search

globocom / huskyCI

Performing security tests inside your CI
https://huskyci.opensource.globo.com
BSD 3-Clause "New" or "Revised" License
572 stars 137 forks source link

Error starting the huskyCI_API container #488

Closed andrehck closed 4 years ago

andrehck commented 4 years ago

SO: centos-7-v20200429 docker logs 92b0e0cf5f5a go: downloading github.com/labstack/echo v3.3.10+incompatible go: downloading golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 go: downloading gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 go: downloading golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 go: downloading github.com/docker/docker v1.13.1 go: downloading github.com/globocom/glbgelf v0.0.0-20190310030100-36e52796d86a go: downloading github.com/google/uuid v1.1.1 go: downloading github.com/valyala/fasttemplate v1.1.0 go: downloading github.com/labstack/gommon v0.3.0 go: downloading github.com/dgrijalva/jwt-go v3.2.0+incompatible go: downloading github.com/spf13/viper v1.7.0 go: downloading github.com/mattn/go-colorable v0.1.2 go: downloading github.com/mattn/go-isatty v0.0.9 go: downloading gopkg.in/Graylog2/go-gelf.v2 v2.0.0-20191017102106-1550ee647df0 go: downloading github.com/lib/pq v1.5.2 go: downloading github.com/magiconair/properties v1.8.1 go: downloading github.com/hashicorp/hcl v1.0.0 go: downloading github.com/valyala/bytebufferpool v1.0.0 go: downloading github.com/mitchellh/mapstructure v1.1.2 go: downloading github.com/fsnotify/fsnotify v1.4.7 go: downloading github.com/spf13/cast v1.3.0 go: downloading github.com/spf13/pflag v1.0.3 go: downloading gopkg.in/yaml.v2 v2.2.4 go: downloading gopkg.in/ini.v1 v1.51.0 go: downloading github.com/subosito/gotenv v1.2.0 go: downloading golang.org/x/text v0.3.2 go: downloading github.com/pelletier/go-toml v1.2.0 go: downloading golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd go: downloading github.com/spf13/afero v1.1.2 go: downloading github.com/spf13/jwalterweatherman v1.0.0 go: downloading github.com/docker/go-units v0.4.0 go: downloading github.com/docker/distribution v2.7.1+incompatible go: downloading github.com/docker/go-connections v0.4.0 go: downloading github.com/pkg/errors v0.8.1 go: downloading github.com/opencontainers/go-digest v1.0.0 2020/06/03 19:43:57 App's name undefined. 2020/06/03 19:43:57 Tags not defined. Using appName. 2020/06/03 19:43:57 {"version":"1.1","host":"92b0e0cf5f5a","short_message":"Logging to stdout","full_message":"Logging to stdout","timestamp":1591213437,"level":6,"app":"undefined","file":"/go/pkg/mod/github.com/globocom/glbgelf@v0.0.0-20190310030100-36e52796d86a/glbgelf.go","line":180,"tags":"undefined"} 2020/06/03 19:43:57 {"version":"1.1","host":"92b0e0cf5f5a","short_message":"Starting HuskyCI. []","full_message":"Starting HuskyCI. []","timestamp":1591213437,"level":6,"action":"main","app":"undefined","file":"/go/src/github.com/globocom/huskyCI/api/log/log.go","info":"SERVER","line":31,"tags":"undefined"} 2020/06/03 19:43:57 {"version":"1.1","host":"92b0e0cf5f5a","short_message":"Environment variables set properly. []","full_message":"Environment variables set properly. []","timestamp":1591213437,"level":6,"action":"CheckHuskyRequirements","app":"undefined","file":"/go/src/github.com/globocom/huskyCI/api/log/log.go","info":"API-UTIL","line":31,"tags":"undefined"} 2020/06/03 19:43:57 {"version":"1.1","host":"92b0e0cf5f5a","short_message":"Could not start a new Docker API client: [could not read CA certificate \"/go/src/github.com/globocom/huskyCI/ca.pem\": open /go/src/github.com/globocom/huskyCI/ca.pem: permission denied]","full_message":"Could not start a new Docker API client: [could not read CA certificate \"/go/src/github.com/globocom/huskyCI/ca.pem\": open /go/src/github.com/globocom/huskyCI/ca.pem: permission denied]","timestamp":1591213437,"level":3,"action":"NewDocker","app":"undefined","file":"/go/src/github.com/globocom/huskyCI/api/log/log.go","info":"DOCKERAPI","line":51,"tags":"undefined"} 2020/06/03 19:43:57 {"version":"1.1","host":"92b0e0cf5f5a","short_message":"Docker API Healthcheck failed: [could not read CA certificate \"/go/src/github.com/globocom/huskyCI/ca.pem\": open /go/src/github.com/globocom/huskyCI/ca.pem: permission denied]","full_message":"Docker API Healthcheck failed: [could not read CA certificate \"/go/src/github.com/globocom/huskyCI/ca.pem\": open /go/src/github.com/globocom/huskyCI/ca.pem: permission denied]","timestamp":1591213437,"level":3,"action":"HealthCheckDockerAPI","app":"undefined","file":"/go/src/github.com/globocom/huskyCI/api/log/log.go","info":"DOCKERAPI","line":51,"tags":"undefined"} 2020/06/03 19:43:57 {"version":"1.1","host":"92b0e0cf5f5a","short_message":"Error(s) found when starting HuskyCI API: [could not read CA certificate \"/go/src/github.com/globocom/huskyCI/ca.pem\": open /go/src/github.com/globocom/huskyCI/ca.pem: permission denied]","full_message":"Error(s) found when starting HuskyCI API: [could not read CA certificate \"/go/src/github.com/globocom/huskyCI/ca.pem\": open /go/src/github.com/globocom/huskyCI/ca.pem: permission denied]","timestamp":1591213437,"level":3,"action":"main","app":"undefined","file":"/go/src/github.com/globocom/huskyCI/api/log/log.go","info":"SERVER","line":51,"tags":"undefined"}

