Fork me on GitHub
#datomic
<
2018-08-09
>
tlima11:08:16

Does anyone know if we can set Transactor properties (like license-key, protocol, alt-host, etc) using environment variables? If so, what is the naming convention for those variables? I tried the Java approach (`DATOMIC_LICENSE_KEY`, for instance) but it doesn’t seem to work…

marshall13:08:46

@t.augusto those are not configurable as envars - that would be a good suggestion for a feature that I’d encourage you to log at our feature request portal (“suggest features” link in the top nav of http://my.datomic.com)

mgrbyte13:08:19

you can supply them as java properties on the command line though IIRC? (e.g: java -Ddatomic.licenseKey=...)

marshall13:08:13

possibly; i can’t recall which ones that will work for

matthavener13:08:14

tlima: we just use a script that injects env vars into a properties template using sed

8
marshall13:08:50

I’d probably use the same approach as @matthavener ^ since if you’re deploying anywhere with VMs, you’ll need to dynamically populate host and alt-host anyway

matthavener13:08:11

if you look at the scripts in here, its pretty similar https://github.com/opengrail/heroku-buildpack-datomic

eoliphant17:08:47

Yeah, we use ansible’s templating to setup our on-prem stuff

eoliphant17:08:20

Is there a new version of Cloud? Just noticed there’s a field to set a map of inputs for ion/get-env

ghadi19:08:38

Ion Question: Is there any mechanism for conveyance of permissions from Lambda to the proxied code?

dominicm19:08:35

@ghadi I asked this previously, I think the asg has to be given permissions.

ghadi19:08:58

thanks @dominicm ... I wonder if there is a Better Way

dominicm20:08:16

@ghadi within the constraints of aws it's hard to think of a better way it could be done without ending up in heavy lambda territory

brycecovert20:08:26

Has anyone measured the point at which datomic transactor does not scale well? The context here is that I am about to recommend using it for a transactional system containing around 1 billion entities. I’m expecting throughput of about 1 million transactions on those entities per day.

eoliphant20:08:06

In general no @ghadi. AWS permissions get applied only to the ‘aws thing’ in question. Giving a lambda perms to say read an S3 bucket, won’t in the case of ions, have anything to do with the EC2 instances where your actual ion code is running. You really just want to add whatever permissions your ions are going to need to the role associated with the EC2 instances, since lambdas are just ‘glue’ for ions

ghadi20:08:33

yeah I want to convey STS temporary credentials through to the compute cluster

eoliphant20:08:11

Well, hmm… I mean, if you have the token, I guess you could include it in the payload, then when you’re calling AWS Service X, via the api you’d have to manually setup the credential provider

ghadi20:08:22

i don't have the token, I want to acquire it during execution of the lambda

ghadi20:08:30

Kinda like how Netflix BLESS works.

ghadi20:08:31

Strongly authenticate the lambda execution itself

eoliphant20:08:47

Gotcha, I think the problem is that for ions, the actual lambda code is basically opaque. Your first opportunity to actually do your assumeRole’ing, etc would be the entry point into the clojure/datomic function. But you’d like to have that happen prior

steveb8n21:08:51

Take a look at SSM parameters, that seems to be the best way to do env vars in the Ion world

ghadi21:08:53

I believe SSM parameters are static

ghadi21:08:39

I'll clarify my use-case a bit more, but it's per-request credentials

steveb8n21:08:40

Ah ok, in that case I don't have experience to share.

misha22:08:42

@okocim @curtosis beware of valid false values in cond->

👍 4