Mariadb - creation with docker secrets not working

kevdog · 16 October 2020 03:27

I’ve started out with an empty mariadb with following compose file:

docker-compose.yml

version: '3.7'

secrets:
  mysql-user_secret:
    file: ./mysql-user.secret
  mysql-root_secret:
    file: ./mysql-root.secret

services:

db:
    container_name: mariadb
    image: linuxserver/mariadb:latest
    restart: always
    hostname: mariadb-bitwarden_rs
    secrets:
      - mysql-user_secret
      - mysql-root_secret
    networks:
      - bitwarden_rs_net
    ports:
      - 3306:3306
    environment:
      - TZ
      - PUID=1000
      - GUID=1000
      #- FILE__MYSQL_ROOT_PASSWORD=/run/secrets/mysql-root_secret
      - MYSQL_ROOT_PASSWORD=rootpass
      #- FILE__MYSQL_PASSWORD=/run/secrets/mysql-user_secret
      - MYSQL_PASSWORD=bwuserpass
      - MYSQL_DATABASE=bitwarden
      - MYSQL_USER=bitwarden-user
    volumes:
      - /var/data/db:/config

Specifically if I specify the passwords in the compose file as shown above, I’m able to login into container and subsequently log into mysql (mysql -u root -prootpass)

However if I delete the bin mounted volume, recreate the container and use similar compose file except for following changes:

  - FILE__MYSQL_ROOT_PASSWORD=/run/secrets/mysql-root_secret
  #- MYSQL_ROOT_PASSWORD=rootpass
  - FILE__MYSQL_PASSWORD=/run/secrets/mysql-user_secret
  #- MYSQL_PASSWORD=bwuserpass

I can login to container, but I can’t login to database:

root@mariadb-bitwarden_rs:/# mysql -u root -prootpass
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Here is content of the mysql-root.secret file:

#cat mysql-root.secret              
rootpass

Is the secret process not working or am I doing something wrong??

aptalca · 16 October 2020 11:11

Likely your secret has a trailing newline
Use printf to create it, not echo

kevdog · 16 October 2020 12:34

@aptalca
Sorry for wasting your time. I didn’t create the password secret files with echo but vim. I started investing some things and it turns out that .vimrc needs a setting set nofixendofline. Somehow without that setting it was putting another hidden character at the end of the line that I couldn’t see in the editor. I guess cat -A is also a nice command when trying to hunt down problems like this.

Bottom line: sorry for wasting your time.

system · 21 October 2020 12:34

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.