skip to Main Content

I’m trying to setup cyberark’s conjur solution using docker containers and a local volume to maintain persistent data. I followed the instructions in the following link: https://github.com/cyberark/conjur-quickstart

What I’m experiencing is that when I perform a "docker-compose down" and then bring it back up it starts off with a blank system with nothing saved.

Here is the docker-compose.yml file I’m working with:

version: '3'  
services:    
  openssl:  
    image: cyberark/conjur  
    container_name: openssl  
    entrypoint:  
     - openssl  
     - req  
     - -newkey  
     - rsa:2048  
     - -days  
     - "365"  
     - -nodes  
     - -x509  
     - -config  
     - /tmp/conf/tls.conf  
     - -extensions  
     - v3_ca  
     - -keyout  
     - /tmp/conf/nginx.key  
     - -out  
     - /tmp/conf/nginx.crt  
    volumes:  
     - ./conf/tls/:/tmp/conf  

  bot_app:  
    image: cfmanteiga/alpine-bash-curl-jq  
    privileged: true  
    container_name: bot_app  
    command: tail -F anything  
    volumes:  
    - ./program.sh:/tmp/program.sh  
    restart: on-failure  
  
  database:  
    image: postgres:10.16  
    container_name: postgres_database  
    environment:  
      POSTGRES_HOST_AUTH_METHOD: trust  
    ports:  
      - 8432:5432  
    volumes:  
      - /share/Container/docker/conjur:/var/lib/postgresql/data  
  
  pgadmin:  
#    [https]://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html  
    image: dpage/pgadmin4  
    environment:  
      PGADMIN_DEFAULT_EMAIL: [email protected]  
      PGADMIN_DEFAULT_PASSWORD: SuperSecret  
    ports:  
      - 18081:80  
  
  conjur:  
    image: cyberark/conjur  
    container_name: conjur_server  
    command: server  
    environment:  
      DATABASE_URL: postgres://postgres@database/postgres  
      CONJUR_DATA_KEY:  
      CONJUR_AUTHENTICATORS:  
    depends_on:  
    - database  
    restart: on-failure  
    ports:  
      - 18080:80  
  
  proxy:  
    image: nginx:1.13.6-alpine  
    container_name: nginx_proxy  
    ports:  
      - "8443:443"  
    volumes:  
      - ./conf/:/etc/nginx/conf.d/:ro  
      - ./conf/tls/:/etc/nginx/tls/:ro  
    depends_on:  
    - conjur  
    - openssl  
    restart: on-failure  
  
  client:  
    image: cyberark/conjur-cli:5  
    container_name: conjur_client  
    depends_on: [ proxy ]  
    entrypoint: sleep  
    command: infinity  
    volumes:  
    - ./conf/policy:/policy 

I can confirm that the data is being written to the local host volume /share/Container/docker/conjur. I tested by logging into the docker container via "docker exec -it bash" and go to the /var/lib/postgresql/data directory and touch a test.txt file. I then confirmed that on the local host volume that test.txt file is there.

But when I login to the pgadmin web interface and look at the databases I had created in the previous steps they don’t exist anymore and also the admin password has been set to default instead of what I had changed it to.

Any thoughts?

Thanks.

2

Answers


  1. There does not seem to be any issues with your database. It seems your connection to the database is not done properly. Could you try this ?

     pgadmin:  
        image: dpage/pgadmin4  
        environment:  
          PGADMIN_DEFAULT_EMAIL: [email protected]  
          PGADMIN_DEFAULT_PASSWORD: SuperSecret  
          PGADMIN_CONFIG_SERVER_MODE: 'False'
        links:
          - database
        volumes:
           - pgadmin:/root/.pgadmin
        ports:  
          - 18081:80  
    
    Login or Signup to reply.
  2. If you would like the database data to persist, you need to utilize a volume in Docker. This would require you to reference the volume in your docker-compose.yml file and use it in the database definition:

    version: '3'  
    services:    
      openssl:  
        image: cyberark/conjur  
        container_name: openssl  
        entrypoint:  
         - openssl  
         - req  
         - -newkey  
         - rsa:2048  
         - -days  
         - "365"  
         - -nodes  
         - -x509  
         - -config  
         - /tmp/conf/tls.conf  
         - -extensions  
         - v3_ca  
         - -keyout  
         - /tmp/conf/nginx.key  
         - -out  
         - /tmp/conf/nginx.crt  
        volumes:  
         - ./conf/tls/:/tmp/conf  
    
      bot_app:  
        image: cfmanteiga/alpine-bash-curl-jq  
        privileged: true  
        container_name: bot_app  
        command: tail -F anything  
        volumes:  
        - ./program.sh:/tmp/program.sh  
        restart: on-failure  
      
      database:  
        image: postgres:10.16  
        container_name: postgres_database  
        environment:  
          POSTGRES_HOST_AUTH_METHOD: trust  
        ports:  
          - 8432:5432  
        volumes:  
          - database:/var/lib/postgresql/data  
      
      pgadmin:  
    #    [https]://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html  
        image: dpage/pgadmin4  
        environment:  
          PGADMIN_DEFAULT_EMAIL: [email protected]  
          PGADMIN_DEFAULT_PASSWORD: SuperSecret
        links:
          - database
        depends_on:
          - database
        ports:  
          - 18081:80  
      
      conjur:  
        image: cyberark/conjur  
        container_name: conjur_server  
        command: server  
        environment:  
          DATABASE_URL: postgres://postgres@database/postgres  
          CONJUR_DATA_KEY:  
          CONJUR_AUTHENTICATORS:  
        depends_on:  
        - database  
        restart: on-failure  
        ports:  
          - 18080:80  
      
      proxy:  
        image: nginx:1.13.6-alpine  
        container_name: nginx_proxy  
        ports:  
          - "8443:443"  
        volumes:  
          - ./conf/:/etc/nginx/conf.d/:ro  
          - ./conf/tls/:/etc/nginx/tls/:ro  
        depends_on:  
        - conjur  
        - openssl  
        restart: on-failure  
      
      client:  
        image: cyberark/conjur-cli:5  
        container_name: conjur_client  
        depends_on: [ proxy ]  
        entrypoint: sleep  
        command: infinity  
        volumes:  
        - ./conf/policy:/policy
    
    volumes:
      database:
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search