Skip to content

Container in Ubuntu aarch64 machine cannot use Docker Secrets feature #1339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
frouyang opened this issue May 8, 2025 · 2 comments
Open

Container in Ubuntu aarch64 machine cannot use Docker Secrets feature #1339

frouyang opened this issue May 8, 2025 · 2 comments

Comments

@frouyang
Copy link

frouyang commented May 8, 2025
edited
Loading

I once built a postgres container in an Ubuntu x86_64 machine, and everything's fine. Yet when I tried to build the container with the same commands in an Ubuntu aarch64 machine, it failed.

The commands are:

docker volume create pgdata
docker create --name=mydb -e POSTGRES_DB=wiki -e POSTGRES_USER=wiki -e POSTGRES_PASSWORD_FILE=/etc/wiki/.db-secret -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro -v pgdata:/var/lib/postgresql/data --restart=unless-stopped -h db --network=wikinet postgres:17
docker start mydb

Using docker ps command to check the container status, will show the following :

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bad868f86f56 postgres:17 "docker-entrypoint.s…" 30 seconds ago Restarting (1) Less than a second ago mydb

Then debug using docker logs mydb command, it shows :

Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".

   You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
   connections without a password. This is *not* recommended.

   See PostgreSQL documentation about "trust":
   https://www.postgresql.org/docs/current/auth-trust.html

Then I modify the commands, using POSTGRES_PASSWORD instead of POSTGRES_PASSWORD_FILE, and it works.
I checked postgres:17, postgres:16, postgres:15, and they had the same error.
@tianon
Copy link
Member

tianon commented May 8, 2025

Are you certain that /etc/wiki/.db-secret exists on the new host? If it doesn't, then with -v Docker will auto-create it as a directory, which will then have surprising behavior inside the container (that's expecting it to be a file). You can double check this with ls -ld /etc/wiki/.db-secret as your container command and on the host. I'd also suggest switching from -v to the more verbose --mount flag, which avoids this behavior (although if your -v already created the directory, it obviously won't fix that for you 😅).

@frouyang
Copy link
Author

frouyang commented May 9, 2025

Are you certain that /etc/wiki/.db-secret exists on the new host? If it doesn't, then with -v Docker will auto-create it as a directory, which will then have surprising behavior inside the container (that's expecting it to be a file). You can double check this with ls -ld /etc/wiki/.db-secret as your container command and on the host. I'd also suggest switching from -v to the more verbose --mount flag, which avoids this behavior (although if your -v already created the directory, it obviously won't fix that for you 😅).

Yes. I created this file with this command

openssl rand -base64 32 > /etc/wiki/.db-secret

And checked to confirm that it contained the correct character. I even tried to hand write a password in this file, and it behaved same.

The response of ls -ld /etc/wiki/.db-secret is :
-rw-rw-r-- 1 root root 16 May 7 23:45 /etc/wiki/.db-secret

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tianon @frouyang