dokku/dokku-mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use authentication when creating database

Browse Source
This commit is contained in:
Loïc Guitaut
2015-09-15 19:35:20 +02:00
parent 2059c8356f
commit 31cefc9387
7 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -12,7 +12,6 @@ Official mongo plugin for dokku. Currently defaults to installing [mongo 3.0.6](
``` ```
cd /var/lib/dokku/plugins cd /var/lib/dokku/plugins
git clone https://github.com/dokku/dokku-mongo.git mongo git clone https://github.com/dokku/dokku-mongo.git mongo
dokku plugins-install-dependencies
dokku plugins-install dokku plugins-install
``` ```
@@ -65,7 +64,7 @@ dokku mongo:link lolipop playground
# the above will expose the following environment variables # the above will expose the following environment variables
# #
# MONGO_URL=mongo://172.17.0.1:27017/lolipop # MONGO_URL=mongo://l:PASSWORD@172.17.0.1:27017/lolipop
# MONGO_NAME=/lolipop/DATABASE # MONGO_NAME=/lolipop/DATABASE
# MONGO_PORT=tcp://172.17.0.1:27017 # MONGO_PORT=tcp://172.17.0.1:27017
# MONGO_PORT_27017_TCP=tcp://172.17.0.1:27017 # MONGO_PORT_27017_TCP=tcp://172.17.0.1:27017

17
commands
View File

@@ -27,16 +27,22 @@ case "$1" in
mkdir -p "$SERVICE_ROOT" || dokku_log_fail "Unable to create service directory" mkdir -p "$SERVICE_ROOT" || dokku_log_fail "Unable to create service directory"
mkdir -p "$SERVICE_ROOT/data" || dokku_log_fail "Unable to create service data directory" mkdir -p "$SERVICE_ROOT/data" || dokku_log_fail "Unable to create service data directory"
rootpassword=$(openssl rand -hex 16)
password=$(openssl rand -hex 16)
echo "$rootpassword" > "$SERVICE_ROOT/ROOTPASSWORD"
echo "$password" > "$SERVICE_ROOT/PASSWORD"
touch "$LINKS_FILE" touch "$LINKS_FILE"
dokku_log_info1 "Starting container" dokku_log_info1 "Starting container"
SERVICE_NAME=$(get_service_name "$SERVICE") SERVICE_NAME=$(get_service_name "$SERVICE")
ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_ROOT/data:/data" -d --restart always --label dokku=service --label dokku.service=mongo "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" mongod --storageEngine wiredTiger) ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_ROOT/data:/data" -d --restart always --label dokku=service --label dokku.service=mongo "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" mongod --storageEngine wiredTiger --auth)
echo "$ID" > "$SERVICE_ROOT/ID" echo "$ID" > "$SERVICE_ROOT/ID"
dokku_log_verbose_quiet "Waiting for container to be ready" dokku_log_verbose_quiet "Waiting for container to be ready"
docker run --rm --link "$SERVICE_NAME:$PLUGIN_COMMAND_PREFIX" aanand/wait > /dev/null docker run --rm --link "$SERVICE_NAME:$PLUGIN_COMMAND_PREFIX" aanand/wait > /dev/null
echo "db.createUser({user:'admin',pwd:'$rootpassword',roles:[{role:'userAdminAnyDatabase',db:'admin'}]})" | docker exec -i "$SERVICE_NAME" mongo admin > /dev/null
echo "db.createUser({user:'$SERVICE',pwd:'$password',roles:[{role:'readWrite',db:'$SERVICE'}]})" | docker exec -i "$SERVICE_NAME" mongo -u admin -p "$rootpassword" --authenticationDatabase admin "$SERVICE" > /dev/null
dokku_log_info2 "$PLUGIN_SERVICE container created: $SERVICE" dokku_log_info2 "$PLUGIN_SERVICE container created: $SERVICE"
dokku "$PLUGIN_COMMAND_PREFIX:info" "$SERVICE" dokku "$PLUGIN_COMMAND_PREFIX:info" "$SERVICE"
;; ;;
@@ -103,8 +109,9 @@ case "$1" in
verify_service_name "$2" verify_service_name "$2"
SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
SERVICE_NAME="$(get_service_name "$SERVICE")" SERVICE_NAME="$(get_service_name "$SERVICE")"
PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
docker exec "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && mongodump -d $SERVICE -o=\"\$DIR\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\"" docker exec "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && mongodump -d $SERVICE -o=\"\$DIR\" -u \"$SERVICE\" -p \"$PASSWORD\" --authenticationDatabase \"$SERVICE\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\""
;; ;;
$PLUGIN_COMMAND_PREFIX:import) $PLUGIN_COMMAND_PREFIX:import)
@@ -112,11 +119,12 @@ case "$1" in
verify_service_name "$2" verify_service_name "$2"
SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
SERVICE_NAME="$(get_service_name "$SERVICE")" SERVICE_NAME="$(get_service_name "$SERVICE")"
PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
if [[ -t 0 ]]; then if [[ -t 0 ]]; then
dokku_log_fail "No data provided on stdin." dokku_log_fail "No data provided on stdin."
fi fi
docker exec -i "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d $SERVICE \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\"" docker exec -i "$SERVICE_NAME" bash -c "DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d $SERVICE -u \"$SERVICE\" -p \"$PASSWORD\" --authenticationDatabase \"$SERVICE\" \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\""
;; ;;
$PLUGIN_COMMAND_PREFIX:logs) $PLUGIN_COMMAND_PREFIX:logs)
@@ -150,8 +158,9 @@ case "$1" in
verify_service_name "$2" verify_service_name "$2"
SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
SERVICE_NAME="$(get_service_name "$SERVICE")" SERVICE_NAME="$(get_service_name "$SERVICE")"
PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
docker exec -it "$SERVICE_NAME" mongo "$SERVICE" docker exec -it "$SERVICE_NAME" mongo -u "$SERVICE" -p "$PASSWORD" --authenticationDatabase "$SERVICE" "$SERVICE"
;; ;;
$PLUGIN_COMMAND_PREFIX:info) $PLUGIN_COMMAND_PREFIX:info)

