How to use DB password from file/environment variable

Question

How to use DB password from file/environment variable

Closed this issue a year ago · 15 comments

Hello.

I would like to port packeton into Kubernetes, but in Kubernetes it is really hard to compose environment variables from secrets(a storage where passwords are stored). You can put Secret into environment variable OR mount it as a file

I am not familiar with Symfony, so I need help to figure out how can I configure Doctrine DBAL to get database password from file(preferred, as then password is not in environment variable) or from environment variable.

Also is it strictly needed to put database version into connection uri(Seems kind of stupid to me, but what do I know, I am not fond of Doctrine anyway)

Answer 1 · 2023-08-28T14:24:01.000Z

Hi, you may use DATABASE_URL as env variable.

DATABASE_URL=mysql://root:pass@127.0.0.1:3306/packagist?serverVersion=5.7&charset=utf8

DATABASE_URL=mysql://root:pass@127.0.0.1:3306/packagist?charset=utf8

Alternative. if it is impossible to place the whole database DSN as a secret, you may use .env.local

a) Remove default DATABASE_URL https://github.com/vtsykun/packeton/blob/master/Dockerfile#L70. I can create a PR for it.
b) Define default DATABASE_URL in .env.local of the project root.

# .env.local
DATABASE_URL="mysql://root:${DB_PASS}@127.0.0.1:3306/packagist"

And use env DB_PASS to set database password

    env:
    - name: DB_PASS
      valueFrom:
        secretKeyRef:
          name: db-pass
          key: db-pass

Also is it strictly needed to put database version into connection uri(Seems kind of stupid to me, but what do I know, I am not fond of Doctrine anyway).

Not required, but it makes the db connection is lazy, e.g. the cache:clear will try to connect to the database.

Answer 2 · 2023-08-29T09:38:03.000Z

I was more thinking of putting a new file somewhere with contents

doctrine:
    dbal:
        url: '%env(resolve:DATABASE_URL)%'
        password: '%env(resolve:DATABASE_PASSWORD)%'

But I do not know where I could put additional configs

Answer 3 · 2023-08-29T09:54:13.000Z

Hi, it's possible to add your own configuration to the config.yaml file, which is located in the docker data volume.

-rw-r--r-- 1              82              82 35577856 Aug 29 09:50 app.db
drwxr-xr-x 5              82              82     4096 Jul  5 10:34 composer
-rw-r--r-- 1              82              82      829 Aug 22 09:56 config.yaml
drwxr-xr-x 2              82              82     4096 Jun 10 16:48 keys
drwxr-xr-x 2 systemd-resolve systemd-network     4096 Aug 29 09:09 redis
drwxr-xr-x 2              82              82     4096 Jan  2  2023 ssh
drwxr-xr-x 9              82              82     4096 Jun  4 03:02 zipball

Also need to unset doctrine.dbal.url to use password. https://www.doctrine-project.org/projects/doctrine-dbal/en/current/reference/configuration.html

doctrine:
    dbal:
        url: null
        password: 123456
        host: 127.0.0.1
        port: 3306
        dbname: packeton
        charset: utf8mb4
        driver: pdo_mysql

Answer 4 · 2023-08-29T10:27:09.000Z

Hi. I updated docker image to resolve this problem with env priority #156

Now you may overwrite DATABASE_URL env in .env.local
and use environment variables in values by prefixing variables with $ https://symfony.com/doc/current/configuration.html#env-file-syntax

# .env.local in data volume

DATABASE_URL="mysql://root:${DB_PASS}@127.0.0.1:3306/packagist"

Answer 5 · 2023-08-29T10:35:10.000Z

I don't ever plan to use your docker image, it has way too much stuff in it (No need for cron, no need for redis, no supervisor needed, etc...)

Ah, so you just make symlink from /data/config.yaml to config/packages/zzz_config.yaml

So, could I just make ConfigMap object and mount it to config/packages/zzy_config.yaml and Symfony would pick it up?

Answer 6 · 2023-08-29T10:38:04.000Z

yes, you may mount any file to config/packages/*

Answer 7 · 2023-08-29T10:39:13.000Z

Thanks, that's what I needed to know

Answer 8 · 2023-08-29T13:14:20.000Z

Hi

I have

$cat /app/config/packages/zzy_config.yaml 
doctrine:
  dbal:
      url: null
      user: '%env(resolve:DATABASE_USER)%'
      password: '%env(resolve:DATABASE_PASSWORD)%'
      host: '%env(resolve:DATABASE_HOST)%'
      port: '%env(resolve:DATABASE_PORT)%'
      dbname: '%env(resolve:DATABASE_NAME)%'
      charset: utf8mb4
      driver: pdo_mysql

but when I try to migrate DB I get

$/app/bin/console doctrine:schema:update --force --complete --verbose
13:11:35 CRITICAL  [console] Error thrown while running command "doctrine:schema:update --force --complete --verbose". Message: "An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory" ["exception" => Doctrine\DBAL\Exception\ConnectionException^ { …},"command" => "doctrine:schema:update --force --complete --verbose","message" => "An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory"]

