Docker Secrets not working? #250
Description
For some reason, the container seems to not be reading from the secret file in my config. Here's my setup:
wallabag:
image: wallabag/wallabag:latest
hostname: wallabag
environment:
- TZ=America/Chicago
- MYSQL_ROOT_PASSWORD__FILE=/run/secrets/MySQL-PW
- SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
- SYMFONY__ENV__DATABASE_HOST=mysql
- SYMFONY__ENV__DATABASE_PORT=3306
- SYMFONY__ENV__DATABASE_NAME=wallabagtest
- SYMFONY__ENV__DATABASE_USER=wallabag
- SYMFONY__ENV__DATABASE_PASSWORD__FILE=/run/secrets/WallabagDB-PW
- SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
- SYMFONY__ENV__TWOFACTOR_AUTH=true
- SYMFONY__ENV__TWOFACTOR_SENDER=no-reply@test.com
- SYMFONY__ENV__FOSUSER_REGISTRATION=false
- SYMFONY__ENV__FOSUSER_CONFIRMATION=true
- SYMFONY__ENV__MAILER__USER=no-reply@test.com
- SYMFONY__ENV__MAILER_PASSWORD_FILE=Wallabag-Mailer-PW
- SYMFONY__ENV__FROM__EMAIL=no-reply@test.com
- SYMFONY__ENV__SECRET_FILE=/run/secrets/Wallabag-Secret
- SYMFONY__ENV__DOMAIN_NAME=https://my.domain.rocks
- SYMFONY__ENV__SERVER_NAME=Test
volumes:
- /mnt/i/Wallabag/Images:/var/www/wallabag/web/assets/images:rw
- /etc/localtime:/etc/localtime:ro
secrets:
- MySQL-PW
- WallabagDB-PW
- Wallabag-Secret
- Wallabag-Mailer-PW
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.labels.MainDaemon == true
resources:
limits:
cpus: '1.0'
memory: 500M
restart_policy:
condition: any
networks:
- odb
secrets:
MySQL-PW:
external: true
WallabagDB-PW:
external: true
Wallabag-Secret:
external: true
Wallabag-Mailer-PW:
external: true
Upon starting the service, it shows this error:
PLAY [localhost] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var TASK [Gathering Facts] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var ok: [localhost] TASK [needed dirs] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var ok: [localhost] => (item=/var/www/wallabag/app) ok: [localhost] => (item=/var/www/wallabag/app/config) ok: [localhost] => (item=/var/www/wallabag/data) changed: [localhost] => (item=/var/www/wallabag/data/assets) ok: [localhost] => (item=/var/www/wallabag/data/db) TASK [write parameters.yml] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var changed: [localhost] TASK [stat] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var skipping: [localhost] TASK [notify install for sqlite] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var skipping: [localhost] TASK [wait for db container] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var ok: [localhost] TASK [add mariadb db] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var fatal: [localhost]: FAILED! => {"changed": false, "msg": "unable to find /root/.my.cnf. Exception message: (1045, "Access denied for user 'root'@'10.0.4.43' (using password: NO)")"} RUNNING HANDLER [chown dir] bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var PLAY RECAP bin dev entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var localhost : ok=4 changed=2 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
Looks like it's not reading the mysql pw from the secret. I've tested the exact same secret on my actual MySQL container itself as well, and it works. I can also see the secrets do exist within the WallaBag container at /run/secrets/.
Any ideas anyone?