使用ansible从env文件中读取多个值并将它们存储为事实 [英] Reading multiple values from an env file with ansible and storing them as facts
问题描述
我有以下代码从环境 (.env) 文件中读取值并将它们存储为事实:
I have the following code which reads values from an environment (.env) file and stores them as facts:
- name: Read values from environment
shell: "source {{ env_path }}; echo $DB_PASSWORD"
register: output
args:
executable: /bin/bash
changed_when: false
- name: Store read password
set_fact:
db_password: "{{ output.stdout }}"
when:
- db_password is undefined
changed_when: false
- name: Read values from environment
shell: "source {{ env_path }}; echo $DB_USER"
register: output
args:
executable: /bin/bash
changed_when: false
- name: Store read user
set_fact:
db_user: "{{ output.stdout }}"
when:
- db_user is undefined
changed_when: false
- name: Read values from environment
shell: "source {{ env_path }}; echo $DB_NAME"
register: output
args:
executable: /bin/bash
changed_when: false
- name: Store read db_name
set_fact:
db_name: "{{ output.stdout }}"
when:
- db_name is undefined
changed_when: false
- name: Container environment loaded; the following facts are now available for use by ansible
debug: "var={{ item }}"
with_items:
- db_name
- db_user
- db_password
它非常笨重且笨重.我想写这样的东西,但我不知道怎么写:
It's quite bulky and unwieldy. I would like to write it something like this, but I can't figure out how :
vars:
values:
- db_name
- db_password
- db_user
tasks:
- name: Read values from environment
shell: "source {{ env_path }}; echo {{ item|upper }}"
register: output
with_items: values
args:
executable: /bin/bash
changed_when: false
- name: Store read value
set_fact:
"{{ item.0 }}": "{{ item.1.stdout }}"
when:
- item.0 is undefined
with_together:
- values
- output.results
changed_when: false
相反,我得到了这个输出:
Instead, I get this output:
ok: [default] => (item=values) => {"changed": false, "cmd": "source /var/www/mydomain.org/.env; echo VALUES", "delta": "0:00:00.002240", "end": "2017-02-15 15:25:15.338673", "item": "values", "rc": 0, "start": "2017-02-15 15:25:15.336433", "stderr": "", "stdout": "VALUES", "stdout_lines": ["VALUES"], "warnings": []}
TASK [sql-base : Store read password] ******************************************
skipping: [default] => (item=[u'values', u'output.results']) => {"changed": false, "item": ["values", "output.results"], "skip_reason": "Conditional check failed", "skipped": true}
当然更理想的是,如果有一个我忽略的 ansible 模块允许我从环境文件加载值.
Even more ideal of course would be if there is an ansible module I have overlooked that allows me to load values from an environment file.
推荐答案
通常我要么将我的变量放入清单文件中,要么将它们转换为 yml
格式并使用 include_vars 模块(您可以运行 sed
脚本来转换您的环境文件到 yml 动态).在使用以下代码之前,请确保您确实需要使用这些环境文件,并且您不能轻易使用其他一些机制,例如:
Generally I would either put my variables into the inventory files themselves, or convert them to yml
format and use the include_vars module (you might be able to run a sed
script to convert your environment file to yml on the fly). Before using the below code make sure you are really required to use those environment files, and you cannot easily use some other mechanism like:
- 带有 include_vars 模块的 YAML 文件
- 将配置放在清单中(不需要模块)
- 将配置放入 ansible Vault 文件(不需要模块,但您需要将解密密钥存储在某处)
- 使用其他一些安全存储机制,例如 Hashicorp 的保险库(使用 https://github 等插件).com/jhaals/ansible-vault)
- a YAML file with the include_vars module
- putting the config inside the inventory (no modules required)
- putting the config into an ansible vault file (no modules required, you need to store the decryption key somewhere though)
- use some other secure storage mechanism, like Hashicorp's vault (with a plugin like https://github.com/jhaals/ansible-vault)
回到你的代码,它实际上几乎是正确的,你在读取任务中遗漏了一美元,条件中缺少一些花括号:
Back to your code, it is actually almost correct, you were missing a dollar from the read task, and some curly braces from the condition:
DB_NAME=abcd
DB_PASSWORD=defg
DB_USER=fghi
注意:确保此文件符合 sh
标准,这意味着您不要在 =
符号周围放置空格.像 DB_NAME = abcd
这样的东西会失败
Note: make sure that this file adheres to sh
standards meaning you don't put spaces around the =
sign. Having something like DB_NAME = abcd
will fail
- hosts: all
connection: local
vars:
env_path: 'test.env'
values:
- db_name
- db_password
- db_user
tasks:
- name: Read values from environment
shell: "source {{ env_path }}; echo ${{ item|upper }}"
register: output
with_items: "{{ values }}"
args:
executable: /bin/bash
changed_when: false
- name: Store read value
set_fact:
"{{ item.0 }}": "{{ item.1.stdout }}"
when: '{{ item.0 }} is undefined'
with_together:
- "{{ values }}"
- "{{ output.results }}"
changed_when: false
- name: Debug
debug:
msg: "NAME: {{db_name}} PASS: {{db_password}} USER: {{db_user}}"
使用 ansible-playbook -i 127.0.0.1, play.yml
运行:
TASK [Debug] *******************************************************************
ok: [127.0.0.1] => {
"msg": "NAME: abcd PASS: defg USER: fghi"
}
这篇关于使用ansible从env文件中读取多个值并将它们存储为事实的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!