In ExceptionConverter.php line 101:
                                                                                         
  [Doctrine\DBAL\Exception\ConnectionException (2002)]                                   
  An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory

It possibly tries to get unix socket

Answer 9 · 2023-08-31T11:53:13.000Z

@vtsykun So, symfony is totally stupid somewhere... doctrine/DoctrineBundle#1699

Answer 10 · 2023-08-31T12:07:41.000Z

Hi, Try to run php bin/console debug:config doctrine to see the result config

doctrine:
    dbal:
        types:
            json_array:
                class: Doctrine\DBAL\Types\JsonType
            encrypted_text:
                class: Packeton\DBAL\Types\EncryptedTextType
            encrypted_array:
                class: Packeton\DBAL\Types\EncryptedArrayType
        connections:
            default:
                url: null
                user: '%env(resolve:DATABASE_USER)%'
                password: '%env(resolve:DATABASE_PASSWORD)%'
                host: '%env(resolve:DATABASE_HOST)%'
                port: '%env(resolve:DATABASE_PORT)%'
                dbname: '%env(resolve:DATABASE_NAME)%'
                charset: utf8mb4
                driver: pdo_mysql
                logging: true
                profiling: true
                profiling_collect_backtrace: false
                profiling_collect_schema_errors: true
                options: {  }
                mapping_types: {  }
                default_table_options: {  }
                schema_manager_factory: doctrine.dbal.legacy_schema_manager_factory
                slaves: {  }
                replicas: {  }

Answer 11 · 2023-08-31T12:13:37.000Z

An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory

Probably this error is not related to config issue

https://stackoverflow.com/questions/20723803/pdoexception-sqlstatehy000-2002-no-such-file-or-directory

Answer 12 · 2023-08-31T12:23:23.000Z

root@packeton-web-69bf5649ff-j7kn2:/app# php bin/console debug:config doctrine

Current configuration for extension with alias "doctrine"
=========================================================

doctrine:
    dbal:
        types:
            json_array:
                class: Doctrine\DBAL\Types\JsonType
            encrypted_text:
                class: Packeton\DBAL\Types\EncryptedTextType
            encrypted_array:
                class: Packeton\DBAL\Types\EncryptedArrayType
        connections:
            default:
                url: null
                user: test
                password: test
                host: test
                port: '1'
                dbname: test
                charset: utf8mb4
                driver: pdo_mysql
                logging: false
                profiling: false
                profiling_collect_backtrace: false
                profiling_collect_schema_errors: true
                options: {  }
                mapping_types: {  }
                default_table_options: {  }
                schema_manager_factory: doctrine.dbal.legacy_schema_manager_factory
                slaves: {  }
                replicas: {  }

packeton-web-69bf5649ff-j7kn2:/app# /app/bin/console doctrine:schema:update --force --complete --verbose
12:21:53 CRITICAL  [console] Error thrown while running command "doctrine:schema:update --force --complete --verbose". Message: "An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory" ["exception" => Doctrine\DBAL\Exception\ConnectionException^ { …},"command" => "doctrine:schema:update --force --complete --verbose","message" => "An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory"]

In ExceptionConverter.php line 101:
                                                                                         
  [Doctrine\DBAL\Exception\ConnectionException (2002)]                                   
  An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory

Answer 13 · 2023-08-31T12:26:40.000Z

var_dump at Doctrine\Bundle\DoctrineBundle::ConnectionFactory L66

array(8) {
  ["url"]=>
  string(0) ""
  ["driver"]=>
  string(9) "pdo_mysql"
  ["host"]=>
  string(9) "localhost"
  ["port"]=>
  NULL
  ["user"]=>
  string(4) "root"
  ["password"]=>
  NULL
  ["driverOptions"]=>
  array(0) {
  }
  ["defaultTableOptions"]=>
  array(0) {
  }
}

Answer 14 · 2023-08-31T12:38:48.000Z

Hi, db host = test and port = 1, looks as invalid. Also var_dump gives different result. please try to remove cache rm -rf var/cache/* and check DATABASE_PORT DATABASE_HOST env vars

doctrine:
    dbal:
        connections:
            default:
                url: null
                user: test
                password: test
                host: test
                port: '1'
                dbname: test

Answer 15 · 2023-08-31T13:02:00.000Z

So, OK in documentation under "Installation from source" section, you should tell to delete var/cache/* folder.. I had no idea(Because again.. not Symfony developer)