search

TeamSpeak-Systems / teamspeak-linux-docker-images

docker build files for TeamSpeak servers
Other
116 stars 56 forks source link

Docker Image not be able to read DB password from file #57

Open Chaoschaot232 opened 4 years ago

Chaoschaot232 commented 4 years ago

I am afraid that the mysql support isn't be able to read a given file out where the password is stored. Instead of this I must place the password directly into my docker-compose.yml which I don't want at any time because this is a high security risk.

For what is there a folder called /run/secrets/ when it's not possible to use it? Could somebody tell it me pleas from the dev?

Even if I must mount these files manually, it has to be supported. THink over when I would have a setup with swarm where I can fully use secrets which would also stop every ts3 container from working while trying to connect to a database (mysql/mariadb) because even there the password isn't read out from the file. I assume here, that the secrets name is then interpreted as the password for it.

So your task is now to implement full functionallity to read out one-line-files which are storing the password (e. g. generated with openssl -base64 [...] command). It is much more save and if the password changes, you don't need to alter any files affected to this change, because only the file in the secret folder gets changed.

Note: MariaDB Docker supports this so definitly nothing which would be impossible ;)

Chaoschaot232 commented 4 years ago

When I try to use TS3SERVER_DB_PASSWORD_FILE: /run/secrets/passwordfile, TS3-Log gets spamed with:

/opt/ts3server/entrypoint.sh: unset: line 40: /run/secrets/passwordfile: bad variable name

https://github.com/TeamSpeak-Systems/teamspeak-linux-docker-images/blob/master/alpine/entrypoint.sh#L40 <<< I don't know what is going wrong here but why, why the hell such a mess? Simply check for any variable with "_FILE", then use the cat cmd and store the vaule from "_FILE" in the corresponding variable.

Means, when passwordfile contains "test" as db password for TS3SERVER_DB_PASSWORDFILE, simply use cat and store that value in TS3SERVER_DB_PASSWORD_ instead of doing stuff like unset, which is definitly not needed here.

Also take a look into the mariadb docker image, as it uses also "_FILE" variable and it works pleanty but not here, which is very, very bad.