From 8841d78c13c18c1f61b7cf977b283178719f6019 Mon Sep 17 00:00:00 2001 From: DanielRadlAMR Date: Sat, 19 Jul 2025 04:57:10 +0200 Subject: [PATCH] Add Docker Secrets Support for Database Password & fixed missing boto3 dependency in tests (#1657) * Added overrider to use docker secrets for mariadb password * typo in overrider file name * typo in overrider mariadb-secrets * typo in overriider mariadb-secrets * Secrets enviroment variable override * secrets need different enviroment variable name * no - for env variables * Updated deprecated MinIO Env Variables * refactored to be more robust and better error handling * temprary debugging changes * Revert "temprary debugging changes" This reverts commit d01931064d236cd9f61fdbaf695c39ba3fce20a5. * Revert "refactored to be more robust and better error handling" This reverts commit fe508668a8ad8c749b8ce21e9a6476159da5221e. * Revert "Updated deprecated MinIO Env Variables" This reverts commit 76e66b5262c95b4ccbc7db17e68f8c60a6aeb3bc. * manually added boto3 before running _create_bucket * lint formatting --- docs/environment-variables.md | 4 ++++ example.env | 3 +++ overrides/compose.mariadb-secrets.yaml | 13 +++++++++++++ overrides/compose.mariadb.yaml | 4 ++-- tests/conftest.py | 1 + 5 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 overrides/compose.mariadb-secrets.yaml diff --git a/docs/environment-variables.md b/docs/environment-variables.md index b1a44d9f..616b06fa 100644 --- a/docs/environment-variables.md +++ b/docs/environment-variables.md @@ -25,6 +25,10 @@ Frappe framework release. You can find all releases [here](https://github.com/fr Password for MariaDB (or Postgres) database. +### `DB_PASSWORD_SECRETS_FILE` + +Path to the db_password.txt file. Set only if you use docker secrets for the database password (use `overrides/compose.mariadb-secrets.yaml`) + ### `DB_HOST` Hostname for MariaDB (or Postgres) database. Set only if external service for database is used or the container can not be reached by its service name (db) by other containers. diff --git a/example.env b/example.env index 1fe9bca2..b43ef938 100644 --- a/example.env +++ b/example.env @@ -4,6 +4,9 @@ ERPNEXT_VERSION=v15.70.2 DB_PASSWORD=123 +#Only if you use docker secrets for the db password +DB_PASSWORD_SECRETS_FILE= + # Only if you use external database DB_HOST= DB_PORT= diff --git a/overrides/compose.mariadb-secrets.yaml b/overrides/compose.mariadb-secrets.yaml new file mode 100644 index 00000000..a8172431 --- /dev/null +++ b/overrides/compose.mariadb-secrets.yaml @@ -0,0 +1,13 @@ +services: + db: + environment: + MYSQL_ROOT_PASSWORD: !reset null + MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_password + healthcheck: + test: mysqladmin ping -h localhost --password="$(cat /run/secrets/db_password)" + secrets: + - db_password + +secrets: + db_password: + file: ${DB_PASSWORD_SECRETS_FILE:?No db secret file set} diff --git a/overrides/compose.mariadb.yaml b/overrides/compose.mariadb.yaml index 1d6e55c6..ebce5038 100644 --- a/overrides/compose.mariadb.yaml +++ b/overrides/compose.mariadb.yaml @@ -10,7 +10,7 @@ services: db: image: mariadb:10.6 healthcheck: - test: mysqladmin ping -h localhost --password=${DB_PASSWORD} + test: mysqladmin ping -h localhost --password=${DB_PASSWORD:-123} interval: 1s retries: 20 restart: unless-stopped @@ -20,7 +20,7 @@ services: - --skip-character-set-client-handshake - --skip-innodb-read-only-compressed # Temporary fix for MariaDB 10.6 environment: - MYSQL_ROOT_PASSWORD: ${DB_PASSWORD:?No db password set} + MYSQL_ROOT_PASSWORD: ${DB_PASSWORD:-123} volumes: - db-data:/var/lib/mysql diff --git a/tests/conftest.py b/tests/conftest.py index 55838c6b..c6ff166a 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -151,6 +151,7 @@ def s3_service(python_path: str, compose: Compose): subprocess.check_call(cmd) compose("cp", "tests/_create_bucket.py", "backend:/tmp") + compose.exec("backend", "bench", "pip", "install", "boto3~=1.34.143") compose.exec( "-e", f"S3_ACCESS_KEY={access_key}",