15

I'm using Docker to create a specific nginx container with SSL.

But I don't want my SSL files to be kept in my versionning system as is. Therefore they are encrypted. When building a docker container, I need the password to decrypt the files and test my nginx configuration.

I'm using read to get a prompt in my install script but Docker simply stops on the prompt:

 + echo 'Please enter the password for the SSL certificates: '
 + read -s SSL_PASSWORD
INFO[0008] The command [/bin/sh -c /build/setup.sh && /build/cleanup.sh] returned a non-zero code: 1

Is there some way to get a prompt when doing a docker build ?

Thanks for your help :)

achedeuzot
  • 4,164
  • 4
  • 41
  • 56
  • tools such as expect may help, see http://expect.sourceforge.net/ – user2915097 Apr 03 '15 at 13:10
  • @user2915097 Well, if I understand `expect` correctly, it saves the actions you do and "re-plays" them. But, **I don't want** to put my password into any script, or the encryption would be completely useless. It **must** be through a prompt. – achedeuzot Apr 03 '15 at 13:13
  • My bad, what I said is correct for `autoexpect`. But the problem is that my `docker build` is running inside a VM (boot2docker), so I don't know if what I'm trying to do is even possible. – achedeuzot Apr 03 '15 at 13:17
  • I think you will have to do this at run-time, either by passing an environment variable which is handled by a script to do some init stuff or `docker exec` into the container and do it manually. I suppose you could also do it manually then `docker commit` the image. – Adrian Mouat Apr 03 '15 at 13:29
  • Yes it is possible, boot2docker or direct Linux makes no difference,see for example https://github.com/CannyComputing/Dockerfile-Ubuntu-Gnome/blob/master/start-vnc-expect-script.sh or http://hondou.homedns.org/pukiwiki/pukiwiki.php?Docker%20Glassfish – user2915097 Apr 03 '15 at 13:32

2 Answers2

9

Well, after searching around, there's not way to have a prompt during a docker build. It has been designed to be fully automated.

I'll do this step during the docker run then.

Thanks to a certain larsks on the IRC #docker group, there's an interesting read about these issues at https://github.com/GoogleCloudPlatform/kubernetes/issues/2030

aioobe
  • 413,195
  • 112
  • 811
  • 826
achedeuzot
  • 4,164
  • 4
  • 41
  • 56
0

Use expect command as it is like executing from a commandline. COPY expect script from docker host and run it.

Community
  • 1
  • 1
fx-kirin
  • 1,906
  • 1
  • 20
  • 33
  • This could work, but if it's about passwords and other sensitive data that you don't want to have in a script it doesn't really solve the problem (cf initial comments that already suggestest `expect` and `autoexpect`). You'll still have to put the password into the script which is a bad idea. But it might be useful in some cases... – achedeuzot Jan 19 '17 at 16:55