Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to run tang in a docker container? #27

Closed
AdrianKoshka opened this issue Jun 7, 2018 · 8 comments
Closed

Is it possible to run tang in a docker container? #27

AdrianKoshka opened this issue Jun 7, 2018 · 8 comments

Comments

@AdrianKoshka
Copy link

AdrianKoshka commented Jun 7, 2018
edited
Loading

I wanted to setup tang, but also am using fedora atomic host, and thought I could just whip up a quick docker container to run tang for me. I was very wrong, after countless hours I've pretty much gotten no-where. Due to the way tangd is designed, is it possible to run it from a docker container at all and have it work properly? The repo for anyone interested: https://github.com/AdrianKoshka/tang-docker-container

The issue I would run into is that I'd never get tang to respond properly on port 80. Curl would always say connection reset by peer, or that the response was empty.
@npmccallum
Copy link
Contributor

There is no particular problem with running Tang in a container. However, there are some considerations.

  1. Tang uses socket connection activation. This can be handled by either systemd (run /sbin/init) or by something like xinetd.

  2. Containers raise a question about storage isolation. Basically, Tang needs to have its keys inaccessable to the data you encrypt with clevis. But if you are running two containers: one with Tang and another with data encrypted with Clevis using a Tang policy, it is very possible that both sides of that key exchange could land their key material on the same disk.

It is still probably worth having a Tang container. But don't use it to encrypt data on the same node.

@npmccallum
Copy link
Contributor

I sent you a PR that makes Tang work in docker using xinetd. I'll close the bug now, but feel free to ask any questions.

@hddmet
Copy link

hddmet commented Jul 31, 2018

I tried the docker image, it is fully functional. It seems like the service response fail to terminate. It is the same whether the base image is ubuntu or centos. I think it is a quick fix if you have a chance to a look at a running container instance. Thanks.

@npmccallum
Copy link
Contributor

@hddmet This is not the repository for the docker image. Please file an issue here: https://github.com/AdrianKoshka/tang-docker-container

@ctr49
Copy link

ctr49 commented Oct 7, 2019

@AdrianKoshka do you have a new place for the docker repo? The link above doesn't work anymore.
(also the link to the GitLab repo in the tang readme doesn't work)

@AdrianKoshka
Copy link
Author

I don't, I didn't realize the gitlab repo still existed either.

@hddmet
Copy link

hddmet commented Oct 7, 2019 via email

@rugk rugk mentioned this issue May 19, 2020
Open
@rugk
Copy link

rugk commented May 19, 2020

Ugh this is all confusing given the "official" docker image linked in the Readme is not there anymore(?). See #48

@rugk rugk mentioned this issue May 19, 2020
Open
@sarroutbi sarroutbi mentioned this issue Feb 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@npmccallum @ctr49 @hddmet @AdrianKoshka @rugk