srv
Command used to launch StackQL as a service, which can then be accessed by clients using Postgres wire protocol clients authenticated using mTLS.
Syntax
stackql srv [server_options] [flags]
Although the StackQL server uses the Postgres wire protocol, it is not a Postgres server, nor does it require one. The wire protocol is used by the client to communicate with the server which uses StackQL to perform queries or DML operations against remote cloud and SaaS providers and return results back to the client.
Server Options
| Option | Description |
|---|---|
--pgsrv.address | Address the server is listening on (typically 0.0.0.0) |
--pgsrv.port | Port the server is listening on (e.g. 5444) |
--pgsrv.tls | mTLS configuration object, see the example below |
--pgsrv.loglevel | Log level (default WARN) |
see Global Flags for additional options
You need to set environment variables required for provider authentication before starting the server, see Using a Provider for more information.
Flags
| Flag | Description |
|---|---|
-H,--help | Print help information |
-v,--verbose | Run queries in verbose mode with additional output sent to stdout, if the -f option is selectedthis additional logging information will be written to the output file along with the query results |
see Global Flags for additional options
Examples
Launch a StackQL server process and connect using a psql command line client.
First download the openssl.cnf configuration file from stackql/stackql.
Next generate the certificate and key files to be used by the server and client for mutual TLS authentication (mTLS).
openssl req -x509 -keyout ~/stackqlcreds/server_key.pem -out ~/stackqlcreds/server_cert.pem -config ./openssl.cnf -days 365
openssl req -x509 -keyout ~/stackqlcreds/client_key.pem -out ~/stackqlcreds/client_cert.pem -config ./openssl.cnf -days 365
chmod 400 ~/stackqlcreds/client_key.pem
Now set environment variables, if the client and server are on the same host, these can be shared.
export PGPORT=5444
export PGSSLCERT=~/stackqlcreds/client_cert.pem
export PGSSLKEY=~/stackqlcreds/client_key.pem
export PGSSLROOTCERT=~/stackqlcreds/server_cert.pem
export PGSSLSRVKEY=~/stackqlcreds/server_key.pem
export CLIENT_CERT=$(base64 -w 0 ~/stackqlcreds/client_cert.pem)
export PGSSLMODE=allow
Set up an authentication object for whatever providers the server will need access to, for instance for GitHub.
export STACKQL_GITHUB_USERNAME=youruser
export STACKQL_GITHUB_PASSWORD=ghp_youraccesstoken
Now start the server in one terminal.
stackql srv \
--pgsrv.address=0.0.0.0 \
--pgsrv.port=$PGPORT \
--pgsrv.tls='{ "keyFilePath": "'${PGSSLSRVKEY}'", "certFilePath": "'${PGSSLROOTCERT}'", "clientCAs": [ "'${CLIENT_CERT}'" ] }'
In another terminal, connect to the server using the psql command line client.
psql 127.0.0.1
Now run a StackQL query against an authenticated provider.
psql (12.11 (Ubuntu 12.11-0ubuntu0.20.04.1), server 0.0.0)
Type "help" for help.
127.0.0.1=> SHOW SERVICES IN github LIKE '%repos%';
id | name | title
--------------+-------+----------------------------
repos:v0.3.3 | repos | GitHub v3 REST API - repos
(1 row)
127.0.0.1=>