Home > Enterprise >  docker compose interactive container - run vs up
docker compose interactive container - run vs up

Time:11-17

I am having a docker application which is running a python flask rest api. I would like the user to input (getpass()) the database password instead of having it in any open readable config file. Since I am also using docker network to resolve the dns names I would like to use docker compose up instead of docker compose run. Because run always creates new containers which is intefering my name resolution.

This is the docker compose file (illustrating just the effected service):

version: '3.4'

services:
  rest-api:
    image: rest_api:latest
    container_name: rest_api
    tty: true
    stdin_open: true
    ports:
      - 5000:5000
    networks:
      - mynetwork

networks:
  mynetwork:
    name: any_network

When starting the service with docker compose up it is just waiting without getting the prompt and the terminal does not react to any input by the user. docker compose up CLI

With docker compose run the input field is working properly but name resoultion is not working anymore since a new container name is created. docker compose run CLI with user prompt

What would you recommend to overcome this issue?

  • Shall I define static IP addresses in the compose file for all my services?
  • Can I have an encrypted config file to store the password? But I actually dont want any hardcoded passwords to open the config.
  • I know that the run command brings somehow its own terminal settings. Can I have compose up behave in the same way? What settings may I need to add to the compose file then?
  • Shall I simply remove the containers after stopping them and always start compose run with --name in it to ensure the container naming? But then I would need to start all my services separately instead of just using the compose up command to start all at once. As I remember the run command also needs the port expose parameter since it is not read from the compose file,right?

Many thanks for any advice!

CodePudding user response:

You can try using docker secrets as mentioned in the official documentation.

If you don't want to define the secret in the docker-compose file, then you can manually create it beforehand using docker secret create command.

Example: echo "DBPASS" | docker secret create db_pass -

CodePudding user response:

You should absolutely use docker-compose up to start your containers. run is intended for "one-off" containers with configuration inspired by your Compose file. You might use it to run migrations, for example, but not your main service.

Compose never interacts with its input in any meaningful way; your proposal to interactively request a password and then run in the background isn't something Compose can do. One useful approach can be to put the credential in an environment variable, like

services:
  rest-api:
    environment:
      - DATABASE_PASSWORD # with no value

and then provide that password when you start the container stack

DATABASE_PASSWORD=passw0rd docker-compose up -d

(Completely ignore the container-private IP addresses. You never need to know or manually specify them.)

  • Related