Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documented environment variables used in Tink Server/CLI/Worker: #545

Merged
merged 3 commits into from
Oct 19, 2021
Merged

Documented environment variables used in Tink Server/CLI/Worker: #545

merged 3 commits into from
Oct 19, 2021

Conversation

jacobweinstock
Copy link
Member

Description

Hoping this is will help with the development and operation of Tink Server/CLI/Worker.

Why is this needed

Fixes: #417

How Has This Been Tested?

How are existing users impacted? What migration steps/scripts do we need?

Checklist:

I have:

  • updated the documentation and/or roadmap (if required)
  • added unit or e2e tests
  • provided instructions on how to upgrade

@jacobweinstock jacobweinstock added kind/documentation Categorizes issue or PR as related to documentation. priority/backlog Higher priority than priority/awaiting-more-evidence. labels Oct 1, 2021
@codecov
Copy link

codecov bot commented Oct 1, 2021
edited
Loading

Codecov Report

Merging #545 (6419e93) into main (96fd7ce) will not change coverage.
The diff coverage is n/a.

❗ Current head 6419e93 differs from pull request most recent head 603179c. Consider uploading reports for the commit 603179c to get more accurate results
Impacted file tree graph

@@           Coverage Diff           @@
##             main     #545   +/-   ##
=======================================
  Coverage   34.76%   34.76%           
=======================================
  Files          44       44           
  Lines        3348     3348           
=======================================
  Hits         1164     1164           
  Misses       2085     2085           
  Partials       99       99

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 96fd7ce...603179c. Read the comment docs.

mmlb
mmlb reviewed Oct 4, 2021
View reviewed changes
Copy link
Contributor

@mmlb mmlb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd love to see the list sorted but I see why its the way it is here. Its very weird to see all the similarly named env vars, I think it would be good to have one as the "most used/main" var and the other one refers to it with context. Like:

PGDATABASE: name of postgres database to connect to
POSTGRES_DATABASE: like PGDATABASE, should be same value, used by $thing.

... actually where is this used? I can't see it in grep.

docs/ENVVARS.md Outdated
| ---------------------------------------------------------------------------------------------- | ------ | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
| `TINK_AUTH_USERNAME=tink` | string | server | username to use for basic auth to http endpoints |
| `TINK_AUTH_PASSWORD=tink` | string | server | password to use for basic auth to http endpoints |
| `TINKERBELL_CERT_URL=http://127.0.0.1:42114/cert` | string | cli/worker | string url from which to get a TLS certificate |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should Type say string/url and avoid saying so in Description? Also TLS certificate for what? Its probably a good idea to be explicit since tls connections usually just work and don't need this kind of feeding into a binary.

docs/ENVVARS.md Outdated
Comment on lines 10 to 11
| `TINKERBELL_CERTS_DIR=/certs` | string | server | a directory which contains the `bundle.pem` and `server-key.pem` files |
| `CERTS_DIR=/certs` | string | server | a directory which contains the `bundle.pem` and `server-key.pem` files |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these used for the same things? should we call out what its for?

docs/ENVVARS.md Outdated
| `TINKERBELL_TLS_CERT="-----BEGIN RSA PRIVATE KEY-----\n....\n-----END RSA PRIVATE KEY-----\n"` | string | server | a TLS certificate for use with Tink server |
| `TLS_CERT="-----BEGIN RSA PRIVATE KEY-----\n....\n-----END RSA PRIVATE KEY-----\n"` | string | server | a TLS certificate for use with Tink server |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

@jacobweinstock
Copy link
Member Author

I'd love to see the list sorted but I see why its the way it is here. Its very weird to see all the similarly named env vars, I think it would be good to have one as the "most used/main" var and the other one refers to it with context. Like:

PGDATABASE: name of postgres database to connect to POSTGRES_DATABASE: like PGDATABASE, should be same value, used by $thing.

... actually where is this used? I can't see it in grep.

