使用ansible从env文件中读取多个值并将它们存储为事实 [英] Reading multiple values from an env file with ansible and storing them as facts

问题描述

我有以下代码从环境 (.env) 文件中读取值并将它们存储为事实:

I have the following code which reads values from an environment (.env) file and stores them as facts:

- name: Read values from environment
  shell: "source {{ env_path }}; echo $DB_PASSWORD"
  register: output
  args:
    executable: /bin/bash
  changed_when: false

- name: Store read password
  set_fact:
    db_password: "{{ output.stdout }}"
  when:
    - db_password is undefined
  changed_when: false

- name: Read values from environment
  shell: "source {{ env_path }}; echo $DB_USER"
  register: output
  args:
    executable: /bin/bash
  changed_when: false

- name: Store read user
  set_fact:
    db_user: "{{ output.stdout }}"
  when:
    - db_user is undefined
  changed_when: false

- name: Read values from environment
  shell: "source {{ env_path }}; echo $DB_NAME"
  register: output
  args:
    executable: /bin/bash
  changed_when: false

- name: Store read db_name
  set_fact:
    db_name: "{{ output.stdout }}"
  when:
    - db_name is undefined
  changed_when: false

- name: Container environment loaded; the following facts are now available for use by ansible
  debug: "var={{ item }}"
  with_items:
    - db_name
    - db_user
    - db_password

它非常笨重且笨重.我想写这样的东西，但我不知道怎么写:

It's quite bulky and unwieldy. I would like to write it something like this, but I can't figure out how :

vars:
    values:
       - db_name
       - db_password
       - db_user
tasks:
- name: Read values from environment
  shell: "source {{ env_path }}; echo {{ item|upper }}"
  register: output
  with_items: values
  args:
    executable: /bin/bash
  changed_when: false

- name: Store read value
  set_fact:
    "{{ item.0 }}": "{{ item.1.stdout }}"
  when:
    - item.0 is undefined
  with_together:
    - values
    - output.results
  changed_when: false

相反，我得到了这个输出:

Instead, I get this output:

ok: [default] => (item=values) => {"changed": false, "cmd": "source /var/www/mydomain.org/.env; echo VALUES", "delta": "0:00:00.002240", "end": "2017-02-15 15:25:15.338673", "item": "values", "rc": 0, "start": "2017-02-15 15:25:15.336433", "stderr": "", "stdout": "VALUES", "stdout_lines": ["VALUES"], "warnings": []}

TASK [sql-base : Store read password] ******************************************
skipping: [default] => (item=[u'values', u'output.results'])  => {"changed": false, "item": ["values", "output.results"], "skip_reason": "Conditional check failed", "skipped": true}

当然更理想的是，如果有一个我忽略的 ansible 模块允许我从环境文件加载值.

Even more ideal of course would be if there is an ansible module I have overlooked that allows me to load values from an environment file.

推荐答案

通常我要么将我的变量放入清单文件中，要么将它们转换为 yml 格式并使用 include_vars 模块(您可以运行 sed 脚本来转换您的环境文件到 yml 动态).在使用以下代码之前，请确保您确实需要使用这些环境文件，并且您不能轻易使用其他一些机制，例如:

Generally I would either put my variables into the inventory files themselves, or convert them to yml format and use the include_vars module (you might be able to run a sed script to convert your environment file to yml on the fly). Before using the below code make sure you are really required to use those environment files, and you cannot easily use some other mechanism like:

• 带有 include_vars 模块的 YAML 文件
• 将配置放在清单中(不需要模块)
• 将配置放入 ansible Vault 文件(不需要模块，但您需要将解密密钥存储在某处)
• 使用其他一些安全存储机制，例如 Hashicorp 的保险库(使用 https://github 等插件).com/jhaals/ansible-vault)

• a YAML file with the include_vars module
• putting the config inside the inventory (no modules required)
• putting the config into an ansible vault file (no modules required, you need to store the decryption key somewhere though)
• use some other secure storage mechanism, like Hashicorp's vault (with a plugin like https://github.com/jhaals/ansible-vault)

回到你的代码，它实际上几乎是正确的，你在读取任务中遗漏了一美元，条件中缺少一些花括号:

Back to your code, it is actually almost correct, you were missing a dollar from the read task, and some curly braces from the condition:

DB_NAME=abcd
DB_PASSWORD=defg
DB_USER=fghi

注意:确保此文件符合 sh 标准，这意味着您不要在 = 符号周围放置空格.像 DB_NAME = abcd 这样的东西会失败

Note: make sure that this file adheres to sh standards meaning you don't put spaces around the = sign. Having something like DB_NAME = abcd will fail

- hosts: all
  connection: local
  vars:
      env_path: 'test.env'
      values:
         - db_name
         - db_password
         - db_user
  tasks:
  - name: Read values from environment
    shell: "source {{ env_path }}; echo ${{ item|upper }}"
    register: output
    with_items: "{{ values }}"
    args:
      executable: /bin/bash
    changed_when: false

  - name: Store read value
    set_fact:
      "{{ item.0 }}": "{{ item.1.stdout }}"
    when: '{{ item.0 }} is undefined'
    with_together:
      - "{{ values }}"
      - "{{ output.results }}"
    changed_when: false

  - name: Debug
    debug:
      msg: "NAME: {{db_name}} PASS: {{db_password}} USER: {{db_user}}"

使用 ansible-playbook -i 127.0.0.1, play.yml 运行:

TASK [Debug] *******************************************************************
ok: [127.0.0.1] => {
    "msg": "NAME: abcd PASS: defg USER: fghi"
}

这篇关于使用ansible从env文件中读取多个值并将它们存储为事实的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！