Environment variable passed through -e flag in docker container not accessible in entrypoint script

arpitjain305 · May 23, 2018, 4:20pm

I am trying to run a docker container via the docker run command. I am specifying an environment variable via the -e flag. The strange thing is that I am able to read that environment variable if I exec /bin/bash into the container, but not in the entrypoint script as defined in the Dockerfile.

My docker container has debian:9 as the base and the entrypoint script is a simple bash script that logs some data along with the environment variable.

Dockerfile:
FROM debian:9
RUN apt-get update && apt-get install -y curl sudo supervisor wget
ADD starter-service.sh .
RUN chmod 755 starter-service.sh
ENTRYPOINT ["sudo", "/bin/bash", "-c", "./starter-service.sh"]

starter-service:
#! /bin/bash
license=$LICENSE_KEY
if [ "$license" == "" ]
then
echo "No License Key: "$LICENSE_KEY" arg:"$arg > /tmp/my-service.log
printenv >> /tmp/my-service.log
fi
sleep 1000s

The environment variable in question is LICENSE_KEY. Docker run command:
docker run -e LICENSE_KEY=123 <docker image>

The environment variable is not visible in the starter-service script.

p.s: also posted on stackoverflow (https://stackoverflow.com/questions/50490402/environment-variable-passed-through-e-flag-in-docker-container-not-accessible-i)

rajchaudhuri · May 23, 2018, 5:18pm

Your ENTRYPOINT has sudo, which sanitizes environment variables. You don’t need sudo anyway.

Change the ENTRYPOINT to this:

ENTRYPOINT [ "/starter-service.sh"]

dmaze · May 24, 2018, 1:12am

[quote=“arpitjain305, post:1, topic:51307, full:true”]

#! /bin/bash
license=$LICENSE_KEY
if [ "$license" == "" ]
then
  echo "No License Key: "$LICENSE_KEY" arg:"$arg > /tmp/my-service.log
  printenv >> /tmp/my-service.log
fi
sleep 1000s

You usually want your entrypoint script to end with something like

exec "$@"

so that it will run whatever was passed on the command line, or in the CMD of the Dockerfile. As you’ve written it right now your container won’t do anything; it will just sit there for 16 minutes and then exit. Logging an error into a file inside the container space won’t really help you either.

I’d write this script something like:

#!/bin/sh
if [ -z "$LICENSE_KEY" ]; then
  cat >&2 <<EOF
A LICENSE_KEY is required to run this container.
You can put more error message here.
EOF
  exit 1
fi
exec "$@"

Then if you

docker run ... myimage

without the -e LICENSE_KEY=... option, you’ll see the error message and the container will immediately exit, without starting the main service.