Installing mokey inside docker container

[Grejeru]

Hello,

I've tried to install mokey inside docker with freeipa server being outside. Everything works fine until I try to login to mokey via webui or even do any mokey commands inside container.

[root@selfserv /]# mokey newacct --uid grejeru FATA[0000] Post https://ipa.example.com/ipa/json: x509: certificate is not valid for any names, but wanted to match ds1.example.com

I've found one topic about that here https://github.com/golang/go/issues/24293 but even downgrading docker to version 17.09 (compiled on go 1.8.3) didn't helped.

Anyone has succeeded in mokey installation inside docker?

Whole docker-compose available here https://github.com/Grejeru/mokey-docker

[aebruno]

@Grejeru I have not tried installing mokey inside a docker container yet. Just a guess, but the error message looks like it may be a dns issue. Mokey communicates to FreeIPA using goipa library and pins the FreeIPA ca cert (located at /etc/ipa/ca.crt) for all https api calls. It also finds your FreeIPA hostname from /etc/ipa/default.conf if you don't specify one in the mokey.yaml config. Check to make sure ipahost: "<ipa.example.com>" setting is correct and matches the certificate for that server.

The error above sounds like you have ipahost: ipa.example.com but the hostname of your FreeIPA server is really dns1.example.com.

[Grejeru]

No, it's properly resolving dns. Question is: Which version of Go mokey is being compiled for CentOS 7 rpm?

[Grejeru]

@aebruno it looks that Mokey is being compiled with Go 1.9+ for rpms. I have manually compiled mokey with Go 1.8.7, moved compiled binary inside docker container and now I don't have problems with x509 certificate problems. It looks like what was broken in Go will affect mokey as I have default install of FreeIPA.

[aebruno]

New version of mokey is up. Now requires Go v1.11 or greater. Hopefully your issues are solved. Closing for now but feel free to re-open if you still have issues.

[Grejeru]

@aebruno I've had mokey successfully running inside Docker, but one of colleagues tried to update mokey to recent version. My hack was overwritten by v0.5.2. Go 1.11 has same problem as 1.9 and now I can't get mokey work with my FreeIPA due to x509 certificate problems.

I've tried to compile again with older version of mokey (v0.0.6) with Go 1.8.7 (as earlier), but it failes due to missing dependency

[sebastian@admin1a] 03:52:25
((detached from v0.0.6)) ~/Golang/src/github.com/ubccr/mokey > go build .
app/context.go:18:2: no buildable Go source files in /home/greyer/Golang/src/github.com/ory/hydra/sdk
[sebastian@admin1a] 03:52:36
((detached from v0.0.6)) ~/Golang/src/github.com/ubccr/mokey >

Looks like ory hydra was changed and now it's not compiling due to missing dependency.

[aebruno]

mokey now requires go v1.11 or greater to compile. I'm not sure I fully understand what issue you're having. It sounds like it's an issue with the self-signed FreeIPA certs? You should be able to fix this by adding your FreeIPA CA to your systems certificate trust store.