DOCS-2705: Add username and env attributes for processes #3649
Conversation
viambot
added
the
safe to build
docs/configure/processes.md
Outdated
| | Executable (`name`) | string | **Required** | The command you want to execute when your machine connects to the server. On many operating systems, you can find the executable path of commands by running `which <command-name>`. | | ||
| | Arguments (`args`) | string | Optional | Arguments to follow the command. | | ||
| | Working directory (`cwd`) | string | Optional | Where you want the process to execute. Defaults to the directory where `viam-server` executes. | | ||
| | `username` (not available in builder mode) | string | Optional | Example: `"username": "ubuntu"`. | |
There was a problem hiding this comment.
@zaporter-work I was not able to confirm that the username attribute does anything. My assumption is that it would allow us to run the process as a user?
On my pi I added a process with this config:
{
"env": {
"SVC_API_KEY": "VALUE"
},
"username": "pi",
"id": "process-2",
"name": "python",
"args": [
"username.py"
],
"cwd": "/home/pi",
"log": true,
"one_shot": false
}
and this little python program:
import os
import getpass
import time
while True:
print(1)
print(time.sleep(1))
raise ValueError(getpass.getuser())
I can't see anytihng printed at all and what gets raised always indicates that the process runs as root.
Does username do somethign else?
There was a problem hiding this comment.
Thank you so much for testing this!
I have just confirmed that with the newest RDK, this now works.
A slightly easier way to test that this works is via the whoami command:
"processes": [
{
"username": "pi",
"id": "process-1",
"name": "whoami",
"log": true
}
],
docs/configure/processes.md
Outdated
| | Arguments (`args`) | string | Optional | Arguments to follow the command. | | ||
| | Working directory (`cwd`) | string | Optional | Where you want the process to execute. Defaults to the directory where `viam-server` executes. | | ||
| | `username` (not available in builder mode) | string | Optional | Example: `"username": "ubuntu"`. | | ||
| | `env` (not available in builder mode) | string | Optional | Environment variables for the process. Example: `"environment": { "SVC_API_KEY":"VALUE" }`. | |
There was a problem hiding this comment.
@zaporter-work could you confirm for me how the config for a machine reaches the machine? That's all e2e encrypted right? I think we should probably mention that here.
There was a problem hiding this comment.
Talked offline -- this is not e2e encrypted. The config is encrypted in transit, but is not encrypted at rest (on the robot or in our db).
That implies that you should exercise some caution when putting api keys in here as you are trusting the security of the viam database and viam employees.
| {{% /tab %}} | ||
| {{< /tabs >}} | ||
|
|
||
| ## Set up dependencies |
There was a problem hiding this comment.
Seems better down here +1
Co-authored-by: Zack Porter <[email protected]>
Co-authored-by: Zack Porter <[email protected]>
|
You can view a rendered version of the docs from this PR at https://docs-test.viam.dev/3649 |
|
🔎💬 Inkeep AI search and chat service is syncing content for source 'Viam Docs (https://docs.viam.com)' |
No description provided.