build refactor: replace config.ini with environment variables (via single .env file) and fix templating issues #696
Conversation
attempts to consolidate all app configuration into environment variables .env is created from a template and generated secrets are placed in, all variables defined in .env are then fed into the server container via env_file in docker-compose.yml. The django settings module then reads from os.getenv() rather than configparser resolves comses/planning#145
sgfost
force-pushed
the
build/config-cleanup
branch
from
8654fac
to
7801b11
Compare
|
I'd like to move towards something like https://docs.docker.com/compose/use-secrets/ - sorry for not including it in earlier issues / docs. I think we can pivot this PR into that work though. That would just be for secrets things, other actual ENV-y things should definitely continue to live in the .env.template that you've set up nicely here. |
|
That should be straightforward to add. I hadn't already done so mostly because I wasn't entirely sure what the benefit of using secrets sans swarm-mode (files in a tmpfs mount, I think?) over environment variables was |
|
I'm mostly going on their docs here:
The other thing though is to support granular secrets for each thing that needs the secret so that updating or adding new environment variables or secrets doesn't blow away the previous set |
| config.read("/run/secrets/config.ini") | ||
|
|
||
| RELEASE_VERSION = config.get("default", "BUILD_ID", fallback="v2023.01") | ||
| RELEASE_VERSION = os.getenv("RELEASE_VERSION", "v2024.01") |
There was a problem hiding this comment.
need to make BUILD_ID match up with RELEASE_VERSION in .env.template
deploy/conf/.env.template
Outdated
| @@ -0,0 +1,55 @@ | |||
| # app | |||
| BUILD_ID= | |||
There was a problem hiding this comment.
rename to RELEASE_VERSION here and in the Makefile
alee
force-pushed
the
build/config-cleanup
branch
from
6134a51
to
a3e0449
Compare
mirrors improvements in comses/comses.net#696 * use one shared .env for all non-secret config (replaces server/.env and client/.../config.ts) * continue to use files for secrets, but with docker compose secrets * remove `configure` script in favor of an editable config.mk generated from template defaulting to DEPLOY_ENVIRONMENT=dev and figuring out correct base url in shared/settings.ts * replace server/deploy/ with top level deploy dir * clean up anything unused or unecessary from Makefile
mirrors improvements in comses/comses.net#696 * use one shared .env for all non-secret config (replaces server/.env and client/.../config.ts) * continue to use files for secrets, but with docker compose secrets * move base_url mapping to shared/settings.ts from `configure` script * replace server/deploy/ with top level deploy dir * clean up anything unused or unecessary from Makefile
mirrors improvements in comses/comses.net#696 * use one shared .env for all non-secret config (replaces server/.env and client/.../config.ts) * continue to use files for secrets, but with docker compose secrets * move base_url mapping to shared/settings.ts from `configure` script * replace server/deploy/ with top level deploy dir * clean up anything unused or unecessary from Makefile
attempts to consolidate all app configuration into environment variables
.env is created from a template and generated secrets are placed in, all variables defined in .env are then fed into the server container. The django settings module then reads from os.getenv() rather than configparser
list of changes:
config.ini/config.ini.templatedocker.envenv_fileattributeenvreplacefor setting values in a file with GNU or BSD sedresolves comses/planning#145