任务:什么有效/什么无效
替换/添加一行代码按预期工作
文件sentry/config.yml包含以下行
# ...
# github-app.webhook-secret: 'GITHUB_WEBHOOK_SECRET' # Use only if configured in GitHub
# github-app.client-id: 'GITHUB_CLIENT_ID'
# github-app.client-secret: 'GITHUB_CLIENT_SECRET'
# github-app.private-key: |
# -----BEGIN RSA PRIVATE KEY-----
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# -----END RSA PRIVATE KEY-----
# ...
它应该被 ansible 变量替换。
但是,可以使用以下 ansible 任务替换/添加单行代码而不会出现问题(直接添加变量以便更好地概览):
- name: "Configure sentry misc settings."
vars:
sentry_config:
auth-google.client-id: "{{ secret_sentry_googleauth_clientid }}"
auth-google.client-secret: "{{ secret_sentry_googleauth_clientkey }}"
github-app.id: "{{ secret_sentry_githubapp_id }}"
github-app.name: "{{ secret_sentry_githubapp_name }}"
github-app.client-id: "{{ secret_sentry_githubapp_clientid }}"
github-app.client-secret: "{{ secret_sentry_githubapp_clientsecret }}"
github-app.webhook-secret: "{{ secret_sentry_githubapp_webhooksecret }}"
github-app.private-key: "{{ secret_sentry_githubapp_privatekey }}"
loop: "{{ sentry_config | dict2items }}"
ansible.builtin.lineinfile:
path: "{{ sentry_docker_compose_project_folder }}/sentry/config.yml"
regexp: "^#?\\s*{{ item.key }}:"
line: "{{ item.key }}: {{ item.value | to_json }}"
问题:github-app.private-key用多行变量值填充的最佳方法是什么?
使用 ansible 替换生成的多行 yaml 值需要另一种解决方法
给定的多行字符串sentry/config.yml
# github-app.private-key: |
# -----BEGIN RSA PRIVATE KEY-----
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# -----END RSA PRIVATE KEY-----
必须是
- 未注释
- 并且必须按原样添加 RSA 私钥的值,并在替换结果中的 ansible var 中每行使用正确的间距
github-app.private-key: |
-----BEGIN RSA PRIVATE KEY-----
real privatekey from ansible var privatekey from ansible var
real privatekey from ansible var privatekey from ansible var
real privatekey from ansible var privatekey from ansible var
real privatekey from ansible var privatekey from ansible var
-----END RSA PRIVATE KEY-----
答案1
问题是:最好的方法是什么......
答案应该始终是:降低复杂性,保持尽可能简单,删除尽可能多的内容,直到没有什么可以删除为止,使用分治算法。
一种方法是简单地预处理给定的配置文件
sentry/config.yml
# start: here
# github-app.webhook-secret: 'GITHUB_WEBHOOK_SECRET'
# github-app.client-id: 'GITHUB_CLIENT_ID'
# github-app.client-secret: 'GITHUB_CLIENT_SECRET'
# github-app.private-key: |
# -----BEGIN RSA PRIVATE KEY-----
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# privatekeyprivatekeyprivatekeyprivatekey
# -----END RSA PRIVATE KEY-----
# end: here
因为复杂的数据操作
... 虽然不推荐将 Ansible 用作数据处理/操作工具...
最小示例剧本
---
- hosts: localhost
become: false
gather_facts: false
vars:
config_file: "config.yml"
pre_tasks: # data cleansing
- name: Create temporary uncommented version
shell:
cmd: "sed 's/# //g' sentry/{{ config_file }} > /tmp/{{ config_file }}"
tasks:
- name: Load variables from pre-processed temporary file
include_vars:
file: "/tmp/{{ config_file }}"
name: secret_sentry
- name: Show variables
debug:
msg: "{{ secret_sentry }}"
将导致输出
TASK [Show variables] ****************************
ok: [localhost] =>
msg:
end: here
github-app.client-id: GITHUB_CLIENT_ID
github-app.client-secret: GITHUB_CLIENT_SECRET
github-app.private-key: |-
-----BEGIN RSA PRIVATE KEY-----
privatekeyprivatekeyprivatekeyprivatekey
privatekeyprivatekeyprivatekeyprivatekey
privatekeyprivatekeyprivatekeyprivatekey
privatekeyprivatekeyprivatekeyprivatekey
privatekeyprivatekeyprivatekeyprivatekey
-----END RSA PRIVATE KEY-----
github-app.webhook-secret: GITHUB_WEBHOOK_SECRET
start: here