docker: Support docker swarm secrets. (#3977)

Fixes #3896
This commit is contained in:
Harshavardhana 2017-04-08 01:43:40 -07:00 committed by GitHub
parent 0497d5c342
commit 6e9ac8db59
5 changed files with 87 additions and 17 deletions

View File

@ -15,5 +15,13 @@ RUN \
rm -rf /go/pkg /go/src /usr/local/go && apk del .build-deps rm -rf /go/pkg /go/src /usr/local/go && apk del .build-deps
EXPOSE 9000 EXPOSE 9000
ENTRYPOINT ["minio"]
COPY buildscripts/docker-entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/docker-entrypoint.sh
ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
VOLUME ["/export"] VOLUME ["/export"]
CMD ["minio"]

View File

@ -15,5 +15,13 @@ RUN \
rm -rf /go/pkg /go/src /usr/local/go && apk del .build-deps rm -rf /go/pkg /go/src /usr/local/go && apk del .build-deps
EXPOSE 9000 EXPOSE 9000
ENTRYPOINT ["minio"]
COPY buildscripts/docker-entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/docker-entrypoint.sh
ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
VOLUME ["/export"] VOLUME ["/export"]
CMD ["minio"]

View File

@ -15,5 +15,13 @@ RUN \
rm -rf /go/pkg /go/src /usr/local/go && apk del .build-deps rm -rf /go/pkg /go/src /usr/local/go && apk del .build-deps
EXPOSE 9000 EXPOSE 9000
ENTRYPOINT ["minio"]
COPY buildscripts/docker-entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/docker-entrypoint.sh
ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
VOLUME ["/export"] VOLUME ["/export"]
CMD ["minio"]

View File

@ -0,0 +1,43 @@
#!/bin/sh
#
# Minio Cloud Storage, (C) 2017 Minio, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# if command starts with an option, prepend minio
if [ "${1}" != "minio" ]; then
if [ -n "${1}" ]; then
set -- minio "$@"
fi
fi
## Look for swarm secrets in default location.
file_env() {
local MINIO_ACCESS_KEY_FILE="/run/secrets/access_key"
local MINIO_SECRET_KEY_FILE="/run/secrets/secret_key"
if [ -f $MINIO_ACCESS_KEY_FILE -a -f $MINIO_SECRET_KEY_FILE ]; then
if [ -f $MINIO_ACCESS_KEY_FILE ]; then
export MINIO_ACCESS_KEY="$(cat "$MINIO_ACCESS_KEY_FILE")"
fi
if [ -f $MINIO_SECRET_KEY_FILE ]; then
export MINIO_SECRET_KEY="$(cat "$MINIO_SECRET_KEY_FILE")"
fi
fi
}
## Set env if necessary.
file_env
exec "$@"

