Configuring cassandra.yaml for password auth inside docker - docker

Can someone tell me how to change cassandra.yaml inside a docker container?
I want to enable password authentication inside docker for cassandra access.

If you're using the official Cassandra Docker image, you'll already have the docker-entrypoint.sh. See: https://github.com/docker-library/cassandra/blob/master/docker-entrypoint.sh for some of the variables already defined, as examples.
To have these included when your container starts, you could:
fork and edit the docker-entrypoint.sh starting at (currently) line 51 to add your own variables like this:
for yaml in \
broadcast_address \
broadcast_rpc_address \
[your_selected_yaml_variable] \
...
include the values you want to override in docker-compose.yml like this:
environment:
- CASSANDRA_SEEDS=DC1C1,DC1C2,DC2C1,DC2C2
- CASSANDRA_CLUSTER_NAME=Dev_Cluster
- CASSANDRA_ENDPOINT_SNITCH=GossipingPropertyFileSnitch
- CASSANDRA_[YOUR_SELECTED_YAML_VARIABLE]

You could create a docker entry point (basically it'a script file that you instruct Docker to copy on the container and it's defined as entrypoint).
COPY docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["bin/sh", "/docker-entrypoint.sh"]
In that file you can do whatever changes you like on cassandra.yaml file using sed.
sed -ri '/^# data_file_directories:/{n;s/^#.*/'" - $CASSANDRA_DATA_DIRECTORY"'/}' "$CASSANDRA_CONFIG/cassandra.yaml"
Note that $CASSANDRA_DATA_DIRECTORY and $CASSANDRA_CONFIG are some variables defined in advance.

Related

Question on using docker secrets and environments with an existing image

I've been struggling with this concept. To start I'm new to docker and self teaching myself (slowly). I am using a docker swarm instance and trying to leverage docker secrets for a simple username and password to an exiting rocker/rstudio image. I've set up the reverse proxy and can successfully use https to access the R studio via my browser. Now when I pass the variables at path /run/secrets/user and /run/secrets/pass to the environment variables it doesn't work. Its essentially think the path is the actual username and password. I need the environment variables to actually pull the values (in this case user=test, pass=test123 as set up using the docker secret command). I've looked around and a bit of a loss on how to accomplish this. I know some have mentioned leveraging a custom entrypoint shell script and I'm a bit confused on how to do this. Here is what I've tried
Rebuild a brand new image using the existing r image with a dockerfile that adds entrypoint.sh to the image -> it can't find the entrypoint.sh doc
added entrypoint: entrypoint.sh as a part of my docker compose. Same issue.
I'm trying to use docker stack to build the containers. The stack gets built but the containers keep restarting to the point they are unusable.
Here are my files
Dockerfile
FROM rocker/rstudio
COPY entry.sh /
RUN chmod +x /entry.sh
ENTRYPOINT ["entry.sh"]
Here is my docker-compose.yaml
version: '3.3'
secrets:
user:
external: true
pass:
external: true
services:
rserver:
container_name: rstudio
image: rocker/rstudio:latest (<-- this is the output of the build using rocker/rstudio and Dockerfile)
secrets:
- user
- pass
environment:
- USER=/run/secrets/user
- PASSWORD=/run/secrets/pass
volumes:
- ./rstudio:/home/user/rstudio
ports:
- 8787:8787
restart: always
entrypoint: /entry.sh
Finally here is the entry.sh file that I found on another thread
#get your envs files and export envars
export $(egrep -v '^#' /run/secrets/* | xargs)
#if you need some specific file, where password is the secret name
#export $(egrep -v '^#' /run/secrets/password| xargs)
#call the dockerfile's entrypoint
source /docker-entrypoint.sh
In the end it would be great to use my secret user and pass and pass those to the environment variable so that I can authenticate into an R studio instance. If I just put a username and password in plain text under environment it works fine.
Any help is appreciated. Thanks in advance

Create a directory in docker-compose.yml file

I have a docker-compose yml that creates a sftp image on my docker. I'd like to write a script in the yml file as I want directories to be created automatically as soon as I run the docker-compose.yml.
Here's my yml file;
sftp:
image: atmoz/sftp
volumes:
- C:\tmp\sftp:/home/foo/upload
ports:
- "2222:22"
command: username:password:1001
Is there a way to write mkdir and chmod in this file?
You do not need to create and set mod manually, just pass the directory name to CMD and the entrypoint will create one for you. Here is the simplest example.
Define users in (1) command arguments, (2) SFTP_USERS environment
variable or (3) in file mounted as /etc/sftp/users.conf (syntax:
user:pass[:e][:uid[:gid[:dir1[,dir2]...]]] ..., see below for
examples)
using docker-compose
sftp:
image: atmoz/sftp
command: username:password:100:100:upload
it will create user name username and directory upload under /home/username
You can verify this using
docker exec -it --user username <container_id> bash -c "ls /home/username"
if you want to access upload files from host just add mounting in your docker-compose
sftp:
image: atmoz/sftp
command: username:password:100:100:upload
volumes:
- /host/upload:/home/username/upload
Examples
Simplest docker run example
docker run -p 22:22 -d atmoz/sftp foo:pass:::upload
User "foo" with password "pass" can login with sftp and upload files
to a folder called "upload". No mounted directories or custom UID/GID.
Later you can inspect the files and use --volumes-from to mount them
somewhere else (or see next example).
see the offical documentation

How can I add a file to a volume in a Docker image, using values from the docker-compose.yml?

