Closed chevdor closed 7 months ago
I'd like to work on this issue. I will keep you updated on my progress :)
Hey @guggero @chevdor @Roasbeef, I've just submitted a PR for this issue. I'd love to receive any feedback from you. Thanks!
@chevdor Interested in finding out more information on how you set env variables for rpcuser and rpcpassword in the bitcoin.conf fle. I can't find anything related to this in the docs.
@ronballesteros I spotted this in some sample config. If you consider rpcuser
for example, it seems that bitcoin.conf
is parsed in order to resolve variables such as rpcuser=${BTC_RPCUSER:-btc}
.
This is actually nice because it allows using the ENV BTC_RPCUSER
if set, or default to btc
otherwise.
Thanks @chevdor. Interesting. I can't seem to get it to work in my lab. I have this set in my bitcoin.conf:
bitcoin.conf
...
rpcuser=${BTC_RPCUSER}
rpcpassword=${BTC_RPCPASSWORD}
env
bash-5.0# env | grep -i rpc
BTC_RPCPASSWORD=password
BTC_RPCUSER=admin
When I curl from another pod, I get that failed password attempt:
2024-02-22T17:43:42Z ThreadRPCServer incorrect password attempt
Am I missing something?
I am using k8s as well. I have a configmap for the config and a secret for.. well the secrets :)
There are a few other options that come to play with RPC and this issue is likely not the place to troubleshoot bitcoin.conf issues but here are a few hints, you can refer to the doc for more details about those:
server=1
rpcclienttimeout=${BTC_RPCCLIENTTIMEOUT:-30}
rpcport=${BTC_RPCPORT:-8332}
rpcbind=${BTC_RPCBIND:-127.0.0.1}
If you're using k8s, you might want to check out this tool: https://github.com/lightninglabs/lndinit
We use it in our infra to handle provision+init of all our lnd nodes via config maps and secrets: https://github.com/lightninglabs/lndinit?tab=readme-ov-file#example-use-case-2-kubernetes
Interesting, thanks for the link @Roasbeef
Is your feature request related to a problem? Please describe.
bitcoind
allows definining its config using ENV. For instance:That allows not having the BTC_RPCUSER and BTC_RPCPASSWORD in clear text in the config. At runtime,
bitcoind
is resolving those env. lnd does not do this, forcing to pass the secrets in clear text in the config file.Describe the solution you'd like
Just like
bitcoind
, it would be great if lnd could resolve variables, at least for secrets.Describe alternatives you've considered
An alternative would be to add
envsubst
to the Docker image but this is rather clunky...