This is the draft of conjur-arm64 blog.

This blog is about my journey of building CyberArk Conjur container image that works on both ARM-based & Intel/AMD-based computer.

If you're looking for a solution to execute Conjur on Pi4, you can download docker-compose.yml & .env files to spin up a the quincycheng/conjur:latest image that I built

As an IOT & single-board-computer lover, I recently pick up a Raspberry Pi 4 board as an upgrade of Pi2. Pi4 SDB is very nice SBC, that got enough processing power to execute container-based apps, while keep operating in low voltage powered by USB.

Considering the power consumed by homelab VM servers, guess it's a good idea to run the 7x24 systems on Pi 4 and power on my 220V VM systems only when I need them.

(left) Raspberry Pi 4 in Argon NEO Heatsink Case (right) Raspberry Pi 2 with 3.5" LCD HAT

One of the apps that I use is CyberArk Conjur. Together with summon, it's an awesome way to inject secrets to my container-based apps, CLI and automation tools like Ansible.

To run applications on Pi4, we need to make sure the applications are arm64 compatible.

Conjur is publicily avaliable as container image, let's check Docker Hub.

After a quick search, I found that link to the image is https://hub.docker.com/repository/docker/cyberark/conjur

Now, I have two news - good and bad.

The bad news is, as you can see in above screen capture, the offical repo got linux/amd64 images, and no linux/arm64.

The good news is, Conjur is an open source ource project, meaning that we could build an container image with both linux/arm64 & linux/amd64

Okay, first thing first, let's get the source code. With the link from Docker Hub, I can quickly access GitHub project page.

Conjur project on GitHub

Let's create a folder to clone the project. With git clone https://github.com/cyberark/conjur.git, we got the source code less than a second, literally.
I notice that Conjur is written in Ruby, which should be portable and can easily port for arm64 using ruby images, right?

Cloning Conjur project from GitHub

Container defination is located in Dockerfile file, and the base image for assemble is set by FROM statement

From statement in Dockerfile from conjur project

14:37:56 13:59:23

*Built 38 mins and get an error *

openssl/openssl#11105

Based on https://www.openssl.org/docs/fips.html, at the time of writing this blog, it said Neither validation will work with any release other than 1.0.2. So guess we need to stick with openssl 1.0.2.

So back to the issue page, there is a workaround which does not require any source code modifications. Awesome! Shout to @alexw91

The solution to fix the compile issue

Updated Dockerfile

56 Minutes and 50 Seconds

*Built openssl-builder successfully in 3410.1s

Below is the .env

CONJUR_DATA_KEY=<place your data key here, can be generated by `docker-compose exec conjur conjurctl account create default`>
POSTGRES_PASSWORD=<place your database password here, can be any random string>

Below is the docker-compose.yml

version: '3'
services:
  database:
    image: postgres:10.14
    container_name: postgres_database
    environment:
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
    volumes:
    - ./postgres-data:/var/lib/postgresql/data

  conjur:
    image: quincycheng/conjur
    container_name: conjur_server
    command: server
    environment:
      DATABASE_URL: "postgres://postgres:${POSTGRES_PASSWORD}@database/postgres"
      CONJUR_DATA_KEY: "${CONJUR_DATA_KEY}"
    depends_on:
    - database
    restart: on-failure
    ports:
      - "8888:80"