Please consider reading the RABBITMQ_ERLANG_COOKIE also from files.

[janpaulus]

If we could tell the container something like this “-e ‘RABBITMQ_ERLANG_COOKIE_FILE=/run/secrets/rabbitmq_erlang_cookie’” we could use docker secrets for the erlang cookie.

[tianon]

Great idea! (#280)

[janpaulus]

Thanks for the answer.
When I at the erlang cookie like this to my docker stack file:
secrets:
- source: rabbitmq_erlang_cookie
target: /var/lib/rabbitmq/.erlang.cookie
uid: "999"
gid: "999"
mode: 0600

I always get the Error:
chown: changing ownership of '/var/lib/rabbitmq/.erlang.cookie': Read-only file system

In the docker compose doc (https://docs.docker.com/compose/compose-file/#long-syntax-2) I found this sentence: "Secrets cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored."

[tianon]

Try also adding user: 999:999 to the service (which will skip the chown).

@yosifkit looks like this is another good candidate for your find ... chown ... one-liner 😅

[janpaulus]

When I add user: 999:999 it works. Thanks a lot. You can close the ticket if you like.

[yosifkit]

Once #281 gets in the image, you won't have to use user: 999:999, but it is safe either way.