The official docs for running within docker don’t mention running a secure cluster, so i had a stab as trying to compose this, but the Admin UI fails to login, with errors in the logs about a missing cookie.
cockroach:
image: cockroachdb/cockroach:v2.1.4
container_name: cockroach
ports:
- '127.0.0.1:26257:26257'
- '127.0.0.1:8080:8080'
command: start --certs-dir=/cockroach/certs --listen-addr=cockroach
volumes:
- './certs/crdb:/cockroach/certs'
healthcheck:
test: /cockroach/cockroach node status --certs-dir=/cockroach/certs
interval: 10s
timeout: 10s
retries: 6
Container logs (from stdout via docker-compose logs):
cockroach | *
cockroach | * WARNING: [n?] listen address "172.19.0.2" not in node certificate (IP=127.0.0.1; DNS=localhost,cockroach; CN=node)
cockroach | * Secure node-node and SQL connections are likely to fail.
cockroach | * Consider extending the node certificate or tweak --listen-addr/--advertise-addr.
cockroach | *
cockroach | CockroachDB node starting at 2019-01-29 05:49:22.1300077 +0000 UTC (took 1.0s)
cockroach | build: CCL v2.1.4 @ 2019/01/16 16:05:40 (go1.10.7)
cockroach | webui: https://cockroach:8080
cockroach | sql: postgresql://root@cockroach:26257?sslcert=%2Fcockroach%2Fcerts%2Fclient.root.crt&sslkey=%2Fcockroach%2Fcerts%2Fclient.root.key&sslmode=verify-full&sslrootcert=%2Fcockroach%2Fcerts%2Fca.crt
cockroach | client flags: /cockroach/cockroach <client cmd> --host=cockroach:26257 --certs-dir=/cockroach/certs
cockroach | logs: /cockroach/cockroach-data/logs
cockroach | temp dir: /cockroach/cockroach-data/cockroach-temp141164548
cockroach | external I/O path: /cockroach/cockroach-data/extern
cockroach | store[0]: path=/cockroach/cockroach-data
cockroach | status: initialized new cluster
cockroach | clusterID: 6296c5c6-57e0-4e09-896e-952fd56868da
cockroach | nodeID: 1
Logs from within the container (not visible from docker-compose -logs -f cockroach
)
I190129 05:51:21.826570 776 server/authentication.go:374 Web session error: http: named cookie not present
Attempting to login with a user (who has a password) always fails (HTTP:401), i’m assuming it’s related to the Cookie error msg.
Any thoughts or pointers on running single node in secure mode (in my case docker for mac)?
As a sidenote, i understand that I could just run in insecure mode, but i want to run integration tests and ensure that connecting to a secure cluster works as part of this integration test phase.