Variables and parameters.yml

Keep on Learning!

If you liked what you've learned so far, dive in!
Subscribe to get access to this tutorial plus
video, code and script downloads.

Start your All-Access Pass
Buy just this tutorial for $10.00

How could we handle sensitive variables - like a database password? Well, committing them to our playbook is probably not a good idea. Nope, we need something better!

Organizing Vars into a File

First, let's reorganize a little bit! Create a new vars/ directory with a vars.yml file inside. Now, copy all of the variables, add the ---, paste them here, and - you know the drill - un-indent them:

---
symfony_root_dir: /var/www/project
symfony_web_dir: "{{ symfony_root_dir }}/web"
symfony_var_dir: "{{ symfony_root_dir }}/var"
symfony_console_path: "{{ symfony_root_dir }}/bin/console"

Ansible gives us a way to import variables from a file... called vars_files. Point it to ./vars/vars.yml:

---
- hosts: vb
vars_files:
- ./vars/vars.yml
... lines 6 - 170

Cool! Believe it or not, we're one step closer to being able to handle sensitive configuration.

Adding the secret Variable

In your VM move to /var/www/project:

cd /var/www/project

I want to look at the app/config/parameters.yml file:

cat app/config/parameters.yml

This file holds config for the Symfony project, like the database password. Notice one is called secret. This is supposed to be a unique string that's used for creating some random strings. Right now ours is... not so secret: that's the default value from Symfony.

Let's set this for real! In the vars.yml file, create a new variable: symfony_secret set to udderly secret $tring:

---
... lines 2 - 5
symfony_secret: "udderly secret $tring"

Now, in symfony-bootstrap.yml, we can use that variable to modify parameters.yml. Create a new task: "Set Symfony secret in parameters.yml". Use our favorite lineinfile module with dest set to {{ symfony_root_dir }} - that's a variable from our vars file - {{ symfony_root_dir }}/app/config/parameters.yml:

---
... lines 2 - 20
- name: Set Symfony secret in parameters.yml
lineinfile:
dest: "{{ symfony_root_dir }}/app/config/parameters.yml"
... lines 24 - 58

For regexp, use ^ secret:. Yep, we're looking for 4 spaces then secret:. For line, 4 spaces again then secret: {{ symfony_secret }}:

---
... lines 2 - 20
- name: Set Symfony secret in parameters.yml
lineinfile:
dest: "{{ symfony_root_dir }}/app/config/parameters.yml"
regexp: "^ secret:"
line: " secret: {{ symfony_secret }}"
tags:
- deploy
... lines 28 - 58

Don't forget to give this the deploy tag!

This will work... but don't even try it! Nope, we need to go further: having sensitive keys committed to my vars.yml file is not a good solution. We need the vault.

Leave a comment!