Service for mariadb not behaving as expected
randall-coding opened this issue · 2 comments
I'm adding a mariadb service following the instructions here, instead of using two container containers. In the two container version it worked by setting the environment variables shown below in the Acornfile. But setting those same variables on the service isn't having the intended effect. I'm unable to connect to my db via the website UI.
My Acornfile:
containers: {
website: {
image: "gamelaster/opensupports:latest"
ports: publish: [
"80/http"
]
env: {
TIMEZONE: "secret://env/timezone"
}
dirs: {
"/config": "volume://config"
}
dependsOn: ["mariadb"]
consumes: ["mariadb"]
}
}
services: mariadb: {
image: "ghcr.io/acorn-io/mariadb:v10.#.#-#" // pulls the latest 10.x version
environment: {
MYSQL_USER: "opensupports"
MYSQL_DATABASE: "opensupports"
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_PASSWORD: "secret://env/mysql_password"
}
}
secrets: env: {
external: "opensupports"
}
volumes: config: {
size: "1G"
accessModes: "readWriteOnce"
}
For reference here is the previous setup that worked using two containers.
containers {
...
mariadb: {
image: "mariadb"
ports: {
expose: ["3306:3306/tcp"]
}
dirs: {
"/var/lib/mysql": "volume://db"
}
env: {
MYSQL_USER: "opensupports"
MYSQL_DATABASE: "opensupports"
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_PASSWORD: "secret://env/mysql_password"
}
}
}
References:
https://docs.acorn.io/databases/mariadb
https://github.com/gamelaster/opensupports-docker
https://github.com/opensupports/opensupports
In your original example, it looks like you were pre-creating the secret with the mysql_password and using it in the container. Now you want to convert to using the MariaDB service.
tl;dr change your acornfile to look like this:
containers: {
website: {
image: "gamelaster/opensupports:latest"
ports: publish: [
"80/http"
]
env: {
TIMEZONE: "secret://env/timezone"
}
dirs: {
"/config": "volume://config"
}
consumes: ["mariadb"]
}
}
services: mariadb: {
image: "ghcr.io/acorn-io/mariadb:v10.#.#-#" // pulls the latest 10.x version
secrets: [
"user:user"
]
}
secrets: env: {
external: "opensupports"
}
secrets: user: type: "basic"
volumes: config: {
size: "1G"
accessModes: "readWriteOnce"
When you run this, you'll need to have a secret pre-created with a username and password:
acorn secret create user --data username=foo --data password=bar
then Run:
acorn run -s user:user [image]
Longer explanation. Services are acorns and do not support setting environment variables this way. The service acorn for example has two args, one to set the username (the password is randomly generated) and one to set the name of the db instance. In general we design the service acorns to not require any args so we generate random passwords. We also design so secrets are not passed on the command line. To avoid passing secrets on the CLI we have secret bindings.
In the Acornfile I modified we are creating a user secret that takes on the type basic which means it will have two keys username and password. This matches what the service Acorn expects. Then on the cli we set the username and password fields for the secret and then bind when we run with the -s user:user.
Thanks that fixed it.