credhub cli in docker on mac and fails in docker in concourse
pivotal-gabriel-dumitrescu opened this issue · 4 comments
What version of the credhub server you are using?
2.0.2 and 1.4.1
What version of the credhub cli you are using?
We tested on the newest and oldest patch releases from 2.0 down to 0.6.
If you were attempting to accomplish a task, what was it you were attempting to do?
Summary
We were attempting to use Credhub CLI 2.0 with Credhub Server 2.0.2 from a container in a Linux-hosted Concourse 3.14.1 server.
The same combination of CLI and Server versions works without issue natively on Mac, as well as in a Linux Docker image run on that Mac. The Docker image is the same as the one used in the job on the Concourse server.
Details
The Credhub CLI appears to have a mysterious failure when run in a Linux Docker image run by a Linux-hosted Concourse 3.14.1 server.
Specifically, credhub login succeeds, but the CLI refuses to try to talk with the Credhub server. This means that credhub --version hangs for many seconds before printing the line Server Version: Not Found. Have you targeted and authenticated against a CredHub server?, and operations like credhub find report You are not currently authenticated. Please log in to continue. very quickly.
These operations succeed without issue when run using the same Docker image on a Mac workstation, or running natively on a Mac.
tcpdump indicates that when the credhub --version operation fails, there is no traffic between the machine running the CLI and the Credhub Server. In contrast, when the operation is successful there is traffic.
When running against a 2.0.2 server, the versions up to 1.5.0 succeed. 1.5.3 and later fail.
When running against a 1.4.1 server, the versions up to 1.7.0 succeed. 1.7.7 and later fail.
We don't know where in the 1.5.x and 1.7.x families the issue crept in, as we tested the newest and oldest release in each family.
Testing Methodology
We wrote a script that effectively did the following in the Concourse job:
- Download, unpack, and make executable the Linux pre-built Credhub-CLI for the version being tested
- Run
credhub loginto log into the target Credhub server. - Run
credhub --versionto attempt to read the version info from the Credhub server.
Success was having something other than Not Found. Have you targeted and authenticated against a CredHub server? printed for the Server Version.
What did you expect to happen?
Use normal credhub functionality with credhub-cli 2.0.0 and credhub server 2.0.2.
What was the actual behavior?
Repeated assertions that we had not authenticated.
Please confirm where necessary:
- I have included a log output
- My log includes an error message
- I have included steps for reproduction
If you are a PCF customer with an Operation Manager (PCF Ops Manager) please direct your questions to support (https://support.pivotal.io/)
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/160111130
The labels on this github issue will be updated when the story is started.
@pivotal-gabriel-dumitrescu Thanks for your submission! We will prioritize as necessary!
@pivotal-gabriel-dumitrescu - sorry for the delay on our part again. Were you able to get around this issue? Also, are you by chance using an alpine-based container image?
@ankeesler Thank you for your response. We have successfully upgraded to version 2.4.0 for CredHub CLI and version 2.1.4 for the Server and the Docker image we were using was based on Debian "jessie".
$ credhub --version
CLI Version: 2.4.0
Server Version: 2.1.4