[GODRIVER-1451] Unable to connect to Altas with multiple stage docker build Created: 20/Dec/19 Updated: 10/Jan/20 Resolved: 10/Jan/20 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | Connections |
| Affects Version/s: | 1.1.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Yong Wei Lun | Assignee: | Divjot Arora (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
MacOS Docker Server: 19.03.5 |
||
| Description |
|
I was able to connect to Atlas with Single stage docker build. However, when I want to optimise the image, i go for multi stage docker build, it cannot connect to Atlas, without any change on code
Go code
Dockerfile
Current console output
Expected console output (when using single stage docker build)
|
| Comments |
| Comment by Divjot Arora (Inactive) [ 10/Jan/20 ] | |||||||||||||||
|
I believe you would have to add the certificate. From what I understand, the issue is that the Docker image requires the certificate to be manually installed. Even if you are using X509-based authentication, the initial TLS handshake will fail because the system doesn't trust the certificate. I'm going to go ahead and close this ticket. Feel free to comment on it again or open a new ticket if you run into any other issues.
– Divjot | |||||||||||||||
| Comment by Yong Wei Lun [ 10/Jan/20 ] | |||||||||||||||
|
HI Divjot, | |||||||||||||||
| Comment by Yong Wei Lun [ 10/Jan/20 ] | |||||||||||||||
|
Hi Divjot, it works! Here is the final Dockerfile
| |||||||||||||||
| Comment by Divjot Arora (Inactive) [ 07/Jan/20 ] | |||||||||||||||
|
I did some investigation and it seems like the Docker scratch image requires you to manually install certificates. See https://stackoverflow.com/questions/52969195/docker-container-running-golang-http-client-getting-error-certificate-signed-by for an example. Also, as an aside, I tried spinning up an Atlas M0 cluster with X509 authentication enabled and saw that Atlas only supports X509 auth on M10+ clusters. Can you take a look at the link and see if adding the certificate solves your issue? | |||||||||||||||
| Comment by Divjot Arora (Inactive) [ 07/Jan/20 ] | |||||||||||||||
|
Thanks for the output. The root cause seems to be some sort of X509 certificate signing issue. At this point, I'm not sure why this works on one Docker image but not another. I'm investigating what could cause the issue and will write a new comment on this ticket once I have some ideas. | |||||||||||||||
| Comment by Yong Wei Lun [ 07/Jan/20 ] | |||||||||||||||
|
Hi Divjot, here is the error output after switch to context.TODO() for Connect and Ping operation, with scratch image.
By the way, I am using Atlas Free tier M0 cluster on GCP at Singapore. If that information will help.
It the Ping operation requires something from Linux or C/C++ that are not available at scratch image, so it does not work on scratch, but works on alpine image ?
| |||||||||||||||
| Comment by Divjot Arora (Inactive) [ 07/Jan/20 ] | |||||||||||||||
|
Can you try running this example with context.TODO() instead of the 20-second context? If the Ping operation cannot find a suitable server within 30 seconds, it will return a server selection error, which will report the state of the cluster from the driver's perspective. This error output might help clarify what's going on. | |||||||||||||||
| Comment by Yong Wei Lun [ 20/Dec/19 ] | |||||||||||||||
|
I tried to change the base image from `scratch` to `alpine`. It works. Any reason? |