'Singularity connection differences between 'instance start' and 'run' with custom network portmap and ssl self-signed certificate
I have built a singularity container from the docker hub registry like so:
sudo singularity build \
postgres12.sif \
docker://postgres:12
And can successfully run the container like:
sudo singularity run \
-B postgres12_data:/var/lib/postgresql/data \
-B postgres12_run:/var/run/postgresql \
--net \
--network-args "portmap=9932:5432/tcp" \
postgres12.sif \
-c ssl=on \
-c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem \
-c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
It requires starting with root, which I don't love, but subsequent connection is available with:
psql "sslmode=require" -h 0.0.0.0 -p 9932 -U postgres
Password for user postgres:
psql (13.5 (Debian 13.5-0+deb11u1), server 12.10 (Debian 12.10-1.pgdg110+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres-# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+------------+------------+-----------------------
postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
So far, so good.
However, when I try to start this as an instance, e.g.:
sudo singularity instance start \
-B postgres12_data:/var/lib/postgresql/data \
-B postgres12_run:/var/run/postgresql \
--net \
--network-args "portmap=9932:5432/tcp" \
postgres12.sif \
postgres-ssl-01 \
-c ssl=on \
-c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem \
-c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Then I cannot access the postgres service. I can see the instance, however:
sudo singularity instance list
INSTANCE NAME PID IP IMAGE
postgres-ssl-01 12345 [IP Adresss] /PATH/TO/postgres12.sif
Can anyone offer any insight into what I'm doing wrong? Thank you!
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|