I'm using traefik-certs-dumper in a Docker container. When I add certain flags to the

<div class="highlight highlight-text-shell-session notranslate position-relative overflow-auto" dir=

Docker issue with certain flags about traefik-certs-dumper HOT 24 CLOSED

nicnatros commented on June 15, 2024 1

Docker issue with certain flags

from traefik-certs-dumper.

Comments (24)

ldez commented on June 15, 2024 1

It's because you forget to add the name of the image at the end of the command line.

Try this:

$ docker run --entrypoint='sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem' ldez/traefik-certs-dumper:v2.8.1

from traefik-certs-dumper.

ldez commented on June 15, 2024

Hello,

your 2nd line contains 2 times "traefik-certs-dumper file".

I don't know if it's a copy-paste error inside the issue or something else.

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

Hi Ludovic,
Thank you so much for the response. Yes, that was a copy paste mistake.

I've corrected the entrypoint to the below and it still doesn't work. Not sure if maybe my syntax is incorrect somewhere.

sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs --crt-ext=.pem --key-ext=.pem –-domain-subdir=true

It runs just fine until I add those last three flags at the end. The problem appears to be there.
Can these be specified with environment variables instead?
I checked the log but there doesn't seem to be an indication of why it fails.
I don't know that it matters but I'm modifying this field in Portainer where I get a status code 400.

--LOG--
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/2) Installing oniguruma (6.9.4-r1)
(2/2) Installing jq (1.6-r0)
Executing busybox-1.30.1-r3.trigger
OK: 7 MiB in 16 packages

from traefik-certs-dumper.

ldez commented on June 15, 2024

What is the problem exactly?

from traefik-certs-dumper.

ldez commented on June 15, 2024

$ traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs --crt-ext=.pem --key-ext=.pem –-domain-subdir=true
Error: --crt-ext (".pem") and --key-ext (".pem") are identical, in this case --domain-subdir is required
Usage:
  traefik-certs-dumper file [flags]

Flags:
  -h, --help             help for file
      --source string    Path to 'acme.json' file. (default "./acme.json")
      --version string   Traefik version. If empty use v1. Possible values: 'v2'.

Global Flags:
      --clean              Clean destination folder before dumping content. (default true)
      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
      --crt-ext string     The file extension of the generated certificates. (default ".crt")
      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
      --dest string        Path to store the dump content. (default "./dump")
      --domain-subdir      Use domain as sub-directory.
      --key-ext string     The file extension of the generated private keys. (default ".key")
      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
      --watch              Enable watching changes.

2022/07/27 20:18:42 root.go:45: --crt-ext (".pem") and --key-ext (".pem") are identical, in this case --domain-subdir is required
exit status 1

from traefik-certs-dumper.

ldez commented on June 15, 2024

it's because you are using an invalid character: you are using an En Dash (\u2013) instead of a Hyphen-Minus (\u002D) here: –-domain-subdir=true (the first character is an En Dash)

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

I was using Portainer to do this but that obscured the problem because it's not very verbose. I tried adding the entrypoint using the command line and now there is better feedback on why it isn't running.

root@NAS:/var/lib/docker/bindmounts# docker run --entrypoint sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem traefik-certs-dumper
Unable to find image 'apk:latest' locally
docker: Error response from daemon: pull access denied for apk, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

from traefik-certs-dumper.

ldez commented on June 15, 2024

your problem is here –-domain-subdir=true you must use this --domain-subdir=true.
It's related to a wrong character.

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

Good catch, and I did fix the character. Using the proper character there's still an error about the "apk add jq"

Unable to find image 'apk:latest' locally
docker: Error response from daemon: pull access denied for apk, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

root@NAS:/var/lib/docker/bindmounts# docker run --entrypoint sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ jq ".[] | .Certificates | length" /data/acme.json != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem traefik-certs-dumper
Unable to find image 'apk:latest' locally
docker: Error response from daemon: pull access denied for apk, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

from traefik-certs-dumper.

ldez commented on June 15, 2024

I think you are not using an alpine image: apk is the package manager for alpine.

