2015-10-23 22:31 GMT+03:00 Honza Horak <hhorak@redhat.com>:
That sounds to me like a security catastrophe.
In cases user cares about keeping the container password unknown to other containers and docker daemon itself, the stack can be initialized with some init-only root password and changed afterwards. If I understand what your concern is, it's the reset of the password, right? I guess we may change that behavior to not do anything if password is not set and data directory is already initialized. Is it something what would help here from your point of view?
Suggestion: use unix_socket for mysql root as the authentication method, and you don't need a password for it at all, thus avoiding the password management problem when creating the container. Once to container is running, ssh into the centos7-mariadb-container and create the user accounts with the passwords you need. You don't need to store them as part of the container in plain-text anywhere, just save them at the other end of the connection where it is actually needed. Create docker container for master mysqld: docker run -e MYSQL_DATABASE=db -d centos/mariadb-100-centos7 mysqld-master Create users into the newly bootstrapped database: docker exec -it <container id> mysql -u root -e 'create user appuser identified by password.....' db docker exec -it <container id> mysql -u root -e 'create user slaveuser identified by password.....' db Alternatively you could create these users directly into the database before running it in a container, or they might exist already when you run the container on an old database. You anyway need to factor in that the database must be on a data volume and that you will be restarting the mysqld container using the same 'docker run' command above. Then you save the appuser and slaveuser credentials into your provisioning system and use them when you start the apps or slaves that want to connect to you master mysqld container. Slaves could start with: docker run -e MYSQL_MASTER_USER=slaveuser \ -e MYSQL_MASTER_PASSWORD=<xxx> \ -e MYSQL_DATABASE=db \ -e MYSQL_MASTER_SERVICE_NAME=<master_ip> \ -d centos/mariadb-100-centos7 mysqld-slave One password is still here, but it might be required here so that the slave can reconnect any any time. Storing the password somehow in a file on the slave container would perhaps be the best avenue to solve the insecure env variables issue. Note: I haven't actually tested if this really works, I am just throwing ideas.