Krlier commented 4 years ago

Oi, @andrehck! Obrigado pelo contato!

Você tentou iniciar o huskyCI rodando o comando make install? Através dele alguns dos certificados que constam como faltando no log da aplicação são gerados, o que parece ser o problema.

Se você tiver usado o comando acima para iniciar o huskyCI, seria possível você conferir sua pasta deployments/certs e verificar se os certificados foram gerados?

Como o projeto está em inglês e de forma a tornar os possíveis aprendizados dessa issue mais transparentes para o resto da comunidade, tudo bem se continuarmos a conversa no idioma?

Hi, @andrehck! Thanks for reaching out to us!

Did you try starting huskyCI with make install? By running that command, you also generate some of the needed certificates that are missing, which seems to be the problem here.

If you did start huskyCI with the command above, would you mind having a look at the deployments/certs folder to be sure the certificates were generated?

andrehck commented 4 years ago

Right! I started huskyCI with the make install command and the containers that start are these: image

After a few seconds the container: huskyCI-API is down: image

Here is a print of the deployments / certs folder: image

Can I open a branch for documentation in Portuguese?

Krlier commented 4 years ago

All necessary files seem to be present in that print. Going back to the error message, I see now it seems to be some kind of permission issue, huskyCI's API is not able to reach the directory inside the container.

I also did try to reproduce this error on a CentOS machine with a fresh Docker and Docker-Compose installation, but with no success. Everything went well. 😕

Can I open a branch for documentation in Portuguese?

Definitely!

andrehck commented 4 years ago

oxii I will do an analysis in the logs and try to solve then, I will finalize this issue, if I can resolve it before recreating the machine I reopen it and add the solution in case anyone needs it. =) Thanks for the help!

lihararora commented 4 years ago

@andrehck did you manage to find the solution? I'm running into same problem on centos 8.

andrehck commented 4 years ago

@lihararora no, I had to reinstall the hundreds, apply as necessary updates to be able to work.

lihararora commented 4 years ago

@andrehck - thanks the response. This seems to work for me on centos 7.