Hi,
In docker-compose, is it possible to implement a solucition like this?
using-docker-secrets-in-your-environment-variables
I wrote the scrit docker-entrypoint-env.sh:
#!/usr/bin/env bash
set -e
file_env() {
local var=“$1”
local fileVar=“${var}_FILE”
local def=“${2:-}”if [ “${!var:-}” ] && [ “${!fileVar:-}” ]; then
echo >&2 “error: both $var and $fileVar are set (but are exclusive)”
exit 1
fi
local val=“$def”
if [ “${!var:-}” ]; then
val=“${!var}”
elif [ “${!fileVar:-}” ]; then
val=“$(< “${!fileVar}”)”
fi
export “$var”=“$val”
unset “$fileVar”
}file_env “GRAYLOG_PASSWORD_SECRET”
file_env “GRAYLOG_ROOT_PASSWORD_SHA2”/docker-entrypoint.sh
But I had no success
My compose file:
version: ‘3.3’
…
secrets:
GRAYLOG_PASSWORD_SECRET:
external: true
GRAYLOG_ROOT_PASSWORD_SHA2:
external: true
services:
…
graylog:
image: graylog/graylog:3.1
hostname: “{{.Service.Name}}”
secrets:
- GRAYLOG_PASSWORD_SECRET
- GRAYLOG_ROOT_PASSWORD_SHA2
volumes:
- gldata:/usr/share/graylog/data
- ./docker-entrypoint-env.sh:/docker-entrypoint-env.sh
environment:
- TZ=America/Recife
- GRAYLOG_HTTP_EXTERNAL_URI=http://meudominio:9001/
- GRAYLOG_ROOT_TIMEZONE=America/Recife
- GRAYLOG_ELASTICSEARCH_CLUSTER_NAME=es-cluster
- GRAYLOG_ALLOW_LEADING_WILDCARD_SEARCHES=true
- GRAYLOG_PASSWORD_SECRET_FILE=/run/secrets/GRAYLOG_PASSWORD_SECRET
- GRAYLOG_ROOT_PASSWORD_SHA2_FILE=/run/secrets/GRAYLOG_ROOT_PASSWORD_SHA2
depends_on:
- mongo
- elasticsearch
- elasticsearch2
- elasticsearch3
volumes:
- csi-gl-gldata:/usr/share/graylog/data
- ./docker-entrypoint-env.sh:/docker-entrypoint-env.sh
…
entrypoint:
- /docker-entrypoint-env.sh
In fact, file_env() is ok and set GRAYLOG_ROOT_PASSWORD_SHA2 and GRAYLOG_PASSWORD_SECRET, when a start my container, I check right values into it but in graylog.conf , root_password_sha2 is diferent.