Can't export variables from script when running consul-template?
512 views
Skip to first unread message
Badr Mohamed
Jul 25, 2018, 11:55:55 AM7/25/18
to Consul
Hi everyone,
I have a setup, that has a vault and consul-template in it. In consul-template a couple of tokens are fetched from vault, then written to a TOKENENV file. In the config.hcl file, I have configured the command in the template section to export to custom env variables. Below you can see the template:
#!/bin/bash
export ROLEID_TOKEN="{{- with secret "auth/approle/role/python-role/role-id" -}}{{- .Data.role_id -}}{{- end -}}"
export SECRETID_TOKEN="{{- with secret "auth/approle/role/python-role/secret-id" "role_name= python-role" -}}{{- .Data.secret_id -}}{{- end -}}"Also, you can find the configuration file below,
reload_signal = "SIGHUP"
kill_signal = "SIGINT"
max_stale = "10m"
log_level = "warn"
wait {
min = "5s"
max = "10s"
}
vault {
address = "http://127.0.0.1:8200"
grace = "5m"
unwrap_token = false
renew_token = false
}
syslog {
enabled = true
facility = "LOCAL5"
}
template {
source = "./python.tpl"
destination = "./TOKENENV"
command = "bash -c 'source TOKENENV'"
error_on_missing_key = true
command_timeout = "60s"
}What I am expecting is to find both env variables $ROLEID_TOKEN & $SECRETID_TOKEN containing the tokens but they don't contain nothing as if the command didn't execute. Also, the "command" field in the config.hcl file complains while execution if I typed:
source TOKENRNV
directly. I had to write bash -c and enclose that command in single quotations. The error it said when I did that:
* failed to execute command "source TOKENENV" from "./python.tpl" => "./TOKENENV": child: exec: "source": executable file not found in $PATH
How to export an environmental variable then? And why doesn't it work with me?
Thanks in advance.
Justin DynamicD
Jul 25, 2018, 1:20:16 PM7/25/18
to Consul
So if an environment variable is what you're looking for, have you tried using envconsul instead of consul-template?
https://github.com/hashicorp/envconsul
Seems like it might be a more direct approach for what you're trying to accomplish. Otherwise I've never tried using consul-template to set an environment variable, only configuration files.
https://github.com/hashicorp/envconsul
Seems like it might be a more direct approach for what you're trying to accomplish. Otherwise I've never tried using consul-template to set an environment variable, only configuration files.
Message has been deleted
Badr Mohamed
Jul 26, 2018, 4:59:40 AM7/26/18
to Consul
But envconsul can't deal with maps! So, I can't fetch tokens like I am doing in my conusl template.
Reply all
Reply to author
Forward
0 new messages