From dcbd47f6c869012892e6f9e1f71418aa8f558408 Mon Sep 17 00:00:00 2001 From: Jordan Jethwa Date: Tue, 17 Oct 2017 17:37:43 -0700 Subject: [PATCH] docker secrets support - https://github.com/jjethwa/rundeck/issues/85 --- README.md | 4 ++++ content/opt/run | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/README.md b/README.md index 4e9afa5..8810e8b 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,10 @@ sudo docker run -p 4443:4443 -e SERVER_URL=https://MY.HOSTNAME.COM:4443 -e RUNDE # Rundeck plugins To add (external) plugins, add the jars to the /opt/rundeck-plugins volume and they will be copied over to Rundeck's libext directory at container startup +# Docker secrets +Reference: https://docs.docker.com/engine/swarm/secrets/ +The entrypoint run script will check for docker secrets set for RUNDECK_PASSWORD, DATABASE_ADMIN_PASSWORD, KEYSTORE_PASS, and TRUSTSTORE_PASS. If the secret has not been set, it will then check for the environment variable and finally default to generating a random value. + # Environment variables ``` diff --git a/content/opt/run b/content/opt/run index f8c7d11..70994b8 100644 --- a/content/opt/run +++ b/content/opt/run @@ -43,6 +43,21 @@ if [ ! -f "${initfile}" ]; then SERVER_PORT=80 fi fi + + # Docker secrets support + if [ -f /run/secrets/RUNDECK_PASSWORD ]; then + RUNDECK_PASSWORD = $(< /run/secrets/RUNDECK_PASSWORD) + fi + if [ -f /run/secrets/DATABASE_ADMIN_PASSWORD ]; then + DATABASE_ADMIN_PASSWORD = $(< /run/secrets/DATABASE_ADMIN_PASSWORD) + fi + if [ -f /run/secrets/KEYSTORE_PASS ]; then + KEYSTORE_PASS = $(< /run/secrets/KEYSTORE_PASS) + fi + if [ -f /run/secrets/TRUSTSTORE_PASS ]; then + TRUSTSTORE_PASS = $(< /run/secrets/TRUSTSTORE_PASS) + fi + DATABASE_URL=${DATABASE_URL:-"jdbc:mysql://localhost/rundeckdb?autoReconnect=true"} RUNDECK_PASSWORD=${RUNDECK_PASSWORD:-$(pwgen -s 15 1)} DATABASE_ADMIN_PASSWORD=${DATABASE_ADMIN_PASSWORD:-${RUNDECK_PASSWORD}}