Docker Community Forums

Share and learn in the Docker community.

Odd Issue with volume on OEL 7.5


(Rhugga) #1

I’ve run into an interesting problem. Might be something dumb staring me right in the face but it eludes me.

If I run the following command from a shell script the container runs fine and the application can access the files in the mounted volumes.

docker run -d
–volume /var/lib/etcd:/var/lib/etcd
–volume /etc/etcd/ssl:/etc/etcd/ssl
–publish 2379:2379
–publish 2380:2380
–name etcd1
etcd-3.2.23:v1
/etcd
-name etcd1
-data-dir /var/lib/etcd
-advertise-client-urls URL_REFACTED_BECAUSE_DUMB_FORUM_CONFIG
-listen-client-urls URL_REDACTED_BECAUSE_DUMB_FORUM_CONFIG
-initial-advertise-peer-urls URL_REDACTED_BECAUSE_DUMB_FORUM_CONFIG
-listen-peer-urls URL_REDACTED_BECAUSE_DUMB_FORUM_CONFIG
-peer-cert-file=/etc/etcd/ssl/myhost.example.com.pem
-peer-key-file=/etc/etcd/ssl/myhost.example.com-key.pem
-peer-client-cert-auth
-peer-trusted-ca-file=/etc/etcd/ssl/ca.pem
-initial-cluster etcd0=URL_REDACTED_BECAUSE_DUMB_FORUM_CONFIG
-initial-cluster-state new

When I run this same command as a systemd service, the container for some reason complains it can’t open the keys I have in /etc/etcd/ssl:

2018-07-24 12:38:59.079538 I | etcdmain: etcd Version: 3.2.23
2018-07-24 12:38:59.079589 I | etcdmain: Git SHA: c9504f61f
2018-07-24 12:38:59.079601 I | etcdmain: Go Version: go1.8.7
2018-07-24 12:38:59.079606 I | etcdmain: Go OS/Arch: linux/amd64
2018-07-24 12:38:59.079612 I | etcdmain: setting maximum number of CPUs to 24, total number of available CPUs is 24
2018-07-24 12:38:59.079667 I | embed: peerTLS: cert = “/var/lib/etcd/ssl/myhost.pem”, key = “/var/lib/etcd/ssl/myhost.example.com-key.pem”, ca = , trusted-ca = “/var/lib/etcd/ssl/ca.pem”, client-cert-auth = false
2018-07-24 12:38:59.079786 C | etcdmain: open “/var/lib/etcd/ssl/myhost.pem”: no such file or directory

Yet when I bash into the container I can access the file without issue.

I’ve already tried opening the permissions to wide open even though everything is running as root.

Anyone have any ideas?

p.s. Why in the world does a support forum related to docker limit a user to a post containing 2 URL’s? /FACEPALM