6

Following is my docker-stack file.

version: "3"
services:
  my-app:    
    image: my-image:latest    
    volumes:
      - ./certs:/certs   
    ports:
      - 6401:6401
    networks:
      my-net:        
         ipv4_address: 192.168.0.4
networks:
  my-net:
    external: true

It works fine on my machine, binding certs folder to certs inside the container. However doesn't work in my CI pipeline where i am deploying this service inside a docker-stack-node image. The error i get is

invalid mount config for type "bind": bind mount source path does not exist.

I read that If you bind mount a host path into your service’s containers, the path must exist on every swarm node. So, I think i need to create a named volume. However, with the named volume i can't specify source path of certs. It's confusing. Can someone help with this?

Niraj
  • 376
  • 4
  • 14
  • I don't think this has anything to do with a named volume. I think this specifically just has to do with the CI host machine not having a certs directory where ever its running from. I'm not sure why certs are supposed to be on a mounted volume. How are the certs generated? Are they generated every single time CI runs or is it more like a secret or an artifact stored somewhere? If they're generated, you can add another image + container that generates or you can add it in from grabbing from a secrets management platform or artifact. – Will C Oct 19 '18 at 03:58
  • It's an artifact stored in repository(not a good practice but these are just for testing). So when CI runs the repo is cloned on the runner and then the service is deployed on the runner machine. When i run ls in the gitlab ci file, i can see the directory named certs there. May be the docker execution directory is different? my is using another container to copy those files? – Niraj Oct 19 '18 at 11:46
  • 1
    @Niraj how did you solved this? – Dr. House Sep 29 '19 at 23:01

2 Answers2

1

To bind to a directory the directory has to exist on the host machine so ./certs doesn't exist on the host running the container so...

If you want to bind the volume you will need to run:

mkdir -p ./certs

on the machine running the container and it will work.

It works on your machine because the directory exists locally.

Copy directory to host

scp -r /local/directory/ username@to_host:/remote/directory/
D. Vinson
  • 1,090
  • 6
  • 8
1

@Niraj I have ran into this issue as well and have figured out that each node needs the files to run. In your case I would do this:

  1. In your Dockerfile create the certs folder
    • RUN mkdir /certs
  2. Change compose-file to use absolute path
    • - $PWD/certs:/certs
  3. Copy certs into container
    • docker cp <file_name> <container_id>:/certs

Hope this helps!

CyberDemic
  • 180
  • 2
  • 6