Added support for docker secrets

When using docker secrets, a file in /run/secrets/ is added. For example, SUPERUSER_PASSWORD_FILE=/run/secrets/superuser_password will populate SUPERUSER_PASSWORD environment variable from the contents of that file. The code to support this is now added to docker/docker-entrypoint.sh
This commit is contained in:
Tobias Jakobsson 2017-12-06 16:15:17 +01:00
parent 3190ff8584
commit f2f1002803
1 changed files with 43 additions and 0 deletions

View File

@ -1,6 +1,49 @@
#!/bin/bash #!/bin/bash
set -e set -e
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# Make all environment variables to be used with Docker secrets
file_env 'SUPERUSER_NAME'
file_env 'SUPERUSER_EMAIL'
file_env 'SUPERUSER_PASSWORD'
file_env 'SUPERUSER_API_TOKEN'
file_env 'ALLOWED_HOSTS'
file_env 'DB_NAME'
file_env 'DB_USER'
file_env 'DB_PASSWORD'
file_env 'DB_HOST'
file_env 'SECRET_KEY'
file_env 'EMAIL_SERVER'
file_env 'EMAIL_PORT'
file_env 'EMAIL_USERNAME'
file_env 'EMAIL_PASSWORD'
file_env 'EMAIL_TIMEOUT'
file_env 'EMAIL_FROM'
file_env 'NETBOX_USERNAME'
file_env 'NETBOX_PASSWORD'
# wait shortly and then run db migrations (retry on error) # wait shortly and then run db migrations (retry on error)
while ! ./manage.py migrate 2>&1; do while ! ./manage.py migrate 2>&1; do
echo "⏳ Waiting on DB..." echo "⏳ Waiting on DB..."