3

Depending on where my binary is being executed, I get different results on mgo Dial.

Right now, I'm building on my machine (Fedora: uname -a: Linux localhost.localdomain 4.15.6-300.fc27.x86_64 #1 SMP Mon Feb 26 18:43:03 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux) using the following command:

$ CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -ldflags '-s' -o myProgram

So, if I build my docker image using:

FROM centos
COPY myProgram "/usr/local/bin/myProgram"
ENTRYPOINT ["/usr/local/bin/myProgram"]

It works perfectly. That means I'm connected to the database. But, if I change to:

FROM debian
COPY myProgram "/usr/local/bin/myProgram"
ENTRYPOINT ["/usr/local/bin/myProgram"]

I'm getting no reachable servers. My goal is to compile the application on gitlab-ci using the golang image, and run it on a alpine container.

The question is: Why the same executable get different results on different base images?

Does mgo (or go) use something related to the OS? I mean, it seems that my binary will run only on red hat based distribution (just a guess, it doesn't make much sense to me right now.)

Dial source code:

dialInfo := &mgo.DialInfo{
    Addrs:          config.Addr,
    Database:       config.Auth,
    Username:       config.User,
    Password:       config.Pass,
    ReplicaSetName: config.ReplicaSet,
    Timeout:        time.Second * 10,
}
dialInfo.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) {
    return tls.Dial("tcp", addr.String(), &tls.Config{})
}

session, err := mgo.DialWithInfo(dialInfo)
if err != nil {
    log.Fatal(err.Error())
}
brnovais
  • 101
  • 1
  • 7
  • What is the address you are trying to connect to? – Michael Hampton Mar 14 '18 at 23:31
  • @MichaelHampton It's a cluster on MongoDB Atlas ([cluster-shard].mongodb.net:27017. Just for testing purposes it's allowing access from anywhere (0.0.0.0/0). I'm connected to it using MongoDB Compass, and there are some documents as well. My first thought was also some type of connection issue, so I tried to ping the cluster from within the machine, and also use nc -z to test the port (both tests were fine). – brnovais Mar 14 '18 at 23:55

1 Answers1

2

Just solved the mystery. It's indeed related to the docker base image, and not to the build step.

It'll work perfectly if I do:

FROM debian
RUN apt-get update
RUN apt-get install -y ca-certificates

As my goal is to use the alpine image, I'm using the following right now:

FROM alpine
RUN apk --no-cache add ca-certificates

Hope that helps someone with the same problem. For more information, see: http://blog.cloud66.com/x509-error-when-using-https-inside-a-docker-container/

PS.: mgo (no reachable servers) error message was pointing me out in the wrong direction.

brnovais
  • 101
  • 1
  • 7