We Keep Coding

setting NODE_EXTRA_CA_CERTS with dotenv does not work as an export

I feel puzzled by the following behavior. In the very beginning of my main index.js, I am using
require('dotenv').config();
console.log(process.env); // everything seems in order
I know that the rest of my code successfully access all the relevant process.env.${VARS}. However, I get SSL exceptions; exceptions that I can easily solve by
export NODE_EXTRA_CA_CERTS=/some/absolute/path/to/ca.pem
npm start
Is there something special about NODE_EXTRA_CA_CERTS that would explained why this specific variable set with require('dotenv').config() does not work while the others work like a charm?
Does it need to be set before running npm? If it does, why is it the case and are there any workaround so I could keep thing simple?
environement:
dotenv 16.0.0
node v16.13.2

neardupe How to properly configure node.js to use Self Signed root certificates? .
Your problem is not in npm. npm start runs your application, typically (but not necessarily) by running node (or whatever spelling on your platform) to run your js code. When you use node to run js, NODE_EXTRA_CA_CERTS is read and saved in the C-code part of node at startup, before beginning to execute js, and subsequent changes in js variables like process.env do not affect it.
The clean way to do this in js is to pass the desired CAlist -- which can consist of the standard list (from tls.rootCertificates) plus any additions (or replacements or deletions) you choose -- in the (relevant) TLS socket creation, or any https request that implicitly creates a TLS socket; or alternatively to use --use-openssl-ca and select an OpenSSL-format store provided by your system (modified if necessary by system means like update-ca-certificates on Debian/Ubuntu) or one you create.
Or when using npm as you do, it should be possible to configure your package.json to set the envvar before running the application in node.
If you can't do either/any of those, especially where you control the toplevel (and startup) but call libraries you can't [safely] change, see the Q I linked above. For https connections that use the default https.globalAgent you can (documentedly) set that per the A. For all connections, you can monkeypatch tls.createSecureContext to use the undocumented context.addCACert as in the Q, which OP confirmed in the A does actually work if using a correct cert.

Error: No configuration set for [aws] s3_shard_formatter. This is a required configuration

I started seeing this error in flyte:
No configuration set for [aws] s3_shard_formatter. This is a required configuration.
What does it mean? AFAIK we set S3_SHARD_FORMATTER env variable in the image and also when registering the workflow.

It means the configuration object is not set. There are multiple ways to set it.
You can add it to the config file like so
[aws]
s3_shard_formatter=s3://bucket-name/{}/
s3_shard_string_length=2
You can set the environment variable FLYTE_AWS_S3_SHARD_FORMATTER to the value in the config example in 1. (or whatever your bucket name/path is).
However, usually when you see this error, what's actually happening is that the configuration option for where to look for the configuration file itself, is not being set correctly.
If you can get yourself into a Python repl, take a look at the following.
from flytekit.configuration.internal import CONFIGURATION_PATH
CONFIGURATION_PATH.get()
That path should be a /full/path/from/root. cat it too just to check that it's what you expect.
If that config option returns an empty string, then your registration step must be in error. Confirm which file is being used during registration.

how to start Leingen with java -Djavax.net.debug=true option?

I am trying to diagnose a few issues with ssl connectivity with Leingen. I am trying to find what SSL Key Store and Trust Store is being Used by Leingen,
I am behind a corporate firewall and we have self signed certificates deployed on all our desktops . I am running lein.bat on a windows 10.
Hence I have to start Leingen with java -Djavax.net.debug=true option.
The :jvm-opts in the project.clj wont work -- I need to make sure the Liengen's JVM is started with this option

You can set leiningen JVM options by setting LEIN_JVM_OPTS environment variable before running lein in the same terminal session.

The lein command is just a shell script which eventually invokes java with various options. You can edit this script to see what options are used and/or to modify them.
As Piotrek mentioned, the LEIN_JVM_OPTS environment variable is the canonical way of passing options to the jvm in which lein runs. You can see it used on line 372 of the source code.
For your case:
> export LEIN_JVM_OPTS='-Djavax.net.debug=true'
> lein clean
> lein run

Since you're running windows, you'll want to actually look at the lein.bat file. You'll still need to update LEIN_JVM_OPTS, but how you go about it will be a bit different. If you're using windows command terminal (cmd.exe) you will want to use the set command.
set LEIN_JVM_OPTS="-Djavax.net.debug=true"
The command is likely different if you're using powershell, and you can likely find out how to set that on this page on environment variables.

How come data is not coming from my hiera yaml file?

