Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request: support use of docker secret for pihole password #91

Open
jeremyhayes opened this issue Aug 15, 2021 · 2 comments
Open

request: support use of docker secret for pihole password #91

jeremyhayes opened this issue Aug 15, 2021 · 2 comments

Comments

@jeremyhayes
Copy link

jeremyhayes commented Aug 15, 2021
edited

Feature request to support reading pihole password and/or api key from docker secrets.

The "standard" way would be to support a PIHOLE_PASSWORD_FILE env var, and read the file contents into the configuration, falling back to the existing variable.

For reference, here is the PR which added this support to pihole itself:

Steps for Reproduction

  1. Setup the following docker-compose
version: '3.8'

services:

  pihole:
    image: pihole/pihole:v5.8.1
    environment:
      # pihole supports reading password from a mounted secret
      - WEBPASSWORD_FILE=/run/secrets/pihole-password
    secrets:
      - pihole-password
    # other pihole configuration, ports etc

  pihole-exporter:
    image: ekofr/pihole-exporter:v0.0.11
    environment:
      - PIHOLE_HOSTNAME=pihole
      - PIHOLE_PASSWORD_FILE=/run/secrets/pihole-password
    secrets:
      - pihole-password

secrets:
  pihole-password:
    external: true
  1. Create the docker secret
$ echo "hunter2" | docker secret create pihole-password
  1. Deploy the stack
$ docker stack deploy -c docker-compose.yml test

Expected behavior:
pihole-exporter would read the contents of /run/secrets/pihole-password as the password

Actual behavior:
PIHOLE_PASSWORD_FILE is ignored; exporter returns only the "unauthenticated" metrics.

Platforms:
Docker swarm cluster.

Versions:
ekofr/pihole-exporter:v0.0.11
@jeremyhayes jeremyhayes mentioned this issue Aug 15, 2021
Merged
@moritzj29
Copy link

would love to see this implemented!

@lebenitza
Copy link

Thanks to you @jeremyhayes and to pi-hole/docker-pi-hole#584 it was easy to find a quick workaround to this:

FROM ekofr/pihole-exporter:v0.4.0 as source

FROM alpine:3.17

RUN apk update --no-cache && apk add bash

COPY --from=source /root/pihole-exporter /root/pihole-exporter
COPY start.sh /root/start.sh

CMD /root/start.sh
#!/bin/bash

# See: https://github.com/pi-hole/docker-pi-hole/pull/584
load_password_secret() {
   # If PIHOLE_PASSWORD is not set at all, attempt to read password from PIHOLE_PASSWORD_FILE,
   # allowing secrets to be passed via docker secrets
   if [ -z "${PIHOLE_PASSWORD+x}" ] && [ -n "${PIHOLE_PASSWORD_FILE}" ] && [ -r "${PIHOLE_PASSWORD_FILE}" ]; then
     export PIHOLE_PASSWORD=$(<"${PIHOLE_PASSWORD_FILE}")
   fi;
}

load_password_secret

exec /root/pihole-exporter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeremyhayes @lebenitza @moritzj29