Unable to start Consul Docker container

[anshumanbh]

My docker-compose file looks like this:

version: '2'

services:
    consul:
        container_name: consul
        image: consul:latest
        ports:
            - "8500:8500"
            - "8300:8300"
        volumes:
            - ./config:/config
            - ./_data/consul:/data
        command: agent -server -data-dir=/data -bind 0.0.0.0 -client 0.0.0.0 -bootstrap-expect=1 -disable-host-node-id

    vault:
        container_name: vault
        image: vault
        links:
            - consul:consul
        depends_on:
            - consul
        ports:
            - "8200:8200"
        volumes_from:
            - consul
        cap_add:
            - IPC_LOCK
        command: server -config=/config/vault.hcl

When I do a docker-compose up -d, the Vault container starts just fine. But, the Consul container fails with the below error:

BootstrapExpect is set to 1; this is the same as Bootstrap mode.
bootstrap = true: do not enable unless necessary
==> Starting Consul agent...
==> Error starting agent: Failed to setup node ID: open /data/node-id: permission denied

I am trying to run this on a Google Compute Engine instance with a Debian base image:

Linux vault-poc 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

Docker version:

Client:
 Version:       17.12.0-ce
 API version:   1.35
 Go version:    go1.9.2
 Git commit:    c97c6d6
 Built: Wed Dec 27 20:11:19 2017
 OS/Arch:       linux/amd64

Server:
 Engine:
  Version:      17.12.0-ce
  API version:  1.35 (minimum version 1.12)
  Go version:   go1.9.2
  Git commit:   c97c6d6
  Built:        Wed Dec 27 20:09:54 2017
  OS/Arch:      linux/amd64
  Experimental: false

Docker Compose version:

docker-compose version 1.18.0, build 8dd22a9
docker-py version: 2.6.1
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

Both Vault and Consul docker images have the latest tag.

I also noticed some logs in my Vault container when it starts:

2018/01/12 01:21:00.629667 [WARN ] physical/consul: check unable to talk with Consul backend: error=Put http://consul:8500/v1/agent/check/fail/vault:consul:8300:vault-sealed-check?note=Vault+Sealed: dial tcp: lookup consul on 127.0.0.11:53: no such host
2018/01/12 01:21:00.953570 [WARN ] physical/consul: reconcile unable to talk with Consul backend: error=service registration failed: Put http://consul:8500/v1/agent/service/register: dial tcp: lookup consul on 127.0.0.11:53: no such host
2018/01/12 01:21:01.633308 [WARN ] physical/consul: check unable to talk with Consul backend: error=Put http://consul:8500/v1/agent/check/fail/vault:consul:8300:vault-sealed-check?note=Vault+Sealed: dial tcp: lookup consul on 127.0.0.11:53: no such host
2018/01/12 01:21:01.959721 [WARN ] physical/consul: reconcile unable to talk with Consul backend: error=service registration failed: Put http://consul:8500/v1/agent/service/register: dial tcp: lookup consul on 127.0.0.11:53: no such host

Does anybody know what's going on?

[Cardds]

Check the permissions of ./_data/consul on the host machine. Likely, the user 'consul' in the container does not have permission to write to the directory mounted to /data in the container.

[mlcooper]

@anshumanbh did you figure out what this issue is? I got the same error message:

Error starting agent: Failed to setup node ID: open /data/node-id: permission denied

[pearkes]

Given we haven't heard anything based on @Cardds questions above I'm going to close this issue, but I encourage you to comment and we can re-open it if you want to pick this up again.

Alternatively, if things have changed dramatically, feel free to create a new issue or PR.

[SachinHg]

@Cardds @mlcooper @anshumanbh did you figure out what the issue is ? Is there a solution?

[jaybe78]

@Cardds @SachinHg @mlcooper @anshumanbh Has anyone found out how to resolve that issue ??

[bwulff]

Running into the same problem on a CentOS 7 host.

$ mkdir /test
$ chmod 777 /test
$ docker run -v /test:/consul/data consul
chown: /consul/data: Permission denied
$ docker run consul id consul
uid=100(consul) gid=1000(consul) groups=1000(consul),1000(consul)
$ chown 100:1000 /test
$ docker run -v /test:/consul/data consul
==> Starting Consul agent...
==> Error creating agent: Failed to setup node ID: open /consul/data/node-id: permission denied

[denisse-dev]

To anyone having this problem you need to give 777 permissions recursively to the local directory you're binding to the container.

Let's say the directory in your local machine is _data and in the container is data, you'd be doing something like this: ./_data/consul:/data in the volume section of your Docker compose file and therefore you need to do chmod -R 777 _data so the container has access to the folder and its contents.

[ghost]

Hey there,

This issue has been automatically locked because it is closed and there hasn't been any activity for at least 30 days.

If you are still experiencing problems, or still have questions, feel free to open a new one 👍.