrade your environment by just restarting the docker daemon. If you change the restart policy from always (from your docker run command) to unless-stopped you can mitigate that risk. You can apply this change with the docker update command as well. docker update --restart=unless-stopped your_container_name.

Regards,
Nate

Topic		Replies	Views
How to Recover a "Misplaced" API Key Guides and HowTo's opensource , faq	18	2766	December 17, 2019
Lost my account and secrets when the conjur_server docker container stopped unexpectedly. Is there a way to retrieve everything back Conjur Secrets Management - Conjur, Secrets Hub & CP	7	1319	April 11, 2020
Conjur Tutorial - Enrolling an Application: extending the explanation Secrets Management - Conjur, Secrets Hub & CP	4	986	September 7, 2021
NOTICE: A bug introduced in the latest Docker CE version can prevent the Conjur container from starting Conjur Enterprise	0	328	May 21, 2021
Conjur - port 443 error Secrets Management - Conjur, Secrets Hub & CP	17	3859	January 3, 2020

Conjur Upgrade Issue

Related Topics