Home Explore Blog Models CI



docker
10th chunk of `content/manuals/engine/swarm/secrets.md`
d4987de15adf4e03861009eb285f4d2bb976ed63a32cf3aa0000000100000fc8
    ```console
    $ docker network create -d overlay mysql_private
    ```

3.  Create the MySQL service. The MySQL service has the following
    characteristics:

    - Because the scale is set to `1`, only a single MySQL task runs.
      Load-balancing MySQL is left as an exercise to the reader and involves
      more than just scaling the service.
    - Only reachable by other containers on the `mysql_private` network.
    - Uses the volume `mydata` to store the MySQL data, so that it persists
      across restarts to the `mysql` service.
    - The secrets are each mounted in a `tmpfs` filesystem at
      `/run/secrets/mysql_password` and `/run/secrets/mysql_root_password`.
      They are never exposed as environment variables, nor can they be committed
      to an image if the `docker commit` command is run. The `mysql_password`
      secret is the one used by the non-privileged WordPress container to
      connect to MySQL.
    - Sets the environment variables `MYSQL_PASSWORD_FILE` and
      `MYSQL_ROOT_PASSWORD_FILE` to point to the
      files `/run/secrets/mysql_password` and `/run/secrets/mysql_root_password`.
      The `mysql` image reads the password strings from those files when
      initializing the system database for the first time. Afterward, the
      passwords are stored in the MySQL system database itself.
    - Sets environment variables `MYSQL_USER` and `MYSQL_DATABASE`. A new
      database called `wordpress` is created when the container starts, and the
      `wordpress` user has full permissions for this database only. This
      user cannot create or drop databases or change the MySQL
      configuration.

      ```console
      $ docker service create \
           --name mysql \
           --replicas 1 \
           --network mysql_private \
           --mount type=volume,source=mydata,destination=/var/lib/mysql \
           --secret source=mysql_root_password,target=mysql_root_password \
           --secret source=mysql_password,target=mysql_password \
           -e MYSQL_ROOT_PASSWORD_FILE="/run/secrets/mysql_root_password" \
           -e MYSQL_PASSWORD_FILE="/run/secrets/mysql_password" \
           -e MYSQL_USER="wordpress" \
           -e MYSQL_DATABASE="wordpress" \
           mysql:latest
      ```

4.  Verify that the `mysql` container is running using the `docker service ls` command.

    ```console
    $ docker service ls

    ID            NAME   MODE        REPLICAS  IMAGE
    wvnh0siktqr3  mysql  replicated  1/1       mysql:latest
    ```

5.  Now that MySQL is set up, create a WordPress service that connects to the
    MySQL service. The WordPress service has the following characteristics:

    - Because the scale is set to `1`, only a single WordPress task runs.
      Load-balancing WordPress is left as an exercise to the reader, because of
      limitations with storing WordPress session data on the container
      filesystem.
    - Exposes WordPress on port 30000 of the host machine, so that you can access
      it from external hosts. You can expose port 80 instead if you do not have
      a web server running on port 80 of the host machine.
    - Connects to the `mysql_private` network so it can communicate with the
      `mysql` container, and also publishes port 80 to port 30000 on all swarm
      nodes.
    - Has access to the `mysql_password` secret, but specifies a different
      target file name within the container. The WordPress container uses
      the mount point `/run/secrets/wp_db_password`.
    - Sets the environment variable `WORDPRESS_DB_PASSWORD_FILE` to the file
      path where the secret is mounted. The WordPress service reads the
      MySQL password string from that file and add it to the `wp-config.php`
      configuration file.
    - Connects to the MySQL container using the username `wordpress` and the
      password in `/run/secrets/wp_db_password` and creates the `wordpress`
      database if it does not yet exist.
    - Stores its data, such as themes and plugins, in a volume called `wpdata`
Title: Creating MySQL and WordPress Services with Docker Secrets
Summary
This section details the creation of MySQL and WordPress services using Docker, focusing on configuration and secure secret management. It covers setting up a MySQL service with a single replica, connected to a private network, and utilizing Docker secrets for password management. Additionally, it explains how to create a WordPress service that connects to the MySQL service, exposing it on a specified port, and using the same Docker secret for database authentication. The section highlights the importance of using volumes for persistent data storage for both services.