How to pass environment variable created by template block

CamilaBetim · September 22, 2021, 4:46pm

Hi! I’m trying to retrieve bitbucket credentials that are in the kv vault through the template block and pass them as variables in the artifact block

this is my template block. It returns to me my bitbuckt username and password that are stored in the vault. This is working, the data is successfully written to the file.env file inside secrets

But when I try to pass the environment variables created in my artifact it returns an error. This is my artifact block:

The error it returns:
nomad error="prestart hook “artifacts” failed: failed to download artifact

“git::https://{USER}:{SENHA}@bitbucket.org/${USER}/nomad.git”: relative paths require a module with a pwd

Is there something I’m doing wrong? Could someone help me with this?

lgfa29 · September 23, 2021, 12:02am

Hi @CamilaBetim

So the problem is that environment variables are not available at the time artifact (and other variables) are interpolated. Environment variables are only set inside the task, while artifact are retrieved by the client agent.

What you could do is maybe use a prestart task to manually clone the repo into the alloc dir? If you have git installed you can use the exec driver directly, or a lightweight Docker image that has the git command.

Here’s an example:

job "private-git-clone" {
  datacenters = ["dc1"]

  group "repo" {
    task "clone" {
      driver = "exec"

      lifecycle {
        hook = "prestart"
      }

      config {
        command = "git"
        args    = ["clone", "https://${USER}:${SENHA}@bitbucket.org/${USER}/nomad.git", "${NOMAD_ALLOC_DIR}/repo"]
      }

      template {
        data        = <<EOF
USER="{{ ... }}"
SENHA="{{ ... }}"
EOF
        destination = "${NOMAD_SECREST_DIR}/env"
        env         = true
      }
    }

    task "repo" {
      driver = "docker"

      config {
        image   = "ubuntu:20.04"
        command = "/bin/bash"
        args    = ["local/script.sh"]
        
        # Mount a path in the allocation directory into the Docker container.
        mount {
          type   = "bind"
          source = "..${NOMAD_ALLOC_DIR}/repo"
          target = "/repo"
        }
      }

      template {
        data        = <<EOF
cat /repo/README.md
while true
do
  sleep 10
done
EOF
        destination = "local/script.sh"
      }
    }
  }
}

See if this works for you, and let us know how it goes

CamilaBetim · September 23, 2021, 1:58pm

Hi! Thank you so much for the quick feedback! This worked perfectly. It answered exactly what I wanted.

I just wanted to know, I didn’t understand this part of the script very well, could you explain to me what its functionality is? I even ran the job with it and then without this snippet and they worked correctly. What is this script below in the task for?

lgfa29 · September 23, 2021, 3:25pm

Ah sorry, I was actually supposed to remove that before posting, but forgot about it

That’s just a quick script that I used to test if the git clone command worked. It prints the README.md file to the output log then sleeps forever in an infinite loop. This loop is used to keep the allocation running and prevent Nomad from restarting the task.

You don’t really need it

Sorry for the confusion.

CamilaBetim · September 23, 2021, 4:01pm

No problem!! Thank you so much for your help!