[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17467888#comment-17467888 ] Marco RODRIGUES edited comment on OFBIZ-9498 at 1/3/22, 10:24 AM: -- We are working on a more complete version. We have to manage the problem in a more general and homogeneous way with the values reported by the "Properties". And also allowing to merge and to overload the values. The current code will add heterogeneity when we want to move forward on a global solution quickly. We are currently evaluating the impact and the process that we could propose to do so. I will post the elements here as they are written so that you can participate as best as possible in the reflection and progress of this point. Thanks was (Author: JIRAUSER280242): We are working on a more complete version. We have to manage the problem in a more general and homogeneous way with the values reported by the properties. And also allowing to merge and to overload the values. The current code will add heterogeneity when we want to move forward on a global solution quickly. We are currently evaluating the impact and the process that we could propose to do so. I will post the elements here as they are written so that you can participate as best as possible in the reflection and progress of this point. Thanks > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466490#comment-17466490 ] Ioan Eugen Stan edited comment on OFBIZ-9498 at 12/29/21, 3:42 PM: --- [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} For sensitive data (cc [~jleroux] ) , the practices for containers are to support another an extension to env variable properties. We add support for `OFB_POSTGRES_PASS` that will contain the actual secret and support also `OFB_POSTGRES_PASS_FILE` that will contain a path to a file that holds the sensitive data. Files can be made accessible only to the running application on most modern OS's Details of how this works for Docker Swarm is in the bellow document and other places online: [https://docs.docker.com/engine/swarm/secrets/] . Most container engines support handling secrets that are mounted as files in special memory file systems that don't reach disk and are even protected / encrypted (modern CPU's have this capability). See docker swarm secrets, kubernetes secrets, etc. was (Author: ieugen): [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} For sensitive data (cc [~jleroux] ) , the practices for containers are to support another an extension to env variable properties. We add support for `OFB_POSTGRES_PASS` that will contain the actual secret and support also `OFB_POSTGRES_PASS_FILE` that will contain the contents of the secret in a file. Details of how this works for Docker Swarm is in the bellow document and other places online: [https://docs.docker.com/engine/swarm/secrets/] . Most container engines support handling secrets that are mounted as files in special memory file systems that don't reach disk and are even protected / encrypted (modern CPU's have this capability). > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466490#comment-17466490 ] Ioan Eugen Stan edited comment on OFBIZ-9498 at 12/29/21, 3:40 PM: --- [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} For sensitive data (cc [~jleroux] ) , the practices for containers are to support another an extension to env variable properties. We add support for `OFB_POSTGRES_PASS` that will contain the actual secret and support also `OFB_POSTGRES_PASS_FILE` that will contain the contents of the secret in a file. Details of how this works for Docker Swarm is in the bellow document and other places online: [https://docs.docker.com/engine/swarm/secrets/] . Most container engines support handling secrets that are mounted as files in special memory file systems that don't reach disk and are even protected / encrypted (modern CPU's have this capability). was (Author: ieugen): [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450450#comment-17450450 ] Marco RODRIGUES edited comment on OFBIZ-9498 at 11/29/21, 1:26 PM: --- {{Hi,}} {{I am starting a training course with Néréide to improve my skills in community contribution and get to know OfBiz better}} {{I went through a lot of the related threads to get an idea of where this is at.}} {{Globally, there seem to have thre main ways with various implementation :}} {{- in code}} {{- in the application database}} {{- in system (file or environment variable)}} {{If solution that seems the most used by mainstrem projects, is to store overridable sensitive data in a system file, there seems to have no perfect solution.}} {{It depends on the person responsible for security and the policy they apply. Both to secure and to identify and respond to intrusions}} {\{As Jacques Le Roux says : "I think we can suggest more than one solution and people can then pick the one fitting more for them"}} {{For the overload in the application code, this is a case which I think is handled by the usual development processes.}} {{For the other cases, which use a resource that can be qualified as external, and which make it possible to respond to problems of the "ISO/CEI 27002, 6.1.2 Segregation of duties" type, this requires that the application code provide for an activation of the available cases and a mechanism. overloading of variable values.}} {{Then each production manager will be able to manage independently of the application.}} {{Nereide agreed to pull us the code they use to manage environment variables on [https://github.com/apache/ofbiz-framework/pull/355]}} It seems to me that this is a good base on which to work. With your help, I should be able to come up with a solution that is useful and acceptable to all. \{{}} was (Author: JIRAUSER280242): {{Hi,}} {{I am starting a training course with Néréide to improve my skills in community contribution and get to know OfBiz better}} {{I went through a lot of the related threads to get an idea of where this is at.}} {{Globally, there seem to have thre main ways with various implementation :}} {{- in code}} {{- in the application database}} {{- in system (file or environment variable)}} {{If solution that seems the most used by mainstrem projects, is to store overridable sensitive data in a system file, there seems to have no perfect solution.}} {{It depends on the person responsible for security and the policy they apply. Both to secure and to identify and respond to intrusions}} {{As Jacques Le Roux says : "I think we can suggest more than one solution and people can then pick the one fitting more for them"}} {{For the overload in the application code, this is a case which I think is handled by the usual development processes.}} {{For the other cases, which use a resource that can be qualified as external, and which make it possible to respond to problems of the "ISO/CEI 27002, 6.1.2 Segregation of duties" type, this requires that the application code provide for an activation of the available cases and a mechanism. overloading of variable values.}} {{Then each production manager will be able to manage independently of the application.}} {{Nereide agreed to pull us the code they use to manage environment variables on https://github.com/apache/ofbiz-framework/pull/355}} It seems to me that this is a good base on which to work. With your help, I should be able to come up with a solution that is useful and acceptable to all. {{}} > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348864#comment-16348864 ] Jacques Le Roux edited comment on OFBIZ-9498 at 2/1/18 9:07 PM: Hi Gil, Thanks for the update, we all have priorities ;) was (Author: jacques.le.roux): Hi Gil, Thanks for the update, we have all priorities ;) > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348773#comment-16348773 ] Gil Portenseigne edited comment on OFBIZ-9498 at 2/1/18 4:41 PM: - Hi Jacques, we are still using it in our project but we haven't progress on the matter... I planned to analyse template system with gradle as discussed with Taher and Michael, but that's low my prio list :). was (Author: gil portenseigne): Hi Jacques, we are still using it in our project but we haven't progress on the matter... I planned to analyse template system with gradle as discussed with Taher and Michael, but that's bottom my prio list :). > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)