如何处理env变量的种群

时间:2022-10-18 14:45:03

While my understanding is that using environment variables for configuring applications in different deployment environments is best practice, I don't know of a good method for managing these environments and populating the variables in them.

虽然我的理解是使用环境变量来配置不同部署环境中的应用程序是最佳实践,但我不知道管理这些环境并在其中填充变量的好方法。

Here are the approaches I'm considering:

以下是我正在考虑的方法:

  • Populating them in the Upstart script we use to run our app. We use Ansible to provision our servers which currently copies over a static upstart scrip, however this could be templated with environment variables.

    在我们用来运行我们的应用程序的Upstart脚本中填充它们。我们使用Ansible来配置我们的服务器,这些服务器当前通过静态新贵的脚本进行复制,但是这可以通过环境变量进行模板化。

  • Same approach but with /etc/environment

    与/ etc / environment相同的方法

  • Using something like envdir and once again using ansible to populate the files.

    使用类似envdir的东西,再次使用ansible填充文件。

The other issue is where to store the values, I'm thinking redis, but am open to suggestion. Ansible has a "Vault" that I'm yet to look at which may be an option.

另一个问题是存储价值的地方,我在想redis,但我愿意接受建议。 Ansible有一个“Vault”,我还没有看到,这可能是一个选择。

The values are things like API keys and database urls.

值是API密钥和数据库URL。

I'm really just wondering what approaches other people use. I'm open to all suggestions.

我真的只是想知道其他人使用什么方法。我对所有建议持开放态度。

1 个解决方案

#1


3  

I think this question is going to solicit a lot of opinions, and probably a lot of conflicting opinions, but with that said here's some of my opinions:

我认为这个问题会征求很多意见,可能还会有很多相互矛盾的意见,但是这里说的是我的一些观点:

  • /etc/environment is part of the OS and intended for configuration of interactive user shells. Don't use it for applications.
  • / etc / environment是操作系统的一部分,用于配置交互式用户shell。不要将它用于应用程序。
  • A templatized upstart config via ansible seems pretty reasonable to me. Just ensure the filesystem permissions are suitably locked-down to root read only if you intend to store sensitive data there.
  • 通过ansible的模板化新贵配置对我来说似乎很合理。如果您打算在那里存储敏感数据,只需确保文件系统权限被适当锁定为root只读。
  • You could also use a templatized application-specific config file such as /etc/myapp/config which has worked pretty well for many programs for a few decades. The whole environment-variables-are-better-than-config files position is really coming more from a PaaS perspective (heroku I believed popularized this approach by way of their 12-factor app site). So if you're deployment is PaaS or PaaS-style, envirnoment is convenient. But if you are installing your app on your own servers via Ansible, IMHO a straight-up config file is simpler to troubleshoot for the reasons I outline in my blog post environment variables considered harmful
  • 您还可以使用模板化的特定于应用程序的配置文件,例如/ etc / myapp / config,这对于许多程序来说已经有好几十年了。整个环境 - 变量 - 优于配置文件的位置实际上更多地来自PaaS视角(heroku我相信通过他们的12因素应用程序站点推广这种方法)。因此,如果您的部署是PaaS或PaaS风格,那么环境很方便。但是,如果你通过Ansible在自己的服务器上安装你的应用程序,恕我直言,直接配置文件更容易排除故障,因为我在我的博客中概述了环境变量被认为是有害的

#1


3  

I think this question is going to solicit a lot of opinions, and probably a lot of conflicting opinions, but with that said here's some of my opinions:

我认为这个问题会征求很多意见,可能还会有很多相互矛盾的意见,但是这里说的是我的一些观点:

  • /etc/environment is part of the OS and intended for configuration of interactive user shells. Don't use it for applications.
  • / etc / environment是操作系统的一部分,用于配置交互式用户shell。不要将它用于应用程序。
  • A templatized upstart config via ansible seems pretty reasonable to me. Just ensure the filesystem permissions are suitably locked-down to root read only if you intend to store sensitive data there.
  • 通过ansible的模板化新贵配置对我来说似乎很合理。如果您打算在那里存储敏感数据,只需确保文件系统权限被适当锁定为root只读。
  • You could also use a templatized application-specific config file such as /etc/myapp/config which has worked pretty well for many programs for a few decades. The whole environment-variables-are-better-than-config files position is really coming more from a PaaS perspective (heroku I believed popularized this approach by way of their 12-factor app site). So if you're deployment is PaaS or PaaS-style, envirnoment is convenient. But if you are installing your app on your own servers via Ansible, IMHO a straight-up config file is simpler to troubleshoot for the reasons I outline in my blog post environment variables considered harmful
  • 您还可以使用模板化的特定于应用程序的配置文件,例如/ etc / myapp / config,这对于许多程序来说已经有好几十年了。整个环境 - 变量 - 优于配置文件的位置实际上更多地来自PaaS视角(heroku我相信通过他们的12因素应用程序站点推广这种方法)。因此,如果您的部署是PaaS或PaaS风格,那么环境很方便。但是,如果你通过Ansible在自己的服务器上安装你的应用程序,恕我直言,直接配置文件更容易排除故障,因为我在我的博客中概述了环境变量被认为是有害的