Secrets are not available in Docker container - docker

I create secret "databasePassword" using the below command:
echo 123456 | docker secret create databasePassword -
Below is my yml file to create the MySQL and phpMyAdmin where I'm trying to use this secret in the yml file.
version: '3.1'
services:
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: unless-stopped
container_name: db-mysql
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: 'false'
MYSQL_ROOT_PASSWORD: /run/secrets/databasePassword
ports:
- 3306:3306
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
timeout: 20s
retries: 10
secrets:
- databasePassword
beyond-phpmyadmin:
image: phpmyadmin
restart: unless-stopped
container_name: beyond-phpmyadmin
environment:
PMA_HOST: db-mysql
PMA_PORT: 3306
PMA_ARBITRARY: 1
links:
- db
ports:
- 8081:80
But the databasePassword is not getting set as 123456. It is set as the string "/run/secrets/databasePassword" I tried using docker stack deploy also, but it also didn't work.
I tried setting the secrets at the end of the file like below by some web research, but it also didn't work.
version: '3.1'
services:
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: unless-stopped
container_name: db-mysql
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: 'false'
MYSQL_ROOT_PASSWORD: /run/secrets/databasePassword
ports:
- 3306:3306
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
timeout: 20s
retries: 10
secrets:
- databasePassword
beyond-phpmyadmin:
image: phpmyadmin
restart: unless-stopped
container_name: beyond-phpmyadmin
environment:
PMA_HOST: db-mysql
PMA_PORT: 3306
PMA_ARBITRARY: 1
links:
- db
ports:
- 8081:80
secrets:
databasePassword:
external: true

Docker cannot know that /run/secrets/databasePassword is not a literal value of the MYSQL_ROOT_PASSWORD variable, but a path to a file that you would like to read the secret from. That's not how secrets work. They are simply available in a /run/secrets/<secret-name> file inside the container. To use a secret, your container needs to read it from the file.
Fortunatelly for you, the mysql image knows how to do it. Simply use MYSQL_ROOT_PASSWORD_FILE instead of MYSQL_ROOT_PASSWORD:
services:
db:
image: mysql
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: 'false'
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/databasePassword
secrets:
- databasePassword
...
secrets:
databasePassword:
external: true
See "Docker Secrets" in the mysql image documentation.

Related

Docker compose issue with pgAdmin

I have the following docker-compose file.
But I am unable to connect to pgAdmin from the browser. I don't understand the issue as if I send data from postman then it gets saved to pgAdmin app which is on my local machine But when I visit localhost://5050/browser/ then that table does not appear in the browser.
version: '1'
services:
postgres:
container_name: postgres_container
image: 'postgres:latest'
environment:
POSTGRES_USER: ${POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DATABASE}
ports:
- 5432:5432
networks:
app_network:
ipv4_address: 172.26.0.11
restart: unless-stopped
healthcheck:
test: ['CMD', 'pg_isready -U postgres']
interval: 5s
timeout: 5s
retries: 5
volumes:
- postgres:/data/postgres
pgadmin:
container_name: pgadmin_container
image: dpage/pgadmin4
depends_on:
- postgres
volumes:
- pgadmin:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:-'email'}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-'password'}
PGADMIN_CONFIG_SERVER_MODE: 'False'
ports:
- '${PGADMIN_PORT:-5050}:80'
networks:
- app_network
restart: unless-stopped
networks:
app_network:
external: true
driver: bridge
volumes:
postgres:
pgadmin:
The tables from my pgAdmin app.
The tables from the localhost:5050/browser/ link.
I have correctly set the connection for pgAdmin in browser.

Access denied for user 'root' (using password: NO)

