[BUG] ENV variables not being initialized properly

gtridr commented 3 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

init-envfile from the base image seems to run, pulls values from /run/secrets files, and even creates corresponding files in /run/s6/container_environment/, but those values never get set as actual environment vars inside the container, causing the sed commands unifi init script to populate system.properties with invalid an invalid mongodb uri.

I may be missing something, and this is relatively low priority, but the image is not behaving as documented in some way or another. I'm not sure if this is a problem with the unifi image specifically, or if it inherits this behavior from upstream.

I did find this issue & also this one citing similar behavior, but I am able to confirm that there are no trailing newlines in any of the secret files, even after being passed into the container.

The values even make it into /proc/<pid>/environ somehow, (without \n chars) but they aren't accessible as ENVs in the container

Expected Behavior

the values should be made into actual environment vars, such that they are accessible by later init scripts

Steps To Reproduce

create docker secret files on the host; in this case, say .mongo-user and .mongo-pass
pass docker secret to container in docker-compose.yml using documented "FILE__" syntax
env-init script finds and evaluates, log output is as follows:

[env-init] MONGO_PASS set from FILEMONGO_PASS [env-init] MONGO_USER set from FILEMONGO_USER
run docker exec unifi-app env, output is as follows:

PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=bcc7055f03c6 MONGO_DBNAME=unifi PUID=1000 PGID=1000 TZ=America/Los_Angeles FILE__MONGO_USER=/run/secrets/mongo-user FILE__MONGO_PASS=/run/secrets/mongo-pass MONGO_HOST=unifi-db MONGO_PORT=27017 HOME=/root LANGUAGE=en_US.UTF-8 LANG=en_US.UTF-8 TERM=xterm S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_VERBOSITY=1 S6_STAGE2_HOOK=/docker-mods VIRTUAL_ENV=/lsiopy LSIO_FIRST_PARTY=true
run docker exec unifi-app ls /run/s6/container_environment, output is as follows:

FILE__MONGO_PASS FILE__MONGO_USER HOME HOSTNAME LANG LANGUAGE LSIO_FIRST_PARTY MONGO_DBNAME MONGO_HOST MONGO_PASS MONGO_PORT MONGO_USER PATH PGID PUID PWD S6_CMD_WAIT_FOR_SERVICES_MAXTIME S6_STAGE2_HOOK S6_VERBOSITY TERM TZ VIRTUAL_ENV

Environment

- OS:debian bookworm
- How docker service was installed: official docker APT repo

CPU architecture

x86-64

Docker creation

services:
  unifi-app:
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-app
    restart: unless-stopped
    depends_on:
      - unifi-db
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - FILE__MONGO_USER=/run/secrets/mongo-user
      - FILE__MONGO_PASS=/run/secrets/mongo-pass
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
    secrets:
      - mongo-user
      - mongo-pass
    volumes:
      - /var/unifi/app:/config
    networks:
      - unifi-network
    ports:
      - 8443:8443        #web
      - 3478:3478/udp    #STUN
      - 8080:8080        #inform
      - 8843:8843        #HTTPS portal redirect
      - 8880:8880        #HTTP portal redirect

  unifi-db:
    image: mongo:7
    container_name: unifi-db
    restart: unless-stopped
    volumes:
      - ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
      - /var/unifi/data:/data
    networks:
      - unifi-network
    expose:
      - 27017

secrets:
   mongo-user:
     file: .mongo-user
   mongo-pass:
     file: .mongo-pass

networks:
  unifi-network:
    driver: bridge

Container logs

[migrations] started
[migrations] no migrations found
[env-init] MONGO_PASS set from FILE__MONGO_PASS
[env-init] MONGO_USER set from FILE__MONGO_USER
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

[custom-init] No custom files found, skipping...
Exception in thread "launcher" com.ubnt.net.new: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].StandardContext[]]
        at com.ubnt.net.C.ÒÒ0000(Unknown Source)
        at com.ubnt.net.C.Stringnew(Unknown Source)
        at com.ubnt.service.C.OÔ0000(Unknown Source)
        at com.ubnt.ace.Launcher.Ô00000(Unknown Source)
        at com.ubnt.ace.Launcher.main(Unknown Source)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost].StandardContext[]]
        at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:419)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:186)
        ... 5 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mongoRuntimeService' defined in com.ubnt.service.db.CoreDatabaseSpringContext: No username is provided in the connection string
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1773)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:599)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:521)
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:325)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:959)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:624)
        at com.ubnt.service.class.Object(Unknown Source)
        at com.ubnt.service.C.intsuper(Unknown Source)
        at com.ubnt.net.SpringConfig.onStartup(Unknown Source)
        at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:171)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4866)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171)
        ... 5 more
Caused by: java.lang.IllegalArgumentException: No username is provided in the connection string
        at com.mongodb.ConnectionString.<init>(ConnectionString.java:384)
        at com.mongodb.ConnectionString.<init>(ConnectionString.java:321)
        at com.mongodb.MongoClientURI.<init>(MongoClientURI.java:258)
        at com.mongodb.MongoClientURI.<init>(MongoClientURI.java:240)
        at com.ubnt.service.db.oOOO.interface(Unknown Source)
        at com.ubnt.service.db.oOOO.class(Unknown Source)
        at com.ubnt.service.db.oOOO.ö00000(Unknown Source)
        at com.ubnt.service.db.oOOO.Ø00000(Unknown Source)
        at com.ubnt.service.db.oooO.null(Unknown Source)
        at com.ubnt.service.db.oooO.Ö00000(Unknown Source)
        at com.ubnt.service.db.oooO.Óo0000(Unknown Source)
        at com.ubnt.service.db.oooO.afterPropertiesSet(Unknown Source)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1820)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1769)

github-actions[bot] commented 3 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

Roxedus commented 3 months ago

Your step 4 is not a proper test, as services get access to the whole container environment.

root@669d52339515:/usr/lib/unifi# env | grep mongo-user
FILE__MONGO_USER=/run/secrets/mongo-user
root@669d52339515:/usr/lib/unifi# /usr/bin/with-contenv  env | grep mongo-user
MONGO_USER=mongo-user
FILE__MONGO_USER=/run/secrets/mongo-user

gtridr commented 3 months ago

Your step 4 is not a proper test, as services get access to the whole container environment.

root@669d52339515:/usr/lib/unifi# env | grep mongo-user
FILE__MONGO_USER=/run/secrets/mongo-user
root@669d52339515:/usr/lib/unifi# /usr/bin/with-contenv  env | grep mongo-user
MONGO_USER=mongo-user
FILE__MONGO_USER=/run/secrets/mongo-user

Oof. Thank you. I was trying to be so thorough. I'll revise & see what I can come up with

LinuxServer-CI commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

gtridr commented 1 month ago

I suppose I must have been missing something. I'll keep trying to reproduce, but my problem may have been with mongo, not the unifi application. thank you for the reply, sorry to waste your time. If i can find time to reproduce I will at least reply with a comment explaining my issue

github-actions[bot] commented 4 weeks ago

This issue is locked due to inactivity

linuxserver / docker-unifi-network-application