hslatman
commented
4 months ago Hi @bergerst,
Is it possible you have some left over state from a previous run of the image? Or maybe from another install of the CA? Are you providing it a volume where it can write (and persist) its config? When I run this (note the slightly different volume; wanted to create a new configuration for this run):
docker run -it -v ./step:/home/step \
-p 9000:9000 \
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \
-e "DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true" \
smallstep/step-ca:0.25.2The CA seems to run OK, and responds with a 200 to the health check:
Unable to find image 'smallstep/step-ca:0.25.2' locally
0.25.2: Pulling from smallstep/step-ca
Digest: sha256:8ece4135e9baa7eed215b33510c98389544473e72618e7b44e4038b413e96670
Status: Downloaded newer image for smallstep/step-ca:0.25.2
badger 2024/03/04 14:38:32 INFO: All 1 tables opened in 0s
badger 2024/03/04 14:38:32 INFO: Replaying file id: 0 at offset: 6241
badger 2024/03/04 14:38:32 INFO: Replay took: 8.375µs
2024/03/04 14:38:32 Starting Smallstep CA/0.25.2 (linux/arm64)
2024/03/04 14:38:32 Documentation: https://u.step.sm/docs/ca
2024/03/04 14:38:32 Community Discord: https://u.step.sm/discord
2024/03/04 14:38:32 Config file: /home/step/config/ca.json
2024/03/04 14:38:32 The primary server URL is https://localhost:9000
2024/03/04 14:38:32 Root certificates are available at https://localhost:9000/roots.pem
2024/03/04 14:38:32 Additional configured hostnames: zetix
2024/03/04 14:38:32 X.509 Root Fingerprint: e960647be5e91d828c017fda6d9b32d70020d44a219e120d3c0bdea4e8e569e7
2024/03/04 14:38:32 Serving HTTPS on :9000 ...
INFO[0030] duration="628.958µs" duration-ns=628958 fields.time="2024-03-04T14:39:02Z" method=GET name=ca path=/health protocol=HTTP/2.0 referer= remote-address=127.0.0.1 request-id=cnitq1kkg5as73f521r0 size=16 status=200 user-agent="Smallstep CLI/0.25.1 (linux/arm64)" user-id=
^C2024/03/04 14:39:04 shutting down ...
badger 2024/03/04 14:39:04 INFO: Storing value log head: {Fid:0 Len:30 Offset:7850}
badger 2024/03/04 14:39:04 INFO: [Compactor: 173] Running compaction: {level:0 score:1.73 dropPrefixes:[]} for level: 0
badger 2024/03/04 14:39:04 INFO: LOG Compact 0->1, del 2 tables, add 1 tables, took 18.361791ms
badger 2024/03/04 14:39:04 INFO: [Compactor: 173] Compaction for level: 0 DONE
badger 2024/03/04 14:39:04 INFO: Force compaction on level 0 doneInspecting the Docker container shows something like this:
"Health": {
"Status": "healthy",
"FailingStreak": 0,
"Log": [
{
"Start": "2024-03-04T14:45:14.305018215Z",
"End": "2024-03-04T14:45:14.545445298Z",
"ExitCode": 0,
"Output": ""
}
]
}The reason step asks for the --ca-url is because it can't find it in the file with the defaults (defaults.json) in the step user directory (i.e. ./step/config/defaults.json in the above example run). When initializing the CA, both the CA configuration and the client defaults are written to files in the step user directory. When step is invoked, it'll check the file and set the defaults. It should only require --ca-url if it wasn't able to discover the right value from defaults.json. Can you check if those are available to your container?
bergerst
Steps to Reproduce
smallstep/step-ca:0.25.2docker ps, the new container is unhealthyYour Environment
step-caVersion - 0.25.2Expected Behavior
Container should become healthy
Actual Behavior
Container stays unhealthy forever
Additional Context
Most likely the problem is the healthcheck definition
The command fails because it expects a --ca-url parameter, but none is provided.
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).