This is my docker-compose file, everytime I run the docker-compose up command I get the error specified in the title. I have tried running docker-compose config and everything matches.
version: "3.8"
services:
phedon-service:
build: .
restart: always
ports:
- "8080:8080"
networks:
- phedon
depends_on:
- phedon_db
env_file:
- .env
phedon_db:
image: "mariadb:10.6"
container_name: mariadb
restart: always
healthcheck:
test: [ "CMD", "mariadb-admin", "--protocol", "tcp" ,"ping" ]
timeout: 3m
interval: 10s
retries: 10
ports:
- "3307:3306"
networks:
- phedon
environment:
-MYSQL_DATABASE: "phedondb"
-MYSQL_USER: "root"
-MYSQL_PASSWORD: "12345"
-MYSQL_ROOT_PASSWORD: "12345"
env_file:
- .env
networks:
phedon:
your services.db.environment must be a mapping, not a list.
we can omit the root user password with MARIADB_ALLOW_EMPTY_ROOT_PASSWORD
db:
image: "mariadb:10.6"
container_name: mariadb
restart: always
healthcheck:
test: [ "CMD", "mariadb-admin", "--protocol", "tcp" ,"ping" ]
timeout: 3m
interval: 10s
retries: 10
ports:
- "3333:3306"
environment:
MYSQL_DATABASE: "phedondb"
MYSQL_USER: "phedon"
MYSQL_PASSWORD: "12345"
MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: true
If you like to use the root password
For the admin ping command, we've to provide the password for the DB server. This can be done in different ways.
Using the MYSQL_PWD environment var.
Using the -p flag in the docker CLI
Creating some credentials file
services:
db:
image: "mariadb:10.6"
container_name: mariadb
restart: always
healthcheck:
test: [ "CMD-SHELL", "mysqladmin ping" ]
timeout: 3m
interval: 10s
retries: 10
ports:
- "3333:3306"
environment:
MYSQL_DATABASE: "phedondb"
MYSQL_USER: "phedon"
MYSQL_PASSWORD: "12345"
MYSQL_ROOT_PASSWORD: "12345"
MYSQL_PWD: "12345"

Docker compose multiple dockerfile

I'm currently working on a maven project where I would like to have 2 docker container where one launch all the tests and the other compile de project if all the tests succeed.
The problem is that both containers launch the prod dockerfile.
So my question is why after pointing each Dockerfile in the docker compose they both start on the prod one
docker-compose.yml:
version: '3.8'
services:
db:
container_name: db
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_DATABASE: cuisine
MYSQL_ROOT_PASSWORD: example
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
timeout: 20s
retries: 10
ports:
- "3306:3306"
volumes:
- ./docker/mysql-dump/cuisine:/docker-entrypoint-initdb.d
- mysql:/var/lib/mysql
adminer:
image: adminer
restart: always
ports:
- 8080:8080
test:
container_name: java-test
image: spring-boot
build:
context: .
dockerfile: docker/test/Dockerfile
ports:
- "8081:8081"
- "5005:5005"
depends_on:
db:
condition: service_healthy
volumes:
- ${APPLICATION_ROOT_FOLDER}:/usr/src/mymaven
- ${MAVEN_SETTINGS_FOLDER}:/root/.m2
java:
container_name: java
image: spring-boot
build:
context: .
dockerfile: docker/prod/Dockerfile
ports:
- "8082:8082"
- "5006:5006"
depends_on:
db:
condition: service_healthy
volumes:
- ${APPLICATION_ROOT_FOLDER}:/usr/src/mymaven
- ${MAVEN_SETTINGS_FOLDER}:/root/.m2
volumes:
mysql:
When you have both build: and image: on your services, the built image is tagged with the image: name. You have the same image: name for both services, so the last one to be built 'wins' and is run for both services. Remove the image: name for both.