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

Ok. I didn't realize that this was OS dependent. I'm on Debian.

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

Looks like I need to substitute that command for (apt install jq -y) for Debian.

from traefik-certs-dumper.

ldez commented on June 15, 2024

or just use an alpine image.

it's not dependent on your OS but on the OS inside the image.

from traefik-certs-dumper.

ldez commented on June 15, 2024

you just have to use my image ldez/traefik-certs-dumper

https://hub.docker.com/r/ldez/traefik-certs-dumper/

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

The image I've been using is ldez/traefik-certs-dumper:v2.7.4

docker: Error response from daemon: pull access denied for apt, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

This makes it sound like the container either doesn't have the repository or the container permissions don't allow access to pull a package.

from traefik-certs-dumper.

ldez commented on June 15, 2024

No, if you are using the right image, the image contains apk.

The latest version is v2.8.1 but v2.7.4 works too.

from traefik-certs-dumper.

ldez commented on June 15, 2024

I don't know what you are doing but you are doing something wrong:

$ docker run --rm -it --entrypoint /bin/sh ldez/traefik-certs-dumper:v2.8.1
/ # apk add jq
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
(1/2) Installing oniguruma (6.9.7.1-r0)
(2/2) Installing jq (1.6-r1)
Executing busybox-1.34.1-r3.trigger
OK: 7 MiB in 16 packages

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

That's right. I accidentally inserted container name instead of image name. I think we are very close.

root@NAS:/var/lib/docker/bindmounts# docker run --entrypoint='sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem' ldez/traefik-certs-dumper:v2.8.1
Unable to find image 'ldez/traefik-certs-dumper:v2.8.1' locally
v2.8.1: Pulling from ldez/traefik-certs-dumper
Digest: sha256:2734462fc8290feab0e34a00d5f3e4992ba74f8e3712d74efff7ae703d0e7e87
Status: Downloaded newer image for ldez/traefik-certs-dumper:v2.8.1
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq \".[] | .Certificates | length\" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem": stat sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem: no such file or directory: unknown.
ERRO[0001] error waiting for container: context canceled

from traefik-certs-dumper.

ldez commented on June 15, 2024

you have to mount the directory

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

Sorry, this is a result of not being familiar with docker in the command line. I usually use Portainer for the UI to manage containers but wasn't able to get a clear indication of the issue in portainer. In my portainer issue I have the volume bind mounted correctly. Adding volume to the cmd.

from traefik-certs-dumper.

ldez commented on June 15, 2024

If you don't know well Docker, I recommend using a docker-compose file.

You have an example here: https://github.com/ldez/traefik-certs-dumper/blob/master/docs/docker-compose-traefik-v2.yml

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

I've had no shortage of dumb mistakes. I believe I might be creating the container right this time.

"docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec:"
"no such file or directory: unknown."

root@NAS:/var/lib/docker/bindmounts/traefik# docker run --name cert-extract4 -v /var/lib/docker/bindmounts/traefik:/data --entrypoint='sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem' ldez/traefik-certs-dumper:v2.8.1
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq \".[] | .Certificates | length\" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem": stat sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem: **no such file or directory: unknown.**
ERRO[0000] error waiting for container: context canceled

from traefik-certs-dumper.

ldez commented on June 15, 2024

The following command works:

docker run --rm  -v /var/lib/docker/bindmounts/traefik/:/data/ --entrypoint='sh' ldez/traefik-certs-dumper:v2.8.1 -c 'apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs --domain-subdir=true --crt-ext=.pem --key-ext=.pem'

Note: you still have an invalid character in –-domain-subdir, you must use --domain-subdir (the first character is a problem because it's not a hyphen)

from traefik-certs-dumper.

nicnatros commented on June 15, 2024

That worked. I can't believe that wrong character re-entered my string. Thank you so much for all your help. I really appreciate it!

from traefik-certs-dumper.

Docker issue with certain flags about traefik-certs-dumper HOT 24 CLOSED

Comments (24)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent