Help:Toolforge/Envvars
Toolforge tools can configure envvars (environment variables) that will be available for your application when running (both webservices and jobs running in Kubernetes are supported, built with the newer build service or using one of the provided images).
The service is suitable for storing both configuration and secrets for your application, allowing workflows like having different config and secrets in your development/ci/production environments without changing a line of code. The envvar values are only available to the tool’s code and maintainers (though the names are publicly visible, e.g. in k8s-status).
Roadmap
Features that are already available
- Create/update, delete and list environment variables.
- Automatically inject environment variables to your application on startup (if you add or modify them, you'll have to restart your application).
- Some system envvars are there (replicas user, replicas password, toolsdb user, toolsdb password, ...), all starting with
TOOL_
, see the config for details.
Planned features that are not available yet
- Create a ticket with a feature request if you have any suggestions
Quickstart
Prerequisites
If you don't have a tool account yet, you need to create or join one. Detailed instructions are available at Help:Toolforge/Quickstart.
You should have a webservice or job running or ready to run. See Help:Toolforge/Build Service on how to build and start a webservice or job. Non-buildpack based webservices and jobs are also supported, for those see Help:Toolforge/Quickstart#Host your first tool on a tool account.
Creating a new environment variable
Once you have setup your toolforge account, you can ssh to the bastion and become your tool (using wm-lol
tool as an example):
$ ssh myuser@login.toolforge.org
myuser@tools-sgebastion-10:~$ become wm-lol
tools.wm-lol@tools-sgebastion-10:~$
Now you can run toolforge envvars --help
to see the available commands and syntax for each:
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars --help
Usage: toolforge-envvars [OPTIONS] COMMAND [ARGS]...
Toolforge command line
Options:
-v, --verbose Show extra verbose output. NOTE: Do no rely on the format of
the verbose output
-d, --debug show logs to debug the toolforge-envvars-* packages. For
extra verbose output for say build or job, see --verbose
--version Show the version and exit.
--help Show this message and exit.
Commands:
create Create/update an envvar.
delete Delete an envvar.
list List all your envvars.
For example, we can create a new environment variable (note that the name for the envvar has to be all caps, and has the same restriction as a sh/bash environment variables, and can't overwrite the system TOOL_*
variables).
There's many ways you can do it:
tools.wm-lol@tools-sgebastion-10:~$ echo "from stdin" | toolforge envvars create TEST
name value
TEST from stdin
tools.wm-lol@tools-sgebastion-10:~$ echo "from file" > envvar_file
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars create TEST <envvar_file
name value
TEST from file
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars create TEST "from argument"
name value
TEST from argument
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars create TEST
Enter the value of your envvar (prompt is hidden, hit Ctrl+C to abort):
name value
TEST from prompt
Now we have to start or restart the running webservice so it picks up the new environment variable (this example restarts a running buildservice based webservice):
tools.wm-lol@tools-sgebastion-10:~$ toolforge webservice buildservice restart
That's all! That environment variable is now available for the web service. :)
Updating an environment variable
Imagine that our api key has changed, and now we want to update it.
The process is exactly the same, the create
command will update the variable if it already exists:
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars list
name value
API_KEY my_api_key1
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars create API_KEY "my_api_key2"
name value
API_KEY my_api_key2
Remember to restart your running webservices/jobs if you want the new value to be picked up!
tools.wm-lol@tools-sgebastion-10:~$ toolforge webservice buildservice restart
Common problems and solutions
Please add to this section any issues you encountered and how you solved them.
How to add the contents of a file to an enviroment variable?
Though it's not recommended, sometimes there are some files that you will want to put in an environment variable (ex. secret certificate keys). Use shell input redirection to feed the file's contents to the standard input of the toolforge envvars create
command:
tools.wm-lol@tools-sgebastion-10:~$ toolforge envvars create MY_CERT_KEY <secret.key
History
Below are some historical discussions that led to its current design and implementation.
Communication and support
Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:
- Chat in real time in the IRC channel #wikimedia-cloud connect or the bridged Telegram group
- Discuss via email after you have subscribed to the cloud@ mailing list
- Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
- Read the News wiki page
Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself
Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)