Second mariadb+phpmyadmin Docker container access denied

I have working mariadb+phpmyadmin container on my local dev computer.
I would like to create another mariadb+phpmyadmin container, but I'm getting error: [Warning] Access denied for user 'root'#'127.0.0.1' (using password: YES).
I can't figure out where is a problem. I tried to add parameter: MYSQL_HOST: '%' and modify line:
test: mysqladmin ping -h $$MYSQL_HOST -u $$MYSQL_USER --password=$$MYSQL_PASSWORD
but still no success.
Working docker-compose.yml
version: '3.9'
networks:
rosetta_net:
driver: bridge
services:
maria_db_service:
image: mariadb:10.5.9
container_name: 'rosetta-api-db'
restart: always
ports:
- '3306:3306'
environment:
MYSQL_ROOT_PASSWORD: 'root123'
MYSQL_USER: 'root'
MYSQL_PASSWORD: 'root'
MYSQL_DATABASE: 'rosetta'
volumes:
- ./docker/db/mariadb/data:/var/lib/mysql
- ./docker/db/mariadb/my.cnf:/etc/mysql/conf.d/my.cnf
networks:
- rosetta_net
healthcheck:
test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD
interval: 5s
retries: 5
phpmyadmin_service:
image: phpmyadmin/phpmyadmin:5.1
container_name: 'rosetta-api-db-admin'
ports:
- '8081:80'
environment:
PMA_HOST: db_server
MAX_EXECUTION_TIME: 3600
UPLOAD_LIMIT: 128M
depends_on:
maria_db_service:
condition: service_healthy
volumes:
- ./docker/db/phpmyadmin/sites-enabled:/etc/apache2/sites-enabled
- db_rosetta_data:/var/www/html
networks:
- rosetta_net
volumes:
db_rosetta_data:
Not working docker-compose.yml (it is very similar to previous one):
version: '3.9'
networks:
parkovisko_net:
driver: bridge
services:
maria_db_service:
image: mariadb:10.5.9
container_name: 'parkovisko-api-db'
restart: always
ports:
- '3307:3306'
environment:
MYSQL_ROOT_PASSWORD: 'root123'
MYSQL_USER: 'root'
MYSQL_PASSWORD: 'root'
MYSQL_DATABASE: 'parkovisko'
volumes:
- ./docker/db/mariadb/data:/var/lib/mysql
- ./docker/db/mariadb/my.cnf:/etc/mysql/conf.d/my.cnf
networks:
- parkovisko_net
healthcheck:
test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD
interval: 5s
retries: 5
phpmyadmin_service:
image: phpmyadmin/phpmyadmin:5.1
container_name: 'parkovisko-api-db-admin'
ports:
- '8083:80'
environment:
PMA_HOST: db_server
MAX_EXECUTION_TIME: 3600
UPLOAD_LIMIT: 128M
depends_on:
maria_db_service:
condition: service_healthy
volumes:
- ./docker/db/phpmyadmin/sites-enabled:/etc/apache2/sites-enabled
- db_parkovisko_data:/var/www/html
networks:
- parkovisko_net
volumes:
db_parkovisko_data:
The problem is that you are using the same volumes for both of the docker-compose files, so MYSQL cant initialize mounting the same volumes for 2 containers
There are multiple ways to fix this:
Change it to named volumes:
volumes:
- mariadb-data:/var/lib/mysql
Copy the data to another folder with cp and then mount it again (assuming you want the same data on both containers).
The same applies to .cnf and phpmyadmin containers

Docker image names are changed to sha256 after subsequent runs

I am using Docker 20.10.7 on Mac OS and docker-compose to run multiple docker containers.
When I start it for the first time, all the docker images are properly labeled and appear as the following.
However, after subsequent runs (docker-compose up, docker-compose down), suddenly all the image names are changed to sha256 and start to look like this
Please advise how to avoid this behavior. Thank you.
UPDATE #1
This is the docker-compose file I use to start containers.
Initially the old displayed with properly labeled image names.
However, not even if I run a docker system prune command it continues to label them as sha256:...
version: '3.8'
services:
influxdb:
image: influxdb:1.8
container_name: influxdb
ports:
- "8083:8083"
- "8086:8086"
- "8090:8090"
- "2003:2003"
env_file:
- 'env.influxdb.properties'
volumes:
- /Users/user1/Docker/influxdb/data:/var/lib/influxdb
restart: unless-stopped
telegraf:
image: telegraf:latest
container_name: telegraf
links:
- db
volumes:
- ./telegraf.conf:/etc/telegraf/telegraf.conf:ro
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "3000:3000"
env_file:
- 'env.grafana.properties'
links:
- influxdb
volumes:
- /Users/user1/Docker/grafana/data:/var/lib/grafana
restart: unless-stopped
db:
image: mysql
container_name: db-container
command: --default-authentication-plugin=mysql_native_password
ports:
- '3306:3306'
environment:
MYSQL_ROOT_PASSWORD: P#ssw0rd
MYSQL_USER: root
MYSQL_PASSWORD: P#ssw0rd
MYSQL_DATABASE: db1
volumes:
- /Users/user1/Docker/mysql/data:/var/lib/mysql
- "../sql/schema.sql:/docker-entrypoint-initdb.d/1.sql"
healthcheck:
test: "/usr/bin/mysql --user=root --password=P#ssw0rd --execute \"SHOW DATABASES;\""
interval: 2s
timeout: 20s
retries: 10
restart: always
adminer:
image: adminer
container_name: adminer
restart: always
ports:
- 8081:8080
redis:
image: bitnami/redis
container_name: redis
environment:
- ALLOW_EMPTY_PASSWORD=yes
#- REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
ports:
- '6379:6379'
volumes:
- '/Users/user1/Docker/redis/data:/bitnami/redis/data'
- ./redis.conf:/opt/bitnami/redis/mounted-etc/redis.conf

Resources