The cobra/viper library use is set up in such a way that all CLI flags are able to be set via environment variables. So the CLI flag postgres-password can be set via the env variable of POSTGRES_PASSWORD. This func is where most, if not all, of that is set up.

@mmlb
Copy link
Contributor

mmlb commented Oct 4, 2021

Oh one more thing @jacobweinstock, worth linking somehow from README or CONTRIBUTING docs.

@jacobweinstock jacobweinstock force-pushed the document-env-vars branch 2 times, most recently from 8854507 to 145ba8c Compare October 4, 2021 20:44
@mmlb
Copy link
Contributor

mmlb commented Oct 4, 2021

I'd love to see the list sorted but I see why its the way it is here. Its very weird to see all the similarly named env vars, I think it would be good to have one as the "most used/main" var and the other one refers to it with context. Like:
PGDATABASE: name of postgres database to connect to POSTGRES_DATABASE: like PGDATABASE, should be same value, used by $thing.
... actually where is this used? I can't see it in grep.

The cobra/viper library use is set up in such a way that all CLI flags are able to be set via environment variables. So the CLI flag postgres-password can be set via the env variable of POSTGRES_PASSWORD. This func is where most, if not all, of that is set up.

Ahh, is it worth mentioning which ones are old deprecated (looking at

tink/cmd/tink-server/main.go

Lines 57 to 96 in 5923ca9

func (c *DaemonConfig) PopulateFromLegacyEnvVar() {
if f := os.Getenv("FACILITY"); f != "" {
c.Facility = f
}
if pgdb := os.Getenv("PGDATABASE"); pgdb != "" {
c.PGDatabase = pgdb
}
if pguser := os.Getenv("PGUSER"); pguser != "" {
c.PGUSer = pguser
}
if pgpass := os.Getenv("PGPASSWORD"); pgpass != "" {
c.PGPassword = pgpass
}
if pgssl := os.Getenv("PGSSLMODE"); pgssl != "" {
c.PGSSLMode = pgssl
}
if onlyMigration, isSet := os.LookupEnv("ONLY_MIGRATION"); isSet {
if b, err := strconv.ParseBool(onlyMigration); err != nil {
c.OnlyMigration = b
}
}
if tlsCert := os.Getenv("TINKERBELL_TLS_CERT"); tlsCert != "" {
c.TLSCert = tlsCert
}
if certDir := os.Getenv("TINKERBELL_CERTS_DIR"); certDir != "" {
c.CertDir = certDir
}
if grpcAuthority := os.Getenv("TINKERBELL_GRPC_AUTHORITY"); grpcAuthority != "" {
c.GRPCAuthority = grpcAuthority
}
if httpAuthority := os.Getenv("TINKERBELL_HTTP_AUTHORITY"); httpAuthority != "" {
c.HTTPAuthority = httpAuthority
}
if basicAuthUser := os.Getenv("TINK_AUTH_USERNAME"); basicAuthUser != "" {
c.HTTPBasicAuthUsername = basicAuthUser
}
if basicAuthPass := os.Getenv("TINK_AUTH_PASSWORD"); basicAuthPass != "" {
c.HTTPBasicAuthPassword = basicAuthPass
}
}
).

@jacobweinstock
Copy link
Member Author

I'd love to see the list sorted but I see why its the way it is here. Its very weird to see all the similarly named env vars, I think it would be good to have one as the "most used/main" var and the other one refers to it with context. Like:
PGDATABASE: name of postgres database to connect to POSTGRES_DATABASE: like PGDATABASE, should be same value, used by $thing.
... actually where is this used? I can't see it in grep.

The cobra/viper library use is set up in such a way that all CLI flags are able to be set via environment variables. So the CLI flag postgres-password can be set via the env variable of POSTGRES_PASSWORD. This func is where most, if not all, of that is set up.

