New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to use multiple docker database containers
Hi,
im using multiple containers and some of them need a database.
How can i configure multiple databases for different containers?
Lets say i have the following .yaml file and i want to set up 2 instances of passbolt and each instance should have their own database container:
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://passbolt.local
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"db:3306",
"--",
"/docker-entrypoint.sh",
]
ports:
- 80:80
- 443:443
#Alternatively for non-root images:
# - 80:8080
# - 443:4433
volumes:
database_volume:
gpg_volume:
jwt_volume:
How should the .yaml file look like?
There is no setting to change the port for the db (mariadb)
I have tried several trial and error attempts but nothing works and im trying to understand how to configure, so it would be easier for me in the future.
Comments
Change port...
"db:3306",
Probally in mysql there is a method to provide it...
use single mariadb instance and different database names/credentials in passbolt
DATASOURCES_DEFAULT_DATABASE Database name
The server would be beefy enough to run multiple instances of MariaDB. I'm planning to add more containers to this server and some of the containers need a database (MariaDB, MySQL, ...). Would you use one container for all containers, or one database container for every container? I thought if I configure something wrong, then it would be better to lose only one database instead of all of them.
I have already a MySQL and a Postgres database container running because some containers needs them.
Adding the
ports:
- "3307:3307"
If I add this setting it would expose the database to the public. I'm not sure how to change the port of the MariaDB container without exposing it to the public.
You can run db in its own container and share it across several apps in different containers.
That’s what I’d suggest. You can always create a docker network and attach the appropriate containers to it (including the DB container) and then you don’t have to expose ports to public.
How? I'm a beginner and trying to understand and to learn
Here what I recommend. Don't use port in docker compose or CLI, this is for exposing the port! If the DB should only been seen by docker containers in the correct network than create a network for the db and attach all containers who need access to the DB to the DB network.
https://docs.docker.com/compose/how-tos/networking/#specify-custom-networks
If your using UFW read up and install https://github.com/chaifeng/ufw-docker or else UFW isn't really protecting the docker containers with exposed ports.
You can tell other container apps to connect to other containers with container name or container id and port if needed. Ex - could be mine docker:25565
If the app doesn't support a name and has to be an IP than you will need the ip the container has in the network. However this isn't static if you didn't assign it and will change at some point.
https://www.baeldung.com/ops/docker-assign-static-ip-container#2-assign-a-static-ip-via-docker-compose
https://stackoverflow.com/questions/39493490/provide-static-ip-to-docker-containers-via-docker-compose
If you create more containers you don't need to edit the current docker compose. Simply create a new docker compose and in networks follow the docker compose docs for eternal networks.
I'm using portainer, do you know how to set the assigned ip for a container to a static one? Is there a docker command to set the ip to static? After reading some websites I think this is done by adding a new network?
How to add the "external: true" option to an existing container?
Hello! Apologies as I’m not familiar using portainer. Probably should get familiar but I mostly just use compose and the command line. I found this tutorial helpful recently when needing to network a few containers together: https://www.tutorialworks.com/container-networking/
Maybe it will help?
Create a Mariadb Docker Compose, cd to a working directory and create docker-compose.yml.
`services:
mariadb:
image: mariadb:11.4
hostname: mariadb
volumes:
- ./mariadb-data:/var/lib/mysql
environment:
- TZ=Europe/Budapest
- MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1
networks:
default:
name: mariadb`
Issue:
docker compose up -dIt is a mariadb with an own network. You can attach other services to it to access them. However in the first step create the database first user and db
docker compose exec mariadb mariadb -u rootAnd
ALTER USER 'root'@'localhost' IDENTIFIED BY 'passw0rd';.With this you protected the root user because I set it to default no password. I use this behaviour and set it on the first run because I use Ansible to provision my services and I'd like to avoid use sensitive data in config and env files.
Continue creating a DB user and a DB
Create a new working dir for passbolt and docker-compose.yml
docker compose up -dHowever I don't think that this will work, because no certs given to use HTTPS and if you do not run it on your local machine, you will not use localhost.
To connect a container to a existing network use
docker network connect NETWORK CONTAINERYou can use
docker network inspect NETWORKto see all running containers using that network and get the local IP.You don't need to add
externalto the docker-file that the network was created in, only in the ones that it wasn't created in!Remember any changes to the docker-file you need to use
docker compose up -d --buildfor the changes to apply.I don't use portainer so
🤷and also if whatever app that needs the DB can use names instead of IPs, I would use that over an ip.To create a network and assign IPs you need to find a free subnet. Here an example I used when helping people out with playit. (You could also just let the network create and than see what subnet was assigned and just use that.)
Creating the playit service and network.
Creating the minecraft server in another container
One compose is one project.
A MySQL docker container can run several DBs only if they’re all needed for that one project.
Gotta stay organized.
In my opinion you should use a database for each container. It simply has advantages for updating, restoring and stuff. It's a lot easier.
I think thats what I was searching. Empty root password and a dedicated network for the database container. Will try it at home. I just need to watch out cause some predefined compose.yaml files recreating the database with a new root password. So I need to add it to this compose.yaml files and delete any new root password. Am I right? Anything more to watch out?
with
Even with the container being remade the DB will stay intact. Unless the container settings are changing things for some reason. You could always create your own DOCKERFILE as well.
For example I use this DOCKERFILE to create nginx and only allow CF into it.
Now it's ran like
```
First database container:
volumes:
- database1_volume:/var/lib/mysql
networks:
mariadb:
external: true
second container:
volumes:
- database2_volume2:/var/lib/mysql
networks:
mariadb:
external: true
and so on
is that correct?
If you're creating multiple DB servers than yes.
Just make sure to add at the bottom as well, like in your compose you had.
You can simply create a second 'passbolt2' database here and then
DATASOURCES_DEFAULT_DATABASE: "passbolt2"
on your second passbolt instance.
And run two databases on a single database server.
Root password created only once on a database, when it is recreating it caused by that the database directory volume is not persitent.
So you can use root password setting from the docker-compose file if you prefer it.
I use the empty root PW and set it on first run as I use Ansible to provision my services. I needed a simple solution that allows me to set the root PW from Ansible, without storing it in ENV vars or use Docker secrets as I needed this to set only once and after that I only need this PW on playbooks where I modify the database (create new user, create new DB, bind them).