1

我正在尝试使用docker容器和本地卷设置cyberark的conjur解决方案来维护持久数据。我按照以下链接中的说明进行操作:https ://github.com/cyberark/conjur-quickstart

我正在经历的是,当我执行“docker-compose down”然后将其重新启动时,它从一个空白系统开始,没有任何保存。

这是我正在使用的 docker-compose.yml 文件:

version: '3'  
services:    
  openssl:  
    image: cyberark/conjur  
    container_name: openssl  
    entrypoint:  
     - openssl  
     - req  
     - -newkey  
     - rsa:2048  
     - -days  
     - "365"  
     - -nodes  
     - -x509  
     - -config  
     - /tmp/conf/tls.conf  
     - -extensions  
     - v3_ca  
     - -keyout  
     - /tmp/conf/nginx.key  
     - -out  
     - /tmp/conf/nginx.crt  
    volumes:  
     - ./conf/tls/:/tmp/conf  

  bot_app:  
    image: cfmanteiga/alpine-bash-curl-jq  
    privileged: true  
    container_name: bot_app  
    command: tail -F anything  
    volumes:  
    - ./program.sh:/tmp/program.sh  
    restart: on-failure  
  
  database:  
    image: postgres:10.16  
    container_name: postgres_database  
    environment:  
      POSTGRES_HOST_AUTH_METHOD: trust  
    ports:  
      - 8432:5432  
    volumes:  
      - /share/Container/docker/conjur:/var/lib/postgresql/data  
  
  pgadmin:  
#    [https]://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html  
    image: dpage/pgadmin4  
    environment:  
      PGADMIN_DEFAULT_EMAIL: user@domain.com  
      PGADMIN_DEFAULT_PASSWORD: SuperSecret  
    ports:  
      - 18081:80  
  
  conjur:  
    image: cyberark/conjur  
    container_name: conjur_server  
    command: server  
    environment:  
      DATABASE_URL: postgres://postgres@database/postgres  
      CONJUR_DATA_KEY:  
      CONJUR_AUTHENTICATORS:  
    depends_on:  
    - database  
    restart: on-failure  
    ports:  
      - 18080:80  
  
  proxy:  
    image: nginx:1.13.6-alpine  
    container_name: nginx_proxy  
    ports:  
      - "8443:443"  
    volumes:  
      - ./conf/:/etc/nginx/conf.d/:ro  
      - ./conf/tls/:/etc/nginx/tls/:ro  
    depends_on:  
    - conjur  
    - openssl  
    restart: on-failure  
  
  client:  
    image: cyberark/conjur-cli:5  
    container_name: conjur_client  
    depends_on: [ proxy ]  
    entrypoint: sleep  
    command: infinity  
    volumes:  
    - ./conf/policy:/policy 

我可以确认数据正在写入本地主机卷 /share/Container/docker/conjur。我通过“docker exec -it bash”登录到 docker 容器并进入 /var/lib/postgresql/data 目录并触摸 test.txt 文件进行了测试。然后我确认在本地主机卷上有 test.txt 文件。

但是当我登录到 pgadmin Web 界面并查看我在前面步骤中创建的数据库时,它们不再存在,并且管理员密码已设置为默认值,而不是我更改的密码。

有什么想法吗?

谢谢。

4

2 回答 2

0

您的数据库似乎没有任何问题。您与数据库的连接似乎没有正确完成。你能试试这个吗?

 pgadmin:  
    image: dpage/pgadmin4  
    environment:  
      PGADMIN_DEFAULT_EMAIL: user@domain.com  
      PGADMIN_DEFAULT_PASSWORD: SuperSecret  
      PGADMIN_CONFIG_SERVER_MODE: 'False'
    links:
      - database
    volumes:
       - pgadmin:/root/.pgadmin
    ports:  
      - 18081:80  
于 2021-05-24T07:20:24.237 回答
0

如果您希望数据库数据持久保存,则需要在 Docker 中使用卷。这将要求您引用文件中的卷并在定义docker-compose.yml中使用它:database

version: '3'  
services:    
  openssl:  
    image: cyberark/conjur  
    container_name: openssl  
    entrypoint:  
     - openssl  
     - req  
     - -newkey  
     - rsa:2048  
     - -days  
     - "365"  
     - -nodes  
     - -x509  
     - -config  
     - /tmp/conf/tls.conf  
     - -extensions  
     - v3_ca  
     - -keyout  
     - /tmp/conf/nginx.key  
     - -out  
     - /tmp/conf/nginx.crt  
    volumes:  
     - ./conf/tls/:/tmp/conf  

  bot_app:  
    image: cfmanteiga/alpine-bash-curl-jq  
    privileged: true  
    container_name: bot_app  
    command: tail -F anything  
    volumes:  
    - ./program.sh:/tmp/program.sh  
    restart: on-failure  
  
  database:  
    image: postgres:10.16  
    container_name: postgres_database  
    environment:  
      POSTGRES_HOST_AUTH_METHOD: trust  
    ports:  
      - 8432:5432  
    volumes:  
      - database:/var/lib/postgresql/data  
  
  pgadmin:  
#    [https]://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html  
    image: dpage/pgadmin4  
    environment:  
      PGADMIN_DEFAULT_EMAIL: user@domain.com  
      PGADMIN_DEFAULT_PASSWORD: SuperSecret
    links:
      - database
    depends_on:
      - database
    ports:  
      - 18081:80  
  
  conjur:  
    image: cyberark/conjur  
    container_name: conjur_server  
    command: server  
    environment:  
      DATABASE_URL: postgres://postgres@database/postgres  
      CONJUR_DATA_KEY:  
      CONJUR_AUTHENTICATORS:  
    depends_on:  
    - database  
    restart: on-failure  
    ports:  
      - 18080:80  
  
  proxy:  
    image: nginx:1.13.6-alpine  
    container_name: nginx_proxy  
    ports:  
      - "8443:443"  
    volumes:  
      - ./conf/:/etc/nginx/conf.d/:ro  
      - ./conf/tls/:/etc/nginx/tls/:ro  
    depends_on:  
    - conjur  
    - openssl  
    restart: on-failure  
  
  client:  
    image: cyberark/conjur-cli:5  
    container_name: conjur_client  
    depends_on: [ proxy ]  
    entrypoint: sleep  
    command: infinity  
    volumes:  
    - ./conf/policy:/policy

volumes:
  database:
于 2022-01-05T18:27:26.040 回答