ansible - template json for environmental variable in docker container
I'm trying to assign a one-liner json string to an environmental variable in a docker container. This is what the json look like:
{"ip_access": {"IP_whitelist": {"192.168.99.19/32": "grafana/status (Provider)"}}, "vhosts": {"prometheus1": {"dns_names": ["prometheus1.company.internal"], "add_lines_443": ["include IP_whitelist;", "set $prometheus http://prometheus:9090;", "location / { proxy_pass $prometheus; }"], "options": {"cert_path": "/etc/ssl/certs/prometheus1.crt", "key_path": "/etc/ssl/private/prometheus1.key"}}}}
So instead of ["prometheus1.company.internal"] I want to have ["{{ inventory_hostname }} .company.internal"] (and also for the other instances of prometheus1.
I'm using docker_container as follows:
- name: create nginx reverse proxy container
docker_container:
image: registry.company.com/devops/nginx-reverseproxy:{{ nginx_version }}
name: nginx-reverseproxy
labels:
role=metrics
volumes:
- /etc/ssl/certs/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt
- /etc/ssl/private/{{ inventory_hostname }}.key:/etc/ssl/private/{{ inventory_hostname }}.key
container_default_behavior: compatibility
networks_cli_compatible: yes
network_mode: default
purge_networks: yes
networks:
- name: metrics-net
- name: proxy-net
env:
STAGING_ENVIRONMENT: 'production'
NGINX_VHOSTS_JSON: '{{ lookup("template", "rproxy/nginx_vhosts_prometheus_develop.j2") }}'
Unfortunately, I keep getting:
TASK [prometheus : create nginx reverse proxy container] **********************************************
fatal: [prometheus_vag]: FAILED! => {"changed": false, "msg": "Non-string value found for env option. Ambiguous env options must be wrapped in quotes to avoid them being interpreted. Key: NGINX_VHOSTS_JSON"}
The weird thing is, if I simply use the template module, it works as expected:
template:
src: rproxy/nginx_vhosts_prometheus_develop.j2
dest: /tmp/tempo.json
when: "prometheus_host in inventory_hostname"
tags:
- copytmp
inventory_hostname will be replaced by the actual value in the inventory and I get the right thing. Moreover, if I paste this exact result into the playbook as the value of NGINX_VHOSTS_JSON in the yaml playbook, it also works without any issues.
But lookup template seems not to be delivering the expected string.
Any ideas how I can get around the problem?
Solution 1:
Ansible's templating often automatically converts things to a data structure when they look like string representations of a structure.
You can avoid this in this case by explicitly turning it into JSON when you need it:
NGINX_VHOSTS_JSON: '{{ lookup("template", "rproxy/nginx_vhosts_prometheus_develop.j2") | to_json }}'
Personally, I would template it in a more human-friendly representation such as YAML, then convert it to JSON:
test.j2:
ip_access:
IP_whitelist:
192.168.99.19/32: grafana/status (Provider)
vhosts:
{{ inventory_hostname }}.company.internal:
add_lines_443:
- include IP_whitelist;
- set $prometheus http://prometheus:9090;
- location / { proxy_pass $prometheus; }
dns_names:
- {{ inventory_hostname }}.company.internal
options:
cert_path: /etc/ssl/certs/{{ inventory_hostname }}.company.internal.crt
key_path: /etc/ssl/private/{{ inventory_hostname }}.company.internal.key
test.yml:
- hosts: localhost
gather_facts: false
tasks:
- debug:
msg: "{{ lookup('template', 'test.j2') | from_yaml | to_json }}"
Result:
ok: [localhost] => {
"msg": "{\"ip_access\": {\"IP_whitelist\": {\"192.168.99.19/32\": \"grafana/status (Provider)\"}}, \"vhosts\": {\"localhost.company.internal\": {\"add_lines_443\": [\"include IP_whitelist;\", \"set $prometheus http://prometheus:9090;\", \"location / { proxy_pass $prometheus; }\"], \"dns_names\": [\"localhost.company.internal\"], \"options\": {\"cert_path\": \"/etc/ssl/certs/localhost.company.internal.crt\", \"key_path\": \"/etc/ssl/private/localhost.company.internal.key\"}}}}"
}