search

m-adawi / swarm-cd

SwarmCD: Declarative GitOps and Continuous Deployment tool for Docker Swarm.
GNU General Public License v3.0
46 stars 2 forks source link

invalid compose file: minio_root_user file field must be a string #53

Open JCSynthTux opened 3 days ago

JCSynthTux commented 3 days ago

Hello,

I really like this container you created and wanted to say thank you!

Sadly I am experiencing an issue which I can't seem to solve:

In the logs I get the following error: swarmcd_swarm-cd.1.k4wu36tz3hgi@docker01 | time=2024-09-21T14:40:26.012Z level=ERROR msg="could not rotate one or more secret files of stack minio: invalid compose file: minio_root_user file field must be a string"

This is the stack in question:

services:
  minio-01:
    image: quay.io/minio/minio
    command: server /data --console-address ":9001"
    environment:
      - MINIO_ROOT_USER_FILE=/run/secrets/minio_root_user
      - MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
      - MINIO_PROMETHEUS_AUTH_TYPE=public
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
        failure_action: rollback
        monitor: 30s
        max_failure_ratio: 0.1
      placement:
        constraints:
          - node.hostname==docker01
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik_traefik"
        - "traefik.http.routers.minio-webui.rule=Host(`my.domain.tld`)"
        - "traefik.http.routers.minio-webui.entrypoints=web-secure"
        - "traefik.http.routers.minio-webui.tls=true"
        - "traefik.http.routers.minio-webui.service=minio-01"
        - "traefik.http.services.minio-webui.loadbalancer.server.port=9000"
    ports:
      - 9001:9001
    volumes:
      - minio-01:/data
    secrets:
      - minio_root_user
      - minio_root_password
    networks:
      - minio
      - traefik_traefik

volumes:
  minio-01:

networks:
  minio:
  traefik_traefik:
    external: true

secrets:
  minio_root_user:
    external: true
  minio_root_password:
    external: true

The secrets are created externally from files with:

docker secret create minio_root_user ./minio_root_user
docker secret create minio_root_password ./minio_root_password

The same stack file work without issues when doing a manual deployment using: docker stack deploy -c docker-stacks/minio/docker-stack.yml minio

Other deployments in the stack file work fine, but don't have any secrets attached to them. I guess swarmcd tries to rotate secrets even when they are externally created?

sanzoghenzo commented 17 hours ago

Hi @JCSynthTux, currently swarmCD works best with secrets encrypted with SOPS, s that you can securely commit your secrets to the repository.

External secrets are currently not supported: the rotateObjects function expects a "file" field and returns the error message you're seeing if it is missing. This is definitely a bug!