Chapters

30 Chapters | 2:45:48 |

01

Hello Ansible!

5:53
02

Modules

6:34
03

Hosts & the Inventory File

4:45
04

Vagrant <3's Ansible

6:30
05

Create your Playbook!

3:18
06

Install Stuff: The apt Module

3:12
07

apt Package Upgrades & Requirements

6:13
08

PHP 7, Nginx & MySQL

6:09
09

Extensions, php.ini & lineinfile

7:23
10

git & Variables

5:21
11

Installing Composer & the script Module

6:45
12

Installing Composer Deps

4:31
13

Nginx Configuration & Ansible Templates

7:24
14

Handlers: For Handling Serious Biz

7:12
15

Cache Permissions

2:19
16

Symfony Console Commands

5:38
17

Tagging Tasks

4:46
18

Idempotency, changed_when & Facts

6:48
19

vars_prompt & Environment Variables

5:38
20

pre_tasks and set_fact

6:35
21

Faster Smarter Playbook

5:48
22

Skipping Tasks based on Changed

3:01
23

Organizing with include

2:10
24

Organizing into Roles

7:37
25

Using a 3rd Party to Install Redis

4:36
26

Variables and parameters.yml

3:06
27

The Variable Vault

7:22
28

Deploy to AWS!

6:06
29

Host Group Vars

3:30
30

Launch a Cloud Instance!

9:43

> Dev Tools > Ansible for Automation!

Buy Access to Course

26.

Variables and parameters.yml

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $10.00

Previous Chapter

Next Chapter

With a Subscription, click any sentence in the script to jump to that part of the video!

How could we handle sensitive variables - like a database password? Well, committing them to our playbook is probably not a good idea. Nope, we need something better!

Organizing Vars into a File

First, let's reorganize a little bit! Create a new vars/ directory with a vars.yml file inside. Now, copy all of the variables, add the ---, paste them here, and - you know the drill - un-indent them:

            Copy Code

                        6 lines
            |
            ansible/vars/vars.yml
        
            ---
        
            symfony_root_dir: /var/www/project
        
            symfony_web_dir: "{{ symfony_root_dir }}/web"
        
            symfony_var_dir: "{{ symfony_root_dir }}/var"
        
            symfony_console_path: "{{ symfony_root_dir }}/bin/console"

Ansible gives us a way to import variables from a file... called vars_files. Point it to ./vars/vars.yml:

            Copy Code

                            Show All Lines

                        170 lines
            |
            ansible/playbook.yml
        
            ---
        
            - hosts: vb
        
              vars_files:
        
                - ./vars/vars.yml
        
                Show Lines

                                                    // ... lines 6 - 170

Cool! Believe it or not, we're one step closer to being able to handle sensitive configuration.

Adding the secret Variable

In your VM move to /var/www/project:

cd /var/www/project

I want to look at the app/config/parameters.yml file:

cat app/config/parameters.yml

This file holds config for the Symfony project, like the database password. Notice one is called secret. This is supposed to be a unique string that's used for creating some random strings. Right now ours is... not so secret: that's the default value from Symfony.

Let's set this for real! In the vars.yml file, create a new variable: symfony_secret set to udderly secret $tring:

            Copy Code

                            Show All Lines

                        7 lines
            |
            ansible/vars/vars.yml
        
            ---
        
                Show Lines

                                                    // ... lines 2 - 5
                            
            symfony_secret: "udderly secret $tring"

Now, in symfony-bootstrap.yml, we can use that variable to modify parameters.yml. Create a new task: "Set Symfony secret in parameters.yml". Use our favorite lineinfile module with dest set to {{ symfony_root_dir }} - that's a variable from our vars file - {{ symfony_root_dir }}/app/config/parameters.yml:

            Copy Code

                            Show All Lines

                        58 lines
            |
            ansible/includes/symfony-bootstrap.yml
        
            ---
        
                Show Lines

                                                    // ... lines 2 - 20
                            
            - name: Set Symfony secret in parameters.yml
        
              lineinfile:
        
                dest: "{{ symfony_root_dir }}/app/config/parameters.yml"
        
                Show Lines

                                                    // ... lines 24 - 58

For regexp, use ^ secret:. Yep, we're looking for 4 spaces then secret:. For line, 4 spaces again then secret: {{ symfony_secret }}:

            Copy Code

                            Show All Lines

                        58 lines
            |
            ansible/includes/symfony-bootstrap.yml
        
            ---
        
                Show Lines

                                                    // ... lines 2 - 20
                            
            - name: Set Symfony secret in parameters.yml
        
              lineinfile:
        
                dest: "{{ symfony_root_dir }}/app/config/parameters.yml"
        
                regexp: "^    secret:"
        
                line: "    secret: {{ symfony_secret }}"
        
              tags:
        
                - deploy
        
                Show Lines

                                                    // ... lines 28 - 58

Don't forget to give this the deploy tag!

This will work... but don't even try it! Nope, we need to go further: having sensitive keys committed to my vars.yml file is not a good solution. We need the vault.

2 Comments

Sort By

daskifjraewiofj 4 years ago edited

Better replacement, this will work regardless of identation and even preserve it:

- name: Set Symfony secret in parameters.yml
  lineinfile:
    dest: "{{ symfony_root_dir }}/app/config/parameters.yml"
    regexp: '^(\s+)secret:'
    line: '\1secret: {{ symfony_secret }}'
    backrefs: true
  tags:
    - deploy```

1 | Reply |

Victor SFCASTS daskifjraewiofj 4 years ago

Hey Daskifjraewiofj,

Oh, nice! Thanks for sharing this with others! I wonder, how is that \1 called? Any links to the docs where you found this example? Sounds really cool :)

Cheers!

| Reply |

This tutorial is built using an older version of Symfony, but the core concepts of Ansible are still valid. New versions of Ansible may contain some features that we don't use here.

Symfony 3 Ansible 2.1

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": ">=5.5.9",
        "symfony/symfony": "3.1.*", // v3.1.4
        "doctrine/orm": "^2.5", // v2.7.2
        "doctrine/doctrine-bundle": "^1.6", // 1.6.4
        "doctrine/doctrine-cache-bundle": "^1.2", // 1.3.0
        "symfony/swiftmailer-bundle": "^2.3", // v2.3.11
        "symfony/monolog-bundle": "^2.8", // 2.11.1
        "symfony/polyfill-apcu": "^1.0", // v1.2.0
        "sensio/distribution-bundle": "^5.0", // v5.0.12
        "sensio/framework-extra-bundle": "^3.0.2", // v3.0.16
        "incenteev/composer-parameter-handler": "^2.0", // v2.1.2
        "doctrine/doctrine-migrations-bundle": "^1.2", // v1.2.0
        "snc/redis-bundle": "^2.0", // 2.0.0
        "predis/predis": "^1.1", // v1.1.1
        "composer/package-versions-deprecated": "^1.11" // 1.11.99
    },
    "require-dev": {
        "sensio/generator-bundle": "^3.0", // v3.0.8
        "symfony/phpunit-bridge": "^3.0", // v3.1.4
        "doctrine/data-fixtures": "^1.1", // 1.3.3
        "hautelook/alice-bundle": "^1.3" // v1.4.1
    }
}