Docker run fails to start container

[mblau-leaffilter]

Hello,

I am following along with your Pluralsight course and no matter what I do I cannot get the docker container to run. I have even cloned the repo and went through the commands in the run-vault.sh as well as running the script itself. Every time I get this in the docker logs:

2021-04-20T14:34:14.850Z [INFO]  proxy environment: http_proxy= https_proxy= no_proxy=
Error initializing listener of type tcp: error loading TLS cert: open /vault/certs/vault_key.key: permission denied

How can I fix this issue?

[ned1313]

Hi @mblau-leaffilter,
When you run the commands you should be in the m3 directory. In the parent directory you should see a directory tree like this:

server1
├── certs
│   ├── vault_cert.pem  
│   └── vault_key.key   
├── config
│   └── vault-config.hcl
├── data
│   ├── raft
│   │   ├── raft.db  
│   │   └── snapshots
│   └── vault.db     
├── file
└── logs

The docker command mounts the full path to the server1 directory on the container folder vault.

The server1 directory has the rest of the Vault server configuration, which leads me to believe that only the certs are missing. Maybe they were written to a different directory?

[mblau-leaffilter]

Hi @ned1313 I can confirm that my file tree looks like:
mblau@mblau-VirtualBox:~/projects/Hashicorp-Certified-Vault-Associate-Vault-Management/server1$ ls certs/ vault_cert.pem vault_key.key mblau@mblau-VirtualBox:~/projects/Hashicorp-Certified-Vault-Associate-Vault-Management/server1$
so I can see the certs in the proper directories and I can see the raft db and related have been created. When I ran the commands I was in the m3 directory.

[ned1313]

It may have something to do with permissions. Here's what my file permissions look like in WSL:

certs $ls -la
total 8
drwxrwxrwx 1 ned ned 4096 Mar 29 10:12 .
drwxrwxrwx 1 ned ned 4096 Mar 29 10:14 ..
-rwxrwxrwx 1 ned ned 3887 Mar 29 10:12 vault_cert.pem
-rwxrwxrwx 1 ned ned 3243 Mar 29 10:12 vault_key.key 

What OS are you running on?

[mblau-leaffilter]

Hey @ned1313 I am using Ubuntu Bungie 20.04. This is what my permissions look like in the certs directory

mblau@mblau-VirtualBox:~/projects/Hashicorp-Certified-Vault-Associate-Vault-Management/certs$ ls -la
total 36
drwxrwxr-x  2 mblau mblau 4096 Apr 20 10:49 .
drwxrwxr-x 10 mblau mblau 4096 Apr 20 10:22 ..
-rw-rw-r--  1 mblau mblau 2057 Apr 20 10:49 ca.cert.pem
-rw-rw-r--  1 mblau mblau   41 Apr 20 10:49 ca.cert.srl
-rw-------  1 mblau mblau 3243 Apr 20 10:49 ca.key.pem
-rw-rw-r--  1 mblau mblau  295 Apr 20 10:49 server1.conf
-rw-rw-r--  1 mblau mblau 1732 Apr 20 10:49 server1.csr
-rw-------  1 mblau mblau 3243 Apr 20 10:49 server1.key
-rw-rw-r--  1 mblau mblau 1830 Apr 20 10:49 server1.pem

And this is the permissions in server1/certs:

mblau@mblau-VirtualBox:~/projects/Hashicorp-Certified-Vault-Associate-Vault-Management/server1/certs$ ls -la
total 16
drwxrwxr-x 2 mblau mblau 4096 Apr 20 10:49 .
drwxrwxr-x 7 mblau mblau 4096 Apr 20 10:25 ..
-rw-rw-r-- 1 mblau mblau 3887 Apr 20 10:49 vault_cert.pem
-rw------- 1 mblau mblau 3243 Apr 20 10:49 vault_key.key

[ned1313]

Seems like that may be the issue. Try running:

sudo chmod -R 644 certs/

To update permissions on the certs directory. I'm guess that the user the docker daemon is running under doesn't have permission to read the vault_key.key.

[mblau-leaffilter]

Hey @ned1313 to match your permissions I had to set 0777 on the directory, which works, but seems problematic in that it is world writeable. So I would ideally like to scope down to less than that.