Ahh, is it worth mentioning which ones are old deprecated (looking at

tink/cmd/tink-server/main.go

Lines 57 to 96 in 5923ca9

func (c *DaemonConfig) PopulateFromLegacyEnvVar() {
if f := os.Getenv("FACILITY"); f != "" {
c.Facility = f
}
if pgdb := os.Getenv("PGDATABASE"); pgdb != "" {
c.PGDatabase = pgdb
}
if pguser := os.Getenv("PGUSER"); pguser != "" {
c.PGUSer = pguser
}
if pgpass := os.Getenv("PGPASSWORD"); pgpass != "" {
c.PGPassword = pgpass
}
if pgssl := os.Getenv("PGSSLMODE"); pgssl != "" {
c.PGSSLMode = pgssl
}
if onlyMigration, isSet := os.LookupEnv("ONLY_MIGRATION"); isSet {
if b, err := strconv.ParseBool(onlyMigration); err != nil {
c.OnlyMigration = b
}
}
if tlsCert := os.Getenv("TINKERBELL_TLS_CERT"); tlsCert != "" {
c.TLSCert = tlsCert
}
if certDir := os.Getenv("TINKERBELL_CERTS_DIR"); certDir != "" {
c.CertDir = certDir
}
if grpcAuthority := os.Getenv("TINKERBELL_GRPC_AUTHORITY"); grpcAuthority != "" {
c.GRPCAuthority = grpcAuthority
}
if httpAuthority := os.Getenv("TINKERBELL_HTTP_AUTHORITY"); httpAuthority != "" {
c.HTTPAuthority = httpAuthority
}
if basicAuthUser := os.Getenv("TINK_AUTH_USERNAME"); basicAuthUser != "" {
c.HTTPBasicAuthUsername = basicAuthUser
}
if basicAuthPass := os.Getenv("TINK_AUTH_PASSWORD"); basicAuthPass != "" {
c.HTTPBasicAuthPassword = basicAuthPass
}
}

).

are you saying that all the variables in PopulateFromLegacyEnvVar are deprecated?

@jacobweinstock jacobweinstock force-pushed the document-env-vars branch 2 times, most recently from a9d8817 to 600a5c0 Compare October 4, 2021 21:27
@jacobweinstock
Copy link
Member Author

Oh one more thing @jacobweinstock, worth linking somehow from README or CONTRIBUTING docs.

done

@jacobweinstock jacobweinstock requested a review from mmlb October 5, 2021 16:06
@mmlb
Copy link
Contributor

mmlb commented Oct 5, 2021

I'd love to see the list sorted but I see why its the way it is here. Its very weird to see all the similarly named env vars, I think it would be good to have one as the "most used/main" var and the other one refers to it with context. Like:
PGDATABASE: name of postgres database to connect to POSTGRES_DATABASE: like PGDATABASE, should be same value, used by $thing.
... actually where is this used? I can't see it in grep.

The cobra/viper library use is set up in such a way that all CLI flags are able to be set via environment variables. So the CLI flag postgres-password can be set via the env variable of POSTGRES_PASSWORD. This func is where most, if not all, of that is set up.

Ahh, is it worth mentioning which ones are old deprecated (looking at

tink/cmd/tink-server/main.go

Lines 57 to 96 in 5923ca9

func (c *DaemonConfig) PopulateFromLegacyEnvVar() {
if f := os.Getenv("FACILITY"); f != "" {
c.Facility = f
}
if pgdb := os.Getenv("PGDATABASE"); pgdb != "" {
c.PGDatabase = pgdb
}
if pguser := os.Getenv("PGUSER"); pguser != "" {
c.PGUSer = pguser
}
if pgpass := os.Getenv("PGPASSWORD"); pgpass != "" {
c.PGPassword = pgpass
}
if pgssl := os.Getenv("PGSSLMODE"); pgssl != "" {
c.PGSSLMode = pgssl
}
if onlyMigration, isSet := os.LookupEnv("ONLY_MIGRATION"); isSet {
if b, err := strconv.ParseBool(onlyMigration); err != nil {
c.OnlyMigration = b
}
}
if tlsCert := os.Getenv("TINKERBELL_TLS_CERT"); tlsCert != "" {
c.TLSCert = tlsCert
}
if certDir := os.Getenv("TINKERBELL_CERTS_DIR"); certDir != "" {
c.CertDir = certDir
}
if grpcAuthority := os.Getenv("TINKERBELL_GRPC_AUTHORITY"); grpcAuthority != "" {
c.GRPCAuthority = grpcAuthority
}
if httpAuthority := os.Getenv("TINKERBELL_HTTP_AUTHORITY"); httpAuthority != "" {
c.HTTPAuthority = httpAuthority
}
if basicAuthUser := os.Getenv("TINK_AUTH_USERNAME"); basicAuthUser != "" {
c.HTTPBasicAuthUsername = basicAuthUser
}
if basicAuthPass := os.Getenv("TINK_AUTH_PASSWORD"); basicAuthPass != "" {
c.HTTPBasicAuthPassword = basicAuthPass
}
}

).

are you saying that all the variables in PopulateFromLegacyEnvVar are deprecated?

Yep, most of these I can find as viper/cli args:

git grep -E '(postgres-(database|user|password|sslmode)|only-migration|tls-cert|certs-dir|(grpc|http)-authority|auth-(username|password))'
client/main.go: flagSet.StringVar(&o.GRPCAuthority, "tinkerbell-grpc-authority", "127.0.0.1:42113", "Link to tink-server grcp api")
cmd/tink-server/main.go:        fs.StringVar(&c.PGDatabase, "postgres-database", "tinkerbell", "The Postgres database name")
cmd/tink-server/main.go:        fs.StringVar(&c.PGUSer, "postgres-user", "tinkerbell", "The Postgres database username")
cmd/tink-server/main.go:        fs.StringVar(&c.PGPassword, "postgres-password", "tinkerbell", "The Postgres database password")
cmd/tink-server/main.go:        fs.StringVar(&c.PGSSLMode, "postgres-sslmode", "disable", "Enable or disable SSL mode in postgres")
cmd/tink-server/main.go:        fs.BoolVar(&c.OnlyMigration, "only-migration", false, "When enabled the server applies the migration to postgres database and it exits")
cmd/tink-server/main.go:        fs.StringVar(&c.GRPCAuthority, "grpc-authority", ":42113", "The address used to expose the gRPC server")
cmd/tink-server/main.go:        fs.StringVar(&c.TLSCert, "tls-cert", "", "")
cmd/tink-server/main.go:        fs.StringVar(&c.HTTPAuthority, "http-authority", ":42114", "The address used to expose the HTTP server")

The only ones I can't find are TINK_AUTH_USERNAME/PASSWORD...

@jacobweinstock jacobweinstock force-pushed the document-env-vars branch 3 times, most recently from a7a22f6 to 86105e8 Compare October 6, 2021 02:31
@jacobweinstock
Documented environment variables used in Tink Server/CLI/Worker:
18d1fab 
Hoping this is will help with the development and operation of
Tink Server/CLI/Worker.

Signed-off-by: Jacob Weinstock <[email protected]>
@nshalman nshalman mentioned this pull request Oct 19, 2021
Closed
@tstromberg tstromberg reopened this Oct 19, 2021
@tstromberg
Copy link
Contributor

IMHO, This doc is better than nothing. Let's merge it and iterate forward.

@tstromberg tstromberg merged commit 948f687 into tinkerbell:main Oct 19, 2021
@displague displague added this to the 0.7.0 milestone Aug 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tstromberg tstromberg tstromberg approved these changes

@mmlb mmlb Awaiting requested review from mmlb

Assignees
No one assigned
Labels
kind/documentation Categorizes issue or PR as related to documentation. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
0.7.0
Development

Successfully merging this pull request may close these issues.

Update new contributor experience
4 participants
@jacobweinstock @mmlb @tstromberg @displague