I have this .env file:
admin=admin
password=adminsPassword
stackName=integration-demo
the values of which are used in the docker-compose.yml file, like this:
myService:
build:
context: .
dockerfile: myService.Dockerfile
args:
- instance=${stackName}.local
- admin=${admin}
- password=${password}
volumes:
- ./config:/config
I want to add them to the Docker compose file, like this:
FROM openjdk:8-jdk-alpine
ARG docker_properties_file=Username=$admin\nPassword=$password\nHost=$instance
RUN $docker_proprties_file >> config/gradle-docker.properties
so that I have a gradle-docker.properties file that looks like:
username=admin
password=adminsPassword
host=integration.demo.local
in the /config directory.
However, no gradle-docker.properties file is getting written.
How can I use the variable in a docker-compose.yml file to add data to a volume?
Plain Docker and Docker Compose don’t have this capability. You can create the file outside of Docker on the host and mount it into the container as you show, but neither Docker nor Compose has the templating capability you would need to be able to do this.
The overall approach you’re describing in the question builds a custom image for each set of configuration options. That’s not really a best practice: imagine needing to recompile ls because you attached a USB drive you needed to look at.
One thing you can do in plain Docker is teach the image how to create its own configuration file at startup time. You can do that with a script like, for example:
#!/bin/sh
# I am docker-entrypoint.sh
# Create the config file
cat >config/gradle-docker.properties <<EOF
username=$USERNAME
et=$CETERA
EOF
# Run the main container process
exec "$#"
In your Dockerfile, COPY this file into the image and set it as the ENTRYPOINT; leave your CMD unchanged. You must use the JSON-array form of the ENTRYPOINT directive.
...
COPY docker-entrypoint.sh .
RUN chmod +x docker-entrypoint.sh
ENTRYPOINT ["./docker-entrypoint.sh"]
CMD ["java", "-jar", "application.jar"]
(In Kubernetes, the Helm package manager does have a templating system that can create content for a ConfigMap object that can be injected into a pod; but that’s a significant amount of extra machinery.)

Dockerfile multiple lined env variable

How can I define this variable? Please help
ENV NGINX_REPO \
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOF
If you have access to docker-compose you can use an .env file.
Check out this link https://docs.docker.com/compose/env-file/#syntax-rules
But maybe you should pass this as a configuration file to your docker container. There are multiple ways of doing it:
If you are in a docker swarm then simply refer to https://docs.docker.com/engine/reference/commandline/config/
If you are using docker-compose then use the .env file as explained before
Use --volume option to pass the config file to your container
Hope this could help you

ECS Container Environment Configuration

I have a recently-Dockerized web app that I would like to get running on AWS ECS, and a few fundamental concepts (which I don't see explained in the AWS docs) are throwing me off.
First, when you Edit/configure a new container, it asks you to specify the image to use, but then also has an Environment section:
The Entry point, Command and Working directory fields look suspiciously similar to the commands I already specified when creating my Docker image (here's my Dockerfile):
FROM openjdk:8
RUN mkdir /opt/myapp
ADD build/libs/myapp.jar /opt/myapp
WORKDIR /opt/myapp
EXPOSE 9200
ENTRYPOINT ["java", "-Dspring.config=.", "-jar", "myapp.jar"]
So if ECS is asking me for an image (that's already been built using this Dockerfile), why in tarnation do I need to re-specify the exact same values for WORKDIR, EXPOSE, ENTRYPOINT, CMD, etc.?!?
Also outside of ECS I run my container like so:
docker run -it -p 9200:9200 -d --net="host" --env-file ~/myapp-local.env --name myapp myapp
Notice how I specify the env file? Does ECS support env files, or do I really have to enter each and every env var from my env file into this UI here?
Also I see there is a Docker Labels section near the bottom:
Are these different than env vars, or are they interchangeable?
Yes you need to add environment variable either through UI or through CLI .
For CLI you need to pass it as JSON template .
Also if you have already specified these values in Dockerfile then you dont need to pass these values again.
All the values that will be passed externally will overwrite internal/default values in Dockerfile

Resources