From f2f10028031b054bdeb7261a75ad17dbca587b47 Mon Sep 17 00:00:00 2001 From: Tobias Jakobsson Date: Wed, 6 Dec 2017 16:15:17 +0100 Subject: [PATCH] Added support for docker secrets When using docker secrets, a file in /run/secrets/ is added. For example, SUPERUSER_PASSWORD_FILE=/run/secrets/superuser_password will populate SUPERUSER_PASSWORD environment variable from the contents of that file. The code to support this is now added to docker/docker-entrypoint.sh --- docker/docker-entrypoint.sh | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index f58b9bf..f108368 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -1,6 +1,49 @@ #!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# Make all environment variables to be used with Docker secrets + +file_env 'SUPERUSER_NAME' +file_env 'SUPERUSER_EMAIL' +file_env 'SUPERUSER_PASSWORD' +file_env 'SUPERUSER_API_TOKEN' +file_env 'ALLOWED_HOSTS' +file_env 'DB_NAME' +file_env 'DB_USER' +file_env 'DB_PASSWORD' +file_env 'DB_HOST' +file_env 'SECRET_KEY' +file_env 'EMAIL_SERVER' +file_env 'EMAIL_PORT' +file_env 'EMAIL_USERNAME' +file_env 'EMAIL_PASSWORD' +file_env 'EMAIL_TIMEOUT' +file_env 'EMAIL_FROM' +file_env 'NETBOX_USERNAME' +file_env 'NETBOX_PASSWORD' + # wait shortly and then run db migrations (retry on error) while ! ./manage.py migrate 2>&1; do echo "⏳ Waiting on DB..."