[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Secrets and STI

Hi guys,

I’m trying to build an app on openshift using STI, but the app requires some credentials to retrieve its dependencies from a private registry. I was thinking about using a secret for the config file that holds the credentials, but I can’t find how to access it from inside the STI builder container (in the “assemble” script).

If I understand correctly, the secret should be mounted somewhere in /var/run/secrets, but it seems like there are no volumes defined in the container config :

docker.go:350] Creating container using config: {Hostname: Domainname: User: Memory:0 MemorySwap:0 CPUShares:0 CPUSet: AttachStdin:false AttachStdout:true AttachStderr:false PortSpecs:[] ExposedPorts:map[] Tty:false OpenStdin:true StdinOnce:true Env:[OPENSHIFT_BUILD_REFERENCE=master OPENSHIFT_BUILD_NAME=... OPENSHIFT_BUILD_NAMESPACE=test OPENSHIFT_BUILD_SOURCE=...] Cmd:[/bin/sh -c tar -C /tmp -xf - && /tmp/scripts/assemble] DNS:[] Image:registry.access.redhat.com/openshift3/nodejs-010-rhel7:latest Volumes:map[] VolumesFrom: WorkingDir: MacAddress: Entrypoint:[] NetworkDisabled:false SecurityOpts:[] OnBuild:[] Labels:map[]}

And if I use a custom assemble script, and put a “find /var/run/secrets” in it, all it finds is :

I0716 13:14:32.980088       1 sti.go:388] /var/run/secrets/
I0716 13:14:32.980110       1 sti.go:388] /var/run/secrets/rhsm
I0716 13:14:32.980125       1 sti.go:388] /var/run/secrets/rhsm/rhsm.conf
I0716 13:14:32.980136       1 sti.go:388] /var/run/secrets/rhsm/ca
I0716 13:14:32.980147       1 sti.go:388] /var/run/secrets/rhsm/ca/redhat-uep.pem
I0716 13:14:32.980158       1 sti.go:388] /var/run/secrets/rhsm/ca/candlepin-stage.pem
I0716 13:14:32.980169       1 sti.go:388] /var/run/secrets/rhel7.repo
I0716 13:14:32.980178       1 sti.go:388] /var/run/secrets/etc-pki-entitlement
I0716 13:14:32.980189       1 sti.go:388] /var/run/secrets/etc-pki-entitlement/1073318989259753575.pem
I0716 13:14:32.980200       1 sti.go:388] /var/run/secrets/etc-pki-entitlement/1073318989259753575-key.pem

So is it possible to retrieve secrets from inside a STI builder container (in the assemble script) ? Or should I use env vars / templates parameters ?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]