I am going to create a service with postgres using secrets in Swarm mode:

/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> ll 12:26 aironman@MacBook-Pro-de-Alonso
Executing ls -lh
total 8
-rw-r--r-- 1 aironman staff 11B May 4 11:33 psql_user.txt
█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:26:44P
/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> bat psql_user.txt 12:26 aironman@MacBook-Pro-de-Alonso
File: psql_user.txt
mypsqluser

Creating a secret user file with super secret username

█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:26:51P
/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> docker secret create psql_user psql_user.txt
9noqpr67rmhiip0rlx6fko6t3

Creating a secret user file with super secret password. Not the best way.

Probably you will want to delete bash history after creating the psql_pass.

█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:29:12P
/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> echo "MyDBSupersecretPass" | docker secret create psql_pass
Error response from daemon: rpc error: code = InvalidArgument desc = secret data must be larger than 0 and less than 512000 bytes
█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:29:59P

Adding to the last sentence should do the work

/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> echo "MyDBSupersecretPass" | docker secret create psql_pass -
u7nr6461y4874x0jnjjylkvt5

Listing secrets…

█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:30:23P
/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> docker secret ls 12:30 aironman@MacBook-Pro-de-Alonso
ID NAME DRIVER CREATED UPDATED
u7nr6461y4874x0jnjjylkvt5 psql_pass 2 minutes ago 2 minutes ago
9noqpr67rmhiip0rlx6fko6t3 psql_user 3 minutes ago 3 minutes ago
█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:33:02P

Now Creating the service in swarm mode using secrets.

█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:37:08P
/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> docker service create --name psql --secret psql_user --secret psql_pass -e POSTGRES_PASSWORD_FILE=/run/secrets/psql_pass -e POSTGRES_USER_FILE=/run/secrets/psql_user postgres
plyldr4muwcsjh3gr41xk266j
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:37:39P

Listing service running in the psql container with secrets.

/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> docker container ls 12:37 aironman@MacBook-Pro-de-Alonso
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
afa8765be2ae postgres:latest "docker-entrypoint.s…" 16 seconds ago Up 15 seconds 5432/tcp psql.1.8rco80iqbqel7aqim0snscv2b

█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:53:28P
/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> docker exec -it afa8765be2ae bash 12:53 aironman@MacBook-Pro-de-Alonso
root@afa8765be2ae:/#
root@afa8765be2ae:/# ls /run/secrets/
psql_pass psql_user
root@afa8765be2ae:/# cat /run/secrets/psql_pass
MyDBSupersecretPass
root@afa8765be2ae:/# cat /run/secrets/psql_user
mypsqluser

More testing. Using serviceId instead of container name

/Users/aironman/gitProjects/udemy-docker-mastery/secrets-sample-1> docker logs psql.1.8rco80iqbqel7aqim0snscv2b


The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data … ok
creating subdirectories … ok
selecting dynamic shared memory implementation … posix
selecting default max_connections … 100
selecting default shared_buffers … 128MB
selecting default time zone … Etc/UTC
creating configuration files … ok
running bootstrap script … ok
performing post-bootstrap initialization … ok
initdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
syncing data to disk … ok

Success. You can now start the database server using:

pg_ctl -D /var/lib/postgresql/data -l logfile start

waiting for server to start….2021-06-16 10:37:34.525 UTC [50] LOG: starting PostgreSQL 13.3 (Debian 13.3-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
2021-06-16 10:37:34.527 UTC [50] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2021-06-16 10:37:34.531 UTC [51] LOG: database system was shut down at 2021-06-16 10:37:34 UTC
2021-06-16 10:37:34.535 UTC [50] LOG: database system is ready to accept connections
done
server started
CREATE DATABASE

/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*

2021-06-16 10:37:34.774 UTC [50] LOG: received fast shutdown request
waiting for server to shut down….2021-06-16 10:37:34.774 UTC [50] LOG: aborting any active transactions
2021-06-16 10:37:34.775 UTC [50] LOG: background worker "logical replication launcher" (PID 57) exited with exit code 1
2021-06-16 10:37:34.776 UTC [52] LOG: shutting down
2021-06-16 10:37:34.783 UTC [50] LOG: database system is shut down
done
server stopped

PostgreSQL init process complete; ready for start up.

2021-06-16 10:37:34.895 UTC [1] LOG: starting PostgreSQL 13.3 (Debian 13.3-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
2021-06-16 10:37:34.895 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2021-06-16 10:37:34.895 UTC [1] LOG: listening on IPv6 address "::", port 5432
2021-06-16 10:37:34.898 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2021-06-16 10:37:34.901 UTC [78] LOG: database system was shut down at 2021-06-16 10:37:34 UTC
2021-06-16 10:37:34.905 UTC [1] LOG: database system is ready to accept connections
█▓▒░aironman@MacBook-Pro-de-Alonso░▒▓██▓▒░ Wed Jun 16 12:58:12P

Work in progress, Thank you Brett, oh captain, my captain.

Dead Poets Society

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s