From 6ea19cfd6e026419379670bc740df7ceabaa5c45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4ssler?= Date: Thu, 26 Mar 2020 22:32:29 +0100 Subject: [PATCH] Add docker secrets support --- Dockerfile | 14 +++++++------- README.md | 3 ++- entrypoint.sh | 46 +++++++++++++++++++++++++++++++++++++++------- 3 files changed, 48 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7fc0664..8ccf738 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,14 +3,14 @@ MAINTAINER Christoph Wiechert ENV REFRESHED_AT="2019-10-10" \ POWERDNS_VERSION=4.2.0 \ - MYSQL_AUTOCONF=true \ - MYSQL_HOST="mysql" \ - MYSQL_PORT="3306" \ - MYSQL_USER="root" \ - MYSQL_PASS="root" \ - MYSQL_DB="pdns" + MYSQL_DEFAULT_AUTOCONF=true \ + MYSQL_DEFAULT_HOST="mysql" \ + MYSQL_DEFAULT_PORT="3306" \ + MYSQL_DEFAULT_USER="root" \ + MYSQL_DEFAULT_PASS="root" \ + MYSQL_DEFAULT_DB="pdns" -RUN apk --update add libpq sqlite-libs libstdc++ libgcc mariadb-client mariadb-connector-c && \ +RUN apk --update add bash libpq sqlite-libs libstdc++ libgcc mariadb-client mariadb-connector-c && \ apk add --virtual build-deps \ g++ make mariadb-dev postgresql-dev sqlite-dev curl boost-dev mariadb-connector-c-dev && \ curl -sSL https://downloads.powerdns.com/releases/pdns-$POWERDNS_VERSION.tar.bz2 | tar xj -C /tmp && \ diff --git a/README.md b/README.md index 5b57a71..98b2f0f 100644 --- a/README.md +++ b/README.md @@ -50,13 +50,14 @@ $ docker run --name pdns \ * `MYSQL_PASS=root` * `MYSQL_DB=pdns` * `MYSQL_DNSSEC=no` +* To support docker secrets, use same variables as above with suffix `_FILE`. * Want to disable mysql initialization? Use `MYSQL_AUTOCONF=false` * DNSSEC is disabled by default, to enable use `MYSQL_DNSSEC=yes` * Want to use own config files? Mount a Volume to `/etc/pdns/conf.d` or simply overwrite `/etc/pdns/pdns.conf` **PowerDNS Configuration:** -Append the PowerDNS setting to the command as shown in the example above. +Append the PowerDNS setting to the command as shown in the example above. See `docker run --rm psitrax/powerdns --help` diff --git a/entrypoint.sh b/entrypoint.sh index 9381d2f..aa2f7fb 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,18 +1,50 @@ -#!/bin/sh +#!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +# source: https://github.com/docker-library/mariadb/blob/master/docker-entrypoint.sh +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "Both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# Loads various settings that are used elsewhere in the script +docker_setup_env() { + # Initialize values that might be stored in a file + + file_env 'MYSQL_AUTOCONF' $MYSQL_DEFAULT_AUTOCONF + file_env 'MYSQL_HOST' $MYSQL_DEFAULT_HOST + file_env 'MYSQL_DNSSEC' 'no' + file_env 'MYSQL_DB' $MYSQL_DEFAULT_DB + file_env 'MYSQL_PASS' $MYSQL_DEFAULT_PASS + file_env 'MYSQL_USER' $MYSQL_DEFAULT_USER + file_env 'MYSQL_PORT' $MYSQL_DEFAULT_PORT +} + +docker_setup_env + # --help, --version [ "$1" = "--help" ] || [ "$1" = "--version" ] && exec pdns_server $1 # treat everything except -- as exec cmd [ "${1:0:2}" != "--" ] && exec "$@" if $MYSQL_AUTOCONF ; then - if [ -z "$MYSQL_PORT" ]; then - MYSQL_PORT=3306 - fi - if [ -z "$MYSQL_DNSSEC" ]; then - MYSQL_DNSSEC='no' - fi # Set MySQL Credentials in pdns.conf sed -r -i "s/^[# ]*gmysql-host=.*/gmysql-host=${MYSQL_HOST}/g" /etc/pdns/pdns.conf sed -r -i "s/^[# ]*gmysql-port=.*/gmysql-port=${MYSQL_PORT}/g" /etc/pdns/pdns.conf