Closed mtihlenfield closed 8 months ago
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
From the error it looks like you're not following the instruction to URL encode your password.
ah ok I didn't realize that would need to be done for FILE__
variables. I will give that a try
Unless you mean the password itself needs to be URL encoded? To test I'm just using password
, so I think it should be fine?
Yes, the password itself, but if it's only alphanumeric that's obviously not a factor.
What is the output of cat ./secrets/unifi_mongodb_password.txt
?
This:
$ cat ./secrets/unifi_mongodb_password.txt 130 ↵
password
I suspect you have a trailling newline in your secret file and as a result your password is being set to a blank string
Just double checked and did not find a trailing newline.
Am I correct in thinking that the MONGO_PASS
variable should show up here, even if set to a blank string?
$ docker exec unifi env | grep MONGO
FILE__MONGO_PASS=/run/secrets/unifi_mongodb_password
MONGO_HOST=localhost
MONGO_PORT=27017
MONGO_DBNAME=unifi
MONGO_USER=unifi
No, if it's blank it won't show as a set variable
To demonstrate
$ echo -n test > testfile
$ cat testfile
test$
$ echo test > testfile
$ cat testfile
test
$
The former will work, the latter will give you a blank env
ok I see. Well currently both password files contain nothing but password
, no newlines or any other special characters. Also I'm using the same secret file to create the unifi
user in the database and it is working there. I can log in to the database using the username/password created from the secret file. With the compose file running this will work:
docker run -it --rm --net=host mongo \
mongosh --host 127.0.0.1 \
-u unifi \
-p password \
--authenticationDatabase unifi \
unifi
I've no idea what logic the mongo container uses for parsing secrets, I can only speak for our images.
Totally understand. I just thought it might be a useful data point.
All I can say is that to date, every single time we have had someone report an issue with secrets not being applied in one of our containers, it's been because of incorrect formatting of the file.
For good measure I just regenerated the file by doing this:
$ echo "password" > ./secrets/unifi_mongodb_password.txt
$ md5sum ./secrets/unifi_mongodb_password.txt
286755fad04869ca523320acce0dc6a4 ./secrets/unifi_mongodb_password.txt
and that didn't solve the issue.
Welp you were right! I don't know where the \n
came from, but I looked at the /proc/<pid>/environ
file for the unifi server process and there it was. Sorry for taking up your time and thanks for your work on the container.
Is there an existing issue for this?
Current Behavior
I've found using being set. I've specifically been trying to do this with
FILE__<variable>
environment variables does not actually result in theFILE__MONGO_PASS
so that I could add the password as a docker secret.If I use just
MONGO_PASS
, my compose setup works correctly and unifi is able to connect to the database. But if I useFILE__MONGO_PASS
it fails to authenticate with the database.Expected Behavior
The container scripts should pull the mongo db user password from the secret file provided via
FILE__MONGO_PASS
. From what I understand theMONGO_PASS
environment variable should be set, but that doesn't seem to be happeneing:Steps To Reproduce
docker compose up
using the compose file below. Make sure to use clean volumes.Environment
CPU architecture
x86-64
Docker creation
The compose file:
init-mongo.sh:
Container logs
mongodb logs: