search

colinmollenhour / mariadb-galera-swarm

MariaDb Galera Cluster container based on official mariadb image which can auto-bootstrap and recover cluster state.
https://hub.docker.com/r/colinmollenhour/mariadb-galera-swarm
Apache License 2.0
217 stars 103 forks source link

Support reading secrets from files #11

Closed hairyhenderson closed 7 years ago

hairyhenderson commented 7 years ago

It's beneficial sometimes to pass secrets in via files, rather than environment variables.

Also, this enables the use of the new secret management support in Docker Swarm mode in Docker 1.13.0 (https://docs.docker.com/engine/swarm/secrets/).

I've tested this with a temporary image (hairyhenderson/mgs), and the database seems to start up properly.

Signed-off-by: Dave Henderson dhenderson@gmail.com

hairyhenderson commented 7 years ago

Here's a docker-compose.yml I used to test it (with Docker 1.13.1-rc1):

version: '3.1'

services:
  db-seed:
    image: hairyhenderson/mgs
    environment:
      - XTRABACKUP_PASSWORD_FILE=/run/secrets/xtrabackup_password
      - MYSQL_USER=user
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
      - MYSQL_DATABASE=database
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
      - NODE_ADDRESS=eth0
    command: seed
    volumes:
      - dbVol:/var/lib/mysql
    secrets:
      - xtrabackup_password
      - mysql_password
      - mysql_root_password
  db:
    image: hairyhenderson/mgs
    environment:
      - XTRABACKUP_PASSWORD_FILE=/run/secrets/xtrabackup_password
      - NODE_ADDRESS=eth0
    command: node db-seed,db
    deploy:
      replicas: 0
    secrets:
      - xtrabackup_password

volumes:
  dbVol:
    driver: local

secrets:
  xtrabackup_password:
    file: .secrets/xtrabackup_password
  mysql_password:
    file: .secrets/mysql_password
  mysql_root_password:
    file: .secrets/mysql_root_password

Then (after populating secrets in a .secrets subdirectory):

$ docker stack deploy -c docker-compose.yml db
$ docker service ls
(wait for `db_db-seed` to be healthy)
$ docker service scale db_db=2
(wait for both `db_db` instances to be healthy)
$ docker service scale db_db-seed=0
$ docker service scale db_db=3
$ _cid=$(docker ps | grep db_db.1 | cut -f1 -d\ )
$ docker exec -it $_cid mysql -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.21-MariaDB-1~jessie mariadb.org binary distribution

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| database           |
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
colinmollenhour commented 7 years ago

Cool, thanks for the PR!

hairyhenderson commented 7 years ago

@colinmollenhour you're welcome! Thanks for the great project 🙂