I'm shocked I haven't been able to find this with googling but I was wondering how to setup a capistrano deploy where the environment variables store the important config variables (api keys, etc). I know how to access them in the code, I just can't get the environment variables setup.
I'm running Ubuntu 12.10 X64 Server and capistrano doesn't seem to be loading my .bashrc file.
Where can I put the environment variables so that they're loaded when any commands are run.
You can set environment variables by creating the ~/.ssh/environment file as follows:
PATH=/opt/bin:/usr/local/bin:/usr/bin:/bin
LANG=C
Note that you should set PermitUserEnvironment to yes in the /etc/ssh/sshd_config and restart the sshd daemon.
Related
I have recently started to use GitHub Packages to distribute our shared libraries internally and have retrospectively changed the Gradle build configuration to use credentials based on system environment variables, rather than hard-coded e.g.
repositories {
mavenLocal() // only use when testing -SNAPSHOT locally
mavenCentral() // third-parties
maven { // our-library
name = "MyLibrary"
url = "https://maven.pkg.github.com/MyCompany/mylibrary"
credentials {
username = project.findProperty("git_username") ?: System.getenv("git_username")
password = project.findProperty("git_token") ?: System.getenv("git_token")
}
}
}
Unfortunately no matter how many environment variables I changed, whether in ~/.zshrc or .zshenv or .bash_profile or /etc/launchd.conf the build was indicating that the credentials were prohibited, or more accurately were resolved as nul.
Each time I changed a config I also ran the appropriate source to ensure it was active, I even resorted to rebooting, just in case.
The environment variable would always show in the terminal confirming the environment variable was always set up correctly, e.g. echo $git_username or printenv yielded the environment variable and expected sensitive token.
After a lot of experimenting and with the help of a colleague we determined that launching NetBeans 15 from the dock wasn't helping, so instead we also added the following line to ~/.zshrc
alias netbeans="/Applications/NetBeans/Apache\ NetBeans\ 15.app/Contents/MacOS/netbeans &"
But now to launch NetBeans I can't use the dock icon, but manually launch the terminal and then type
netbeans
Here's the new lines added to ~/.zshrc
#
# RW - For GitHub Package access
#
export git_username=NotApplicableUsesToken
export git_token=redacted1
export git_publish_username=NotApplicableUsesToken
export git_publish_token=redacted2
#
# RW - So Netbeans launches and honours the environment variables above
#
alias netbeans="/Applications/NetBeans/Apache\ NetBeans\ 15.app/Contents/MacOS/netbeans &"
My question is, why didn't NetBeans when launched from the dock discover the environment variables? How should I configure NetBeans to pickup the environment variables without this workaround?
The Aqua GUI doesn't read any of the shell configuration files, e.g. .bash_profile, .bashrc, .login, .profile, .zprofile, or .zshrc. You were correct to start looking at launchd. Unfortunately /etc/launchd.conf is no longer supported and the file is not read.
Apple's Runtime Configuration Guidelines in the Environment Variables section states:
There are two ways to make environment variables available to an application. The first is to define the variables in a Terminal session and then launch the application from the same session. ...
The second way to associate environment variables with an application is to include the LSEnvironment key in the application’s information property list file. ...
Editing an application's plist doesn't seem like the best idea and your changes may be lost when the application is updated.
There is a third approach.
launchctl has setenv, unsetenv, and getenv sub-commands for managing environment variables. However the environment variables are not persisted across launchd instances.
It seems that a common approach is to create an agent job .plist in ~/Library/LaunchAgents that runs at user login to macOS that will execute launchctl setenv to set the environment variables that should be available to applications launched from the dock. There are discussions at "Set systemwide variable with /etc/launchd.conf does not work in 10.10" and "Environment variables for GUI apps" that point to resources for this approach. You may also want to see Creating Launch Daemons and Agents.
I haven't tested or tried this approach myself.
From this document, Prisma cli try to download binaries from prisma s3. But as my corporate firewall rules this download was blocked, Following this document,I must change source binary file location by using PRISMA_ENGINES_MIRROR variable.
to utilize this variable,I must set environment variables. my build environment is like ElasticBeanstalk,after git push, build will start. from now on,I couldn't configure env variables in build environment. so that I consider to configure and write PRISMA_ENGINES_MIRROR variable to .env files and push them.
Is it possible? and how can I utilize these variable by .env ?
If someone has opinion,please let me know.
Thanks
You can configure environment variables in Elastic BeanStalk by going to
Configuration > Software Configuration > Environment Properties
You can add PRISMA_ENGINES_MIRROR in Environment Properties and it will be picked up by .env
I have this script on an Ubuntu VM that uses an environment variable that is set in a script in /etc/profile.d/appsetup.sh.
The variable is used in my script, server-up.sh, to start my Java app:
export path=$KEYSTORE_PATH
java -jar -Dsecurity.keystore.path=$path [jarfile]
If I echo the variable, it works:
$ echo $KEYSTORE_PATH
/etc/ssl/certs
And if I run the script on my own (sudo sh server-up.sh) it runs and uses the environment variable just fine.
