# Configure the environment that will be used within the server and the dispatcher.

# If set to true, all variables inherited by the process will be dropped.

# The process environment is then fully controlled but you should then list all

# variables that your process needs.

purge: true

# List the variables that will be removed from the inherited environment.

# If purge is 'true', this list is useless.

# default: empty list

#removes:

#- HTTP_PROXY

#- HTTPS_PROXY

#- FTP_PROXY

#- NO_PROXY

# A dictionary of (key, value) that will be added to the inherited environment.

# If a key does not already exist in the inherited environment, it's added.

# default: an empty dictionary

overrides:

  LC_ALL: C.UTF-8

  LANG: C

#  http_proxy: http://lava-lab-proxy

#  https_proxy: http://lava-lab-proxy

#  ftp_proxy: http://lava-lab-proxy

  PATH: /usr/local/bin:/usr/local/sbin:/bin:/usr/bin:/usr/sbin:/sbin

● lava-server-gunicorn.service - LAVA server gunicorn

     Loaded: loaded (/lib/systemd/system/lava-server-gunicorn.service; enabled; preset: enabled)

     Active: active (running) since Thu 2024-08-29 13:56:56 IST; 1min 9s ago

   Main PID: 15978 (gunicorn: maste)

      Tasks: 9 (limit: 9429)

     Memory: 298.8M

        CPU: 5.375s

     CGroup: /system.slice/lava-server-gunicorn.service

             ├─15978 "gunicorn: master [lava_server.wsgi]"

             ├─15980 "gunicorn: worker [lava_server.wsgi]"

             ├─15981 "gunicorn: worker [lava_server.wsgi]"

             ├─15982 "gunicorn: worker [lava_server.wsgi]"

             └─15983 "gunicorn: worker [lava_server.wsgi]"

Aug 29 13:58:05 debian gunicorn3[15983]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Aug 29 13:58:05 debian gunicorn3[15983]:   File "/usr/lib/python3/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view

Aug 29 13:58:05 debian gunicorn3[15983]:     return view_func(*args, **kwargs)

Aug 29 13:58:05 debian gunicorn3[15983]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^

Aug 29 13:58:05 debian gunicorn3[15983]:   File "/usr/lib/python3/dist-packages/lava_scheduler_app/views.py", line 1201, in internal_v1_jobs

Aug 29 13:58:05 debian gunicorn3[15983]:     env_str = config("env")

Aug 29 13:58:05 debian gunicorn3[15983]:               ^^^^^^^^^^^^^

Aug 29 13:58:05 debian gunicorn3[15983]:   File "/usr/lib/python3/dist-packages/lava_scheduler_app/views.py", line 1197, in config

Aug 29 13:58:05 debian gunicorn3[15983]:     raise OSError(

From: Milosz Wasilewski <milosz.wasilewski@foundries.io>
Sent: Thursday, August 29, 2024 1:53 PM
To: Sweta Ghosh <sweta.ghosh@nagarro.com>
Cc: lava-users@lists.lavasoftware.org <lava-users@lists.lavasoftware.org>
Subject: Re: [lava-users] Not able to set variable

[Email from a non-Nagarro source: please exercise caution with links and attachments]


Sweta,

On Thu, Aug 29, 2024 at 6:19 AM <sweta.ghosh@nagarro.com> wrote:
>
> Hi,
> I want clone a gitlab repo with id and token during job execution. To hide the token I am passing the value in my job. How can I export the value of GIT_TOKEN in environment file of LAVA? So that whenever job is executed it will read the value from its environment file. I tried to use export and tried to add "GIT_TOKEN=abcd" in env.yaml file. But I guess its not correct format. I couldn't find what kind of values we can add in env.yaml in documents. I also added GIT_TOKEN value in /etc/profile of the LAVA server still the job didn't pick it. Could you please suggest how can we clone the repo in LAVA job without exposing its password. Also I understand that ssh key of root will work but I want to avoid using ssh key of root. Kindly suggest

Jobs are executed on the dispatcher. Unless your server and dispatcher
run on the same machine, setting environment on server won't do the
trick.

> - test:
>     timeout:
>       minutes: 15
>     definitions:
>     - repository: https://gitid:$GIT_TOKEN@gitlab.com/lava-tests.git
>       from: git
>       path: tests/cisscan/cis.yaml
>       branch: pipeline
>       name: cis-benchmark

The docs say that you can override some env variables of the job using
env.yaml file:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvalidation.linaro.org%2Fstatic%2Fdocs%2Fv2%2Fproxy.html&data=05%7C02%7Csweta.ghosh%40nagarro.com%7C8faa4f84e4a747413cff08dcc803e9a0%7Ca45fe71af4804e42ad5eaff33165aa35%7C0%7C0%7C638605166344630819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2FBPP5vGSWX%2FRhte8zHVjphgEQ2OpZLHGze9s3GkMXEU%3D&reserved=0
There are 2 options:
 - /etc/lava-server/env.yaml - for all workers
 - /etc/lava-server/dispatcher.d/<name>/env.yaml - for selected worker only
In this case it talks about HTTP_PROXY, but I believe you can set
GIT_TOKEN there. I don't know if it's going to work. Best to try and
report back :)

Your only other option is limiting the job visibility to "personal" or
"group". This way the job data won't be available to the world and you
can use the token in the definition. It's not an ideal solution, but I
don't think there is a better one available.

Best Regards,
Milosz
> _______________________________________________
> lava-users mailing list -- lava-users@lists.lavasoftware.org
> To unsubscribe send an email to lava-users-leave@lists.lavasoftware.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s