View File

@ -1,11 +1,9 @@
# Minio Docker Quickstart Guide [![Slack](https://slack.minio.io/slack?type=svg)](https://slack.minio.io) [![Go Report Card](https://goreportcard.com/badge/minio/minio)](https://goreportcard.com/report/minio/minio) [![Docker Pulls](https://img.shields.io/docker/pulls/minio/minio.svg?maxAge=604800)](https://hub.docker.com/r/minio/minio/) [![codecov](https://codecov.io/gh/minio/minio/branch/master/graph/badge.svg)](https://codecov.io/gh/minio/minio) # Minio Docker Quickstart Guide [![Slack](https://slack.minio.io/slack?type=svg)](https://slack.minio.io) [![Go Report Card](https://goreportcard.com/badge/minio/minio)](https://goreportcard.com/report/minio/minio) [![Docker Pulls](https://img.shields.io/docker/pulls/minio/minio.svg?maxAge=604800)](https://hub.docker.com/r/minio/minio/) [![codecov](https://codecov.io/gh/minio/minio/branch/master/graph/badge.svg)](https://codecov.io/gh/minio/minio)
## Prerequisites ## Prerequisites
Docker installed on your machine. Download the relevant installer from [here](https://www.docker.com/community-edition#/download). Docker installed on your machine. Download the relevant installer from [here](https://www.docker.com/community-edition#/download).
## Run Standalone Minio on Docker. ## Run Standalone Minio on Docker.
Minio needs a persistent volume to store configuration and application data. However, for testing purposes, you can launch Minio by simply passing a directory (`/export` in the example below). This directory gets created in the container filesystem at the time of container start. But all the data is lost after container exits. Minio needs a persistent volume to store configuration and application data. However, for testing purposes, you can launch Minio by simply passing a directory (`/export` in the example below). This directory gets created in the container filesystem at the time of container start. But all the data is lost after container exits.
```sh ```sh
@ -15,7 +13,6 @@ docker run -p 9000:9000 minio/minio server /export
To create a Minio container with persistent storage, you need to map local persistent directories from the host OS to virtual config `~/.minio` and export `/export` directories. To do this, run the below commands To create a Minio container with persistent storage, you need to map local persistent directories from the host OS to virtual config `~/.minio` and export `/export` directories. To do this, run the below commands
#### GNU/Linux and macOS #### GNU/Linux and macOS
```sh ```sh
docker run -p 9000:9000 --name minio1 \ docker run -p 9000:9000 --name minio1 \
-v /mnt/export/minio1:/export \ -v /mnt/export/minio1:/export \
@ -24,7 +21,6 @@ docker run -p 9000:9000 --name minio1 \
``` ```
#### Windows #### Windows
```sh ```sh
docker run -p 9000:9000 --name minio1 \ docker run -p 9000:9000 --name minio1 \
-v D:\export\minio1:/export \ -v D:\export\minio1:/export \
@ -33,7 +29,6 @@ docker run -p 9000:9000 --name minio1 \
``` ```
## Run Distributed Minio on Docker ## Run Distributed Minio on Docker
Distributed Minio can be deployed via [Docker Compose](https://docs.docker.com/compose/overview/) or [Swarm mode](https://docs.docker.com/engine/swarm/). The major difference between these two being, Docker Compose creates a single host, multi-container deployment, while Swarm mode creates a multi-host, multi-container deployment. Distributed Minio can be deployed via [Docker Compose](https://docs.docker.com/compose/overview/) or [Swarm mode](https://docs.docker.com/engine/swarm/). The major difference between these two being, Docker Compose creates a single host, multi-container deployment, while Swarm mode creates a multi-host, multi-container deployment.
This means Docker Compose lets you quickly get started with Distributed Minio on your computer - ideal for development, testing, staging environments. While deploying Distributed Minio on Swarm offers a more robust, production level deployment. This means Docker Compose lets you quickly get started with Distributed Minio on your computer - ideal for development, testing, staging environments. While deploying Distributed Minio on Swarm offers a more robust, production level deployment.
@ -44,11 +39,9 @@ This means Docker Compose lets you quickly get started with Distributed Minio on
## Minio Docker Tips ## Minio Docker Tips
### Minio Custom Access and Secret Keys ### Minio Custom Access and Secret Keys
To override Minio's auto-generated keys, you may pass secret and access keys explicitly as environment variables. Minio server also allows regular strings as access and secret keys. To override Minio's auto-generated keys, you may pass secret and access keys explicitly as environment variables. Minio server also allows regular strings as access and secret keys.
#### GNU/Linux and macOS #### GNU/Linux and macOS
```sh ```sh
docker run -p 9000:9000 --name minio1 \ docker run -p 9000:9000 --name minio1 \
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
@ -59,8 +52,7 @@ docker run -p 9000:9000 --name minio1 \
``` ```
#### Windows #### Windows
```powershell
```sh
docker run -p 9000:9000 --name minio1 \ docker run -p 9000:9000 --name minio1 \
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
-e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
@ -68,8 +60,23 @@ docker run -p 9000:9000 --name minio1 \
-v D:\export\minio1-config:/root/.minio \ -v D:\export\minio1-config:/root/.minio \
minio/minio server /export minio/minio server /export
``` ```
### Retrieving Container ID
### Minio Custom Access and Secret Keys using Docker secrets
To override Minio's auto-generated keys, you may pass secret and access keys explicitly by creating access and secret keys as [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). Minio server also allows regular strings as access and secret keys.
```
echo "AKIAIOSFODNN7EXAMPLE" | docker secret create access_key -
echo "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" | docker secret create secret_key -
```
Create a Minio service using `docker service` to read from Docker secrets.
```
docker service create --name="minio-service" --secret="access_key" --secret="secret_key" minio/minio server /export
```
Read more about `docker service` [here](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/)
### Retrieving Container ID
To use Docker commands on a specific container, you need to know the `Container ID` for that container. To get the `Container ID`, run To use Docker commands on a specific container, you need to know the `Container ID` for that container. To get the `Container ID`, run
```sh ```sh
@ -79,7 +86,6 @@ docker ps -a
`-a` flag makes sure you get all the containers (Created, Running, Exited). Then identify the `Container ID` from the output. `-a` flag makes sure you get all the containers (Created, Running, Exited). Then identify the `Container ID` from the output.
### Starting and Stopping Containers ### Starting and Stopping Containers
To start a stopped container, you can use the [`docker start`](https://docs.docker.com/engine/reference/commandline/start/) command. To start a stopped container, you can use the [`docker start`](https://docs.docker.com/engine/reference/commandline/start/) command.
```sh ```sh
@ -87,13 +93,11 @@ docker start <container_id>
``` ```
To stop a running container, you can use the [`docker stop`](https://docs.docker.com/engine/reference/commandline/stop/) command. To stop a running container, you can use the [`docker stop`](https://docs.docker.com/engine/reference/commandline/stop/) command.
```sh ```sh
docker stop <container_id> docker stop <container_id>
``` ```
### Minio container logs ### Minio container logs
To access Minio logs, you can use the [`docker logs`](https://docs.docker.com/engine/reference/commandline/logs/) command. To access Minio logs, you can use the [`docker logs`](https://docs.docker.com/engine/reference/commandline/logs/) command.
```sh ```sh
@ -101,7 +105,6 @@ docker logs <container_id>
``` ```
### Monitor Minio Docker Container ### Monitor Minio Docker Container
To monitor the resources used by Minio container, you can use the [`docker stats`](https://docs.docker.com/engine/reference/commandline/stats/) command. To monitor the resources used by Minio container, you can use the [`docker stats`](https://docs.docker.com/engine/reference/commandline/stats/) command.
```sh ```sh