However, when the script is executed from Jenkins' "Execute Shell" step (on the same VM), it apparently can't access the environment variable, even though supposedly it's available system-wide.
I've tried setting the owner of server-up.sh to both root and jenkins and Jenkins runs it either way, but in neither case does it get the environment variables. In Jenkins, I also tried using the command sudo -E /[path]/server-up.sh but then the job fails and an error says sudo: sorry, you are not allowed to preserve the environment.
I've googled a dozen times for various things, but almost everything that comes up is people asking how to set environment variables in Jenkins, and I don't need to do that; I just want a script that Jenkins can execute have access to system environment variables.
What do I need to do to get this working?
Make a small change to allow the /etc/profile.d/appsetup.sh script to output the variable to a file, where the Jenkins job can access this variable to create an environment variable available for your job to run successfully.
I don't think the context and needs are explained sufficiently well to properly answer the question with a here's how you do it.
On a server, jenkins.war launches from a shell (or a root shell which invokes a shell script with commands which launches jenkins), which has an environment and to which you can set and pass parameters. Those exist in the context of the jenkins.war process. If you run from a daemon (initd / systemd) you get a non-in=teractive shell, which is set differently to your normal shell.
Your Jenkins will typically have Nodes launching agents on remote servers. Those are typically launched via a non-interactive shell (so no user .profile settings).
Then the jobs themselves run on one of the agents where the executor launches a shell for the job execution. Sub-shells may be launched for specific steps.
The two context you mention sudo sh server-up.sh and Jenkins' "Execute Shell" step (on the same VM), even on the same VM do not inherit the same environment as the Node is launched on it's own process using a non-interactive shell and is not aware of anything in your server-up.sh script; it (generally) just gets the /etc/profile.
You have options. You can set Global variables within Jenkins: ${JENKINS_URL}/configure
Global Properties
[ X ] Environment variables
[ X ] Prepare jobs environment (requires Env Inject plugin)
The same options also exist at the Node level
You can install the slaves-setup plugin, which allows you some customization when launching agents (aka slaves).
You can install the Environment Injector plugin, which adds the previously mentioned Prepare jobs environment feature.
It also adds jobs specific configuration options for:
[ X ] Prepare an environment for the run
Plus under the Build Environment section,
[ X ] Inject environment variables to the build process
and
[ X ] Inject passwords to the build as environment variables
Those are encrypted, and I believe are masked
Finally, you can add a build step to Inject environment variables, useful if you need to have different values for different steps.
BUT it's certs in a keystore!
Given that you also mention what you are trying to make available is $KEYSTORE_PATH=/etc/ssl/certs, I wonder if you've explored using the Credentials plugin? Is supports a wide variety of credential types, including:
Password
Username and password
SSH private key
Public Certificate and private key
Binary blob data
That OAuth thingy
The obvious benefit to using this approach vs cooking your own is it's been designed to work securely with Jenkins so your secrets don't get inadvertently exposed. Aside from the extensive documentation on the plugin site, there's more in the book on Using credentials, using them in a pipeline which also mentions the Snippet generator will stub it for you, and on the Cloudbees site - Injecting secrets into builds. You can probably find plenty of help here in S/O and DevOps.
You may also wish to explore the newly introduced Git credentials binding for sh, bat, and powershell, though not sure that's applicable in your case.
I'm running Tomcat through IntelliJ.
My app property file has properties that are filled up by an ENV variable (such as credentials)
DB_PASSWORD=${DB_PASSWORD}
I don't store my credentials on git and these credentials are fetch at run time from a vault.
So manually hardcoding these credentials in IntelliJ somewhere is a no go.
Is there a way to pass ENV vars to IntelliJ?
Or have IntelliJ load a var file prior starting tomcat ?
Or have IntelliJ read the ENV vars of the host (OSX shell in this case)?
Run -> Edit configurations -> Environment variables
If you're running Bash, export your environment variables in ~/.bash_profile:
export DB_PASSWORD=*password_here*
Intellij by default runs Bash in non-interactive mode, so it doesn't load ~/.bashrc.
I'm having some issues with SECRET_KEY_BASE setting on our production Ubuntu server with Unicorn and nginx. I added the variable to .bashrc and its reading fine when I try echo $SECRET_KEY_BASE, but for some reason I'm getting the following error:
app error: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml` (RuntimeError)
Also, when I try to access the variable with ENV["SECRET_KEY_BASE"] from within the console in production environment, I can read it fine.
I tried restarting Unicorn and server and it doesn't help. Any idea why this is happening?
You may need to add the variables to the unicorn.conf file, since it seems you are launching Unicorn with a different user or without sourcing your .bashrc.
In any case, I suggest you use dotenv gem to store your env variables in a .env file within your project. That is the cleanest way I know. If you need to have capistrano integration and handle all the different environments with ease, you can also use dotenv-deployment gem.