Closed msanchezdev closed 3 years ago
Can you describe what is it that you want to do? Those conf files don't have the actual passwords in them so you would still need to type them. I think the correct file should be provided from outside the docker container with ADD or COPY command.
You are missing backslashes at the end of the lines:
Unexpected error
Encountered error: 400 Client Error: Bad Request ("Dockerfile parse error line 26: unknown instruction: &&")
Traceback (most recent call last):
File "/stage/builder/runner.py", line 290, in _run
self.build()
File "/stage/builder/runner.py", line 214, in build
self._build()
File "/stage/builder/runner.py", line 202, in _build
cache_repo)
File "/stage/builder/build.py", line 43, in build_image
for line in stream:
File "/usr/local/lib/python2.7/dist-packages/docker/api/client.py", line 305, in _stream_helper
yield self._result(response, json=decode)
File "/usr/local/lib/python2.7/dist-packages/docker/api/client.py", line 220, in _result
self._raise_for_status(response)
File "/usr/local/lib/python2.7/dist-packages/docker/api/client.py", line 216, in _raise_for_status
raise create_api_error_from_http_exception(e)
File "/usr/local/lib/python2.7/dist-packages/docker/errors.py", line 30, in create_api_error_from_http_exception
raise cls(e, response=response, explanation=explanation)
APIError: 400 Client Error: Bad Request ("Dockerfile parse error line 26: unknown instruction: &&")
Moreover, these files can't be compromised.
I was searching for a secure way to store them, but I didn't find something simple & universal.
docker secret
only works with swarm :cry:
Another solution could be to have a VAULT
sidecar container, or equivalent. But it will complicate the lightweight solution.
Still searching if a better secure solution exists!
The idea was to provide the files mounting them. As we already mount /etc/omnidb create the symlinks so you can put them just with one mount (they I am doing it now), or could even leave it just mounting each individual file to the /home/omnidb folder. If they were not provided in the /etc/omnidb folder then they would just be ignored by omnidb.
Not the most secure thing to do, but at least a workaround for the time being.
Add symbolic links for .my.cnf and .pgpass files to support providing passwords for MySQL, Maria and PostgreSQL databases.
MySQL and MariaDB Format (.my.cnf):
PostgreSQL Format (.pgpass):