I am using Puppet Enterprise 3.7.2 and on one of my nodes I create the file:
[root#vii-osc4-mgmt-001 ~]# cat /etc/profile.d/POD_prefix.sh
export FACTER_pod_prefix=vii-osc4
Then I rebooted that node and logged back in and verified that
the FACTER_pod_prefix gets set and facter pod_prefix outputs the
expected value.
[root#vii-osc4-mgmt-001 ~]# env | grep FACTER_pod_prefix
FACTER_pod_prefix=vii-osc4
[root#vii-osc4-mgmt-001 ~]# facter pod_prefix
vii-osc4
On my PE 3.7 Puppet master I created the file /var/lib/hiera/vii-osc4.yaml.
I created the /var/lib/hiera/vii-osc4.yaml from the /var/lib/hiera/defaults.yaml
file that I had been using like so:
# cp /var/lib/hiera/defaults.yaml /var/lib/hiera/vii-osc4.yaml
This file has a bunch of class parameter values. For example there is this
line in the file:
controller_vip_name: vii-osc4.example.com
Then I changed my hiera.yaml file to look like this:
[root#osc4-ppt-001 ~]# cat /etc/puppetlabs/puppet/hiera.yaml
---
:backends:
- yaml
:hierarchy:
- "%{pod_prefix}"
- defaults
- "%{clientcert}"
- "%{environment}"
- global
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /var/lib/hiera on *nix
# - %CommonAppData%\PuppetLabs\hiera\var on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
Then I restarted my pe-httpd service like so (RHEL7):
# systemctl restart pe-httpd
Then I make a small change to the /var/lib/hiera/vii-osc4.yaml for example
I change the line ...
controller_vip_name: vii-osc4.example.com
... to ...
controller_vip_name: VII-osc4.example.com
But when I run puppet agent -t --noop on my node, vii-osc4-mgmt-001, I do not see the change
that I expected to see. If I make the change in the /var/lib/hiera/defaults.yaml and then
run puppet agent -t --noop on my node I do see the expected changes. What am I doing wrong here?
UPDATE: using /etc/facter/facts.d method of setting custom facts.
I looked into using /etc/facter/facts.d for what I am trying to do. What I am trying to do is set a custom fact "pod_prefix". I want to use this fact in my hiera.yaml like so ...
---
:backends:
- yaml
:hierarchy:
- "%{::pod_prefix}"
- defaults
- "%{clientcert}"
- "%{environment}"
- global
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /var/lib/hiera on *nix
# - %CommonAppData%\PuppetLabs\hiera\var on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
... so that nodes that have pod_prefix set to vii-osc4 will obtain their class parameters from the file /var/lib/hiera/vii-osc4/yaml and host that pod_prefix set to ix-xyz will get their class params from /var/lib/hiera/ix-xyz.yaml. I do not see how creating the file /etc/facter/facts.d/pod_prefix.txt on my puppet master that contains something like this ...
# cat pod_prefix.txt
pod_prefix=vii-osc4
... could possibly be a solution to my problem. I guess I must be misunderstanding something here. Can someone help?
UPDATE 2.
The /etc/facter/facts.d/pod_prefix.txt file goes on my nodes.
I think my biggest problem is that just execute systemctl restart pe-httpd was not sufficient and things didn't start working until I did a full reboot of my puppet master. I need to go look at the docs and figure out what is the correct way to restart the "puppet master".

The very approach of managing custom facts through environment variables is quite brittle. In this case, I suspect it does not work because you changed the environment of login shells via /etc/profile.d. System services don't run in such shells, though.
A clean approach would be to define your fact value in /etc/facter/facts.d instead.

Tomcat 7 - where do I set 'system properties'?

My webapp is having an issue since upgrading to Tomcat 7. My session will go null after I login and try to do anything (submitting a request). I've read that setting the following may help:
org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
Does anyone know where to set this? Should this be set in web.xml, context.xml or somewhere else?
The other thing I want to check is the following:
org.apache.catalina.STRICT_SERVLET_COMPLIANCE

You can set any of the system properties in
apache-tomcat-7.0.33\conf\catalina.properties
file. Adding your entry in this file should resolve your problem.
E.g.
environment=local

You can set system properties in Tomcat by creating a setenv.sh file in /bin directory.
I did the following to set the system properties.
export JAVA_OPTS="-Dmyprojectvar.subname=value -Danothervariable=value -Danother.variable=value"
Remember:
There is no space between the export JAVA_OPTS and =. Also: the symbol & is different, use ..
Now, run your catalina.sh to start tomcat.

You can set these system properties in command line that starts Tomcat. For example, you can have file setenv.bat (on setenv.sh if you are on linux) in Tomcats bin folder with following content:
set "CATALINA_OPTS=%CATALINA_OPTS% -Dfile.encoding=UTF8 -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true -Duser.timezone=GMT -Xmx1024m -XX:MaxPermSize=256m"
This file is preferred way of setting properties for Tomcat.
Now, FWD_SLASH_IS_SEPARATOR is by default set to false. If you set STRICT_SERVLET_COMPLIANCE to true, the value of FWD_SLASH_IS_SEPARATOR will be also set to true (and values of some other properties). However, you can set it explicitly to false, e.g. using the following in your setenv file is fine:
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
-Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
This is also what I suggest when someone sets STRICT_SERVLET_COMPLIANCE to true, to always disable the FWD_SLASH_IS_SEPARATOR. Otherwise, the cookie Path value will be sent quoted (e.g. "\") and all browsers as of today, except Opera, do not recognize this and would e.g. fail to track the session.

THE SOLUTION:
sessionCookiePathUsesTrailingSlash="false"
We actually figured out how to solve this. It was a Tomcat 7 setting we needed to set. We placed it in server.xml, under the tag as follows:
<Context path="/test" reloadable="true" docBase="c:\webapp\test"
workDir="c:\webapp\test" sessionCookiePathUsesTrailingSlash="false"/>
When we were debugging the problem and looking at the cookies path we noticed it was putting a \ backslash after the webapp name, so for our test webapp it was setting the path to /test/ instead of /test. This caused a bunch of problems.
Has anyone else had to deal with this setting in Tomcat 7? Or have a similar problem?

If you are trying to set variables for a server running in eclipse:
Select Run > Run Configurations
Make sure your server is selected
Select Environment Tab
Click 'New' to add a new variable