4
functions
View File

@@ -247,10 +247,10 @@ service_unlink() {
service_url() { service_url() {
local SERVICE="$1" local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local ID="$(cat "$SERVICE_ROOT/ID")" local ID="$(cat "$SERVICE_ROOT/ID")"
local IP="$(get_container_ip "$ID")" local IP="$(get_container_ip "$ID")"
echo "$PLUGIN_SCHEME://$IP:${PLUGIN_DATASTORE_PORTS[0]}/$SERVICE" local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
echo "$PLUGIN_SCHEME://$SERVICE:$PASSWORD@$IP:${PLUGIN_DATASTORE_PORTS[0]}/$SERVICE"
} }
is_container_status () { is_container_status () {

3
tests/service_connect.bats
View File

@@ -24,6 +24,7 @@ teardown() {
@test "($PLUGIN_COMMAND_PREFIX:connect) success" { @test "($PLUGIN_COMMAND_PREFIX:connect) success" {
export ECHO_DOCKER_COMMAND="true" export ECHO_DOCKER_COMMAND="true"
run dokku "$PLUGIN_COMMAND_PREFIX:connect" l run dokku "$PLUGIN_COMMAND_PREFIX:connect" l
assert_output 'docker exec -it dokku.mongo.l mongo l' password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
assert_output "docker exec -it dokku.mongo.l mongo -u l -p $password --authenticationDatabase l l"
} }

3
tests/service_export.bats
View File

@@ -24,6 +24,7 @@ teardown() {
@test "($PLUGIN_COMMAND_PREFIX:export) success" { @test "($PLUGIN_COMMAND_PREFIX:export) success" {
export ECHO_DOCKER_COMMAND="true" export ECHO_DOCKER_COMMAND="true"
run dokku "$PLUGIN_COMMAND_PREFIX:export" l run dokku "$PLUGIN_COMMAND_PREFIX:export" l
assert_output "docker exec dokku.mongo.l bash -c DIR=\$(mktemp -d) && mongodump -d l -o=\"\$DIR\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\"" password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
assert_output "docker exec dokku.mongo.l bash -c DIR=\$(mktemp -d) && mongodump -d l -o=\"\$DIR\" -u \"l\" -p \"$password\" --authenticationDatabase \"l\" && tar cf - -C \"\$DIR\" . && rm -rf \"\$DIR\""
} }

3
tests/service_import.bats
View File

@@ -31,6 +31,7 @@ teardown() {
@test "($PLUGIN_COMMAND_PREFIX:import) success" { @test "($PLUGIN_COMMAND_PREFIX:import) success" {
export ECHO_DOCKER_COMMAND="true" export ECHO_DOCKER_COMMAND="true"
run dokku "$PLUGIN_COMMAND_PREFIX:import" l < "$PLUGIN_DATA_ROOT/fake.dump.tar" run dokku "$PLUGIN_COMMAND_PREFIX:import" l < "$PLUGIN_DATA_ROOT/fake.dump.tar"
assert_output "docker exec -i dokku.mongo.l bash -c DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d l \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\"" password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
assert_output "docker exec -i dokku.mongo.l bash -c DIR=\$(mktemp -d) && tar xf - -C \"\$DIR\" && mongorestore -d l -u \"l\" -p \"$password\" --authenticationDatabase \"l\" \$(find \"\$DIR\" -mindepth 1 -maxdepth 1 -type d | head -n1) && rm -rf \"\$DIR\""
} }

3
tests/service_info.bats
View File

@@ -21,5 +21,6 @@ teardown() {
@test "($PLUGIN_COMMAND_PREFIX:info) success" { @test "($PLUGIN_COMMAND_PREFIX:info) success" {
run dokku "$PLUGIN_COMMAND_PREFIX:info" l run dokku "$PLUGIN_COMMAND_PREFIX:info" l
assert_contains "${lines[*]}" "DSN: mongodb://172.17.0.34:27017/l" password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
assert_contains "${lines[*]}" "DSN: mongodb://l:$password@172.17.0.34:27017/l"
} }