Comments (7)
I'm thinking about where someone uses this solution off the shelf and isn't paying attention. Unfortunately, that happens more than we'd like.
The defaults in the docker-compose.yml have ssh enabled using the keys in the repo for the pgpool, backup, and initial master containers. Would it be possible to define generating the keys in the docker-compose file and initially place them on a volume to be shared between the containers? That would give you a working setup out of the box without having default keys hardcoded.
from postdock.
Good case when you should look on what you install in production 😄
But I got your point, unfortunately the maximum we can do here is to stop populating keys with docker build
and don't allow to start SSH without keys. So it will enforce user of the system to create and put keys...
from postdock.
Well, the first thing is that in all of your containers you should have the same set of keys...right? otherwise they will not be able to talk. So you can't generate keys independently in all containers.
Secondly you should not enable SSH by default. There are no points to have SSH running in all of your containers.
And the last thing is that there is possibility to populate keys from ENV... but recommended way is to mount those files in your containers from secrets, so it will not be visible from env
command.
Example from kubernetes
from postdock.
Or alert him about default keys....
from postdock.
Using env variables to control ssh-keys and passwords and then using the technique outlined in https://github.com/docker-library/postgres/blob/master/docker-entrypoint.sh#L4-L25
There would then be an env variable called, for example, SSH_PUBKEY which can be populated directly or the user can define a SSH_PUBKEY_FILE which will point to a file typically generated by some secrets manager. Or even by using volumes.
from postdock.
from postdock.
1.8 released
from postdock.
Related Issues (20)
- env CONFIG variable can't be correctly parsed HOT 1
- Containers are not generated with postgres-10_repmgr-3.2_pgpool-3.7_barman-2.4.yml HOT 3
- pgpool building failing: libssl returns 404 not found HOT 1
- How do i separate docker-compose in multiple machine ?
- How long could you release a new version for Postgresql 12? HOT 1
- Data directory "/var/lib/postgresql/data" has wrong ownership in Kubernetes
- Poor performance benchmarks
- Remove openssh-server from the images
- Support for multiple users and multiple databases
- Help with installation and configuration
- Support for TimescaleDB extension HOT 1
- killing primary results in it not being able to rejoin HOT 3
- apt repository atalia.postgresql.org/morgue should be replaced by apt-archive.postgresql.org HOT 9
- How to enable pg_stat_statements? HOT 1
- Can't build correct *.Dockerfile from dockerfile templates (near empty *.Dockerfile) HOT 1
- Postgres cannot start after restart! HOT 1
- Docker Images for ARM-based CPU Architectures HOT 1
- Project Status HOT 3
- Is the server running on host "pgmaster"?
- Resolving atalia.postgresql.org 404 NOT FOUND HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postdock.