-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker container fails to restart #2381
Comments
Thanks for posting this issue @Infinoid. I was able to reproduce. I happened to have the Right now it's not clear what's causing this behavior, and so this will likely require further investigation. A quick fix is to comment out the
|
Summary
The
cyberark/conjur
docker container does not restart gracefully. It leaves a stale pidfile behind, and then refuses to start.Steps to Reproduce
docker restart conjur_server
(Restarting the docker host machine is also sufficient to reproduce the problem.)
Expected Results
Conjur server serves conjurs after the restart.
Actual Results (including error logs, if applicable)
Server did not restart properly. Clients get "connection refused" attempting to contact the server.
docker logs conjur_server
contains an error message about how the PID file already exists.This log contains output from both the first run and the second (failed) one:
Search the above for
server.pid
.Reproducible
I don't know if it's 100%, but it occurs at least 50% of the time for me. Happens often for me, for the past year or more, whenever system updates on the docker host machine require a reboot.
Version/Tag number
Latest. Currently failing on docker image
sha256:3f552a4b683b064e45265ba875f6fcc797170a8a3f93ff90e81e5f9df337682e
, tagged as1.13.1
.Environment setup
This happens in the environment set up by following the quickstart instructions without any modifications.
Docker version 20.10.7, build 20.10.7-0ubuntu1~20.04.2
With minor changes to the
docker-compose.yml
file (just adding "docker://" prefixes), I also see the same problem withpodman-compose
.podman version 3.0.1
Additional Information
Once the stale pidfile is present, the server will NEVER restart until it is removed. It can be removed as follows:
docker exec conjur_server rm /opt/conjur-server/tmp/pids/server.pid; docker restart conjur_server
.When the server is in the bad state,
docker top conjur_server
shows fewer processes running.Good:
Bad:
I think that the docker init script should clean up stale PID files. Alternately, the server process could check whether a process with that pid is running, and is not the current process id.
The text was updated successfully, but these errors were encountered: