Hello Milosz,
Thanks for replying.
I have a single node setup, so worker and server is same. I updated /etc/lava-server/env.yaml file with GIT_TOKEN value like below. But I get error Invalid yaml when I execute job:
root@debian:~# cat /etc/lava-server/env.yaml
# Configure the environment that will be used within the server and the dispatcher.
# If set to true, all variables inherited by the process will be dropped.
# The process environment is then fully controlled but you should then list all
# variables that your process needs.
purge: true
# List the variables that will be removed from the inherited environment.
# If purge is 'true', this list is useless.
# default: empty list
#removes:
#- HTTP_PROXY
#- HTTPS_PROXY
#- FTP_PROXY
#- NO_PROXY
# A dictionary of (key, value) that will be added to the inherited environment.
# If a key does not already exist in the inherited environment, it's added.
# default: an empty dictionary
overrides:
LC_ALL: C.UTF-8
LANG: C
# http_proxy: http://lava-lab-proxy
# https_proxy: http://lava-lab-proxy
# ftp_proxy: http://lava-lab-proxy
PATH: /usr/local/bin:/usr/local/sbin:/bin:/usr/bin:/usr/sbin:/sbin
GIT_TOKEN=abcd
root@debian:~# systemctl status lava-server-gunicorn.service
● lava-server-gunicorn.service - LAVA server gunicorn
Loaded: loaded (/lib/systemd/system/lava-server-gunicorn.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-08-29 13:56:56 IST; 1min 9s ago
Main PID: 15978 (gunicorn: maste)
Tasks: 9 (limit: 9429)
Memory: 298.8M
CPU: 5.375s
CGroup: /system.slice/lava-server-gunicorn.service
├─15978 "gunicorn: master [lava_server.wsgi]"
├─15980 "gunicorn: worker [lava_server.wsgi]"
├─15981 "gunicorn: worker [lava_server.wsgi]"
├─15982 "gunicorn: worker [lava_server.wsgi]"
└─15983 "gunicorn: worker [lava_server.wsgi]"
Aug 29 13:58:05 debian gunicorn3[15983]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 29 13:58:05 debian gunicorn3[15983]: File "/usr/lib/python3/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
Aug 29 13:58:05 debian gunicorn3[15983]: return view_func(*args, **kwargs)
Aug 29 13:58:05 debian gunicorn3[15983]: ^^^^^^^^^^^^^^^^^^^^^^^^^^
Aug 29 13:58:05 debian gunicorn3[15983]: File "/usr/lib/python3/dist-packages/lava_scheduler_app/views.py", line 1201, in internal_v1_jobs
Aug 29 13:58:05 debian gunicorn3[15983]: env_str = config("env")
Aug 29 13:58:05 debian gunicorn3[15983]: ^^^^^^^^^^^^^
Aug 29 13:58:05 debian gunicorn3[15983]: File "/usr/lib/python3/dist-packages/lava_scheduler_app/views.py", line 1197, in config
Aug 29 13:58:05 debian gunicorn3[15983]: raise OSError(
Aug 29 13:58:05 debian gunicorn3[15983]: OSError: [Errno ] Invalid YAML file for debian: env file
Thanks,
Sweta
From: Milosz Wasilewski <milosz.wasilewski@foundries.io>
Sent: Thursday, August 29, 2024 1:53 PM
To: Sweta Ghosh <sweta.ghosh@nagarro.com>
Cc: lava-users@lists.lavasoftware.org <lava-users@lists.lavasoftware.org>
Subject: Re: [lava-users] Not able to set variable
[Email from a non-Nagarro source: please exercise caution with links and attachments]
Sweta,
On Thu, Aug 29, 2024 at 6:19 AM <sweta.ghosh@nagarro.com> wrote:
>
> Hi,
> I want clone a gitlab repo with id and token during job execution. To hide the token I am passing the value in my job. How can I export the value of GIT_TOKEN in environment file of LAVA? So that whenever job is executed it will read the value from its environment
file. I tried to use export and tried to add "GIT_TOKEN=abcd" in env.yaml file. But I guess its not correct format. I couldn't find what kind of values we can add in env.yaml in documents. I also added GIT_TOKEN value in /etc/profile of the LAVA server still
the job didn't pick it. Could you please suggest how can we clone the repo in LAVA job without exposing its password. Also I understand that ssh key of root will work but I want to avoid using ssh key of root. Kindly suggest
Jobs are executed on the dispatcher. Unless your server and dispatcher
run on the same machine, setting environment on server won't do the
trick.
> - test:
> timeout:
> minutes: 15
> definitions:
> - repository:
https://gitid:$GIT_TOKEN@gitlab.com/lava-tests.git
> from: git
> path: tests/cisscan/cis.yaml
> branch: pipeline
> name: cis-benchmark
The docs say that you can override some env variables of the job using
env.yaml file:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvalidation.linaro.org%2Fstatic%2Fdocs%2Fv2%2Fproxy.html&data=05%7C02%7Csweta.ghosh%40nagarro.com%7C8faa4f84e4a747413cff08dcc803e9a0%7Ca45fe71af4804e42ad5eaff33165aa35%7C0%7C0%7C638605166344630819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2FBPP5vGSWX%2FRhte8zHVjphgEQ2OpZLHGze9s3GkMXEU%3D&reserved=0
There are 2 options:
- /etc/lava-server/env.yaml - for all workers
- /etc/lava-server/dispatcher.d/<name>/env.yaml - for selected worker only
In this case it talks about HTTP_PROXY, but I believe you can set
GIT_TOKEN there. I don't know if it's going to work. Best to try and
report back :)
Your only other option is limiting the job visibility to "personal" or
"group". This way the job data won't be available to the world and you
can use the token in the definition. It's not an ideal solution, but I
don't think there is a better one available.
Best Regards,
Milosz
> _______________________________________________
> lava-users mailing list -- lava-users@lists.lavasoftware.org
> To unsubscribe send an email to lava-users-leave@lists.lavasoftware.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s