Conjur Upgrade Issue

I’m trying to upgrade from v5.x to v11.2.1 and I’m following the documentation below. When I try to run the command for step 2, I got the error that the ports are already in used (by the current master container). Does anybody know any workaround for this? This is running the command on the existing docker engine on a host. I appreciate any help! Thanks!

docker run --name conjur-new -d --restart=always --security-opt seccomp:unconfined -p “443:443” -p “636:636” -p “5432:5432” -p “1999:1999” registry.tld/conjur-appliance:11.2.1

docker: Error response from daemon: driver failed programming external connectivity on endpoint conjur_new: Bind for failed: port is already allocated.

Conjur Upgrade Doc

It looks like you might still have the v5.x container running when you try to upgrade. You’ll need to either start v11.2.1 on a separate machine, or perform a backup on the v5.x instance, stop that container (don’t delete it), then start the v11.2.1 container and perform a restore.


Jason is correct. The process I use when upgrading:

  • Generate a backup on the existing master using evoke backup
  • Copy the backup and key file created by ^ outside of the container (I prefer to use a volume mount in my docker run command to map /opt/conjur/backup to the same directory in the container. Doing that would save you this step as the backup and key would already be on the host’s /opt/conjur/backup directory)
  • Stop the existing master
  • docker run to start your new master with the new appliance image
  • Copy the backup and key into the master (skip if you did the volume mount I suggested)
  • Run docker exec <container> evoke unpack backup -k /opt/conjur/backup/key /opt/conjur/backup/<yourbackupfile>
  • Run docker exec <container> evoke restore master
  • Confirm master is healthy
  • redeploy stanbys and followers
  • remove old containers
  • grab a coffee



1 Like

Hi Jason & Nate - Thank you so much for you input! I’ll run these steps in my environment and will update this topic if I have any issues. I really appreciate your help, thanks!

Another tip here: There is a risk that if you forget to delete the old containers, you can downgrade your environment by just restarting the docker daemon. If you change the restart policy from always (from your docker run command) to unless-stopped you can mitigate that risk. You can apply this change with the docker update command as well. docker update --restart=unless-stopped your_container_name.


1 Like