community.docker
community.docker copied to clipboard
ansible-collections
docker-compose: Adds double quotes around single quote, if using "{{variable}}" on a playbook
SUMMARY
I have an issue with variables and added quotes, which I don't need. I use the docker-compose module to add environment variables with a playbook. For one of them .. I have a JSON string .. with database configuration and password, so I want to have it in a Ansible-vault file. If I run then the playbook .. I get DATABASES='"{ ....}"' instead of DATABASES='{...}'. The only way to avoid it .. is to add the string direct into the playbook with:
...
environment:
DATABASES: |-
{ .... }
....
ISSUE TYPE
- Bug Report
COMPONENT NAME
- community.docker.docker_compose:
ANSIBLE VERSION
ansible 2.9.27
config file = /var/lib/rundeck/ansible/ansible_rundeck.cfg
configured module search path = [u'/var/lib/rundeck/ansible/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.16 (default, Oct 10 2019, 22:02:15) [GCC 8.3.0]
COLLECTION VERSION
# /home/dfuchs/git/ansible/collections/ansible_collections
Collection Version
---------------- -------
community.docker 3.1.0
OS / ENVIRONMENT
- Debian Buster
STEPS TO REPRODUCE
---
- name: Manage backoffice container
hosts: "{{inventory}}"
gather_facts: no
vars_files:
- "{{ inventory_dir }}/group_vars/docker_secrets.yml"
- "{{ inventory_dir }}/group_vars/container_deploy.yaml"
tasks:
- name: "Login into harbor"
docker_login:
registry: "{{docker_registry}}"
username: "{{docker_username}}"
password: "{{docker_password}}"
- name: "Create docker-compose file"
community.docker.docker_compose:
project_name: backoffice
remove_orphans: true
pull: true
definition:
version: "3.9"
services:
backoffice_nginx:
image: "{{BACKOFFICE_NGINX_IMAGE}}"
hostname: localhost
restart: always
container_name: backoffice_nginx
volumes:
- backoffice-gunicorn_data:/home/app/static/
- certs:/cert
networks:
- app-backoffice
environment:
API: backoffice:8000
NGINX_SSL_PORT: 443
ports:
- 9001:443
depends_on:
- backoffice_gunicorn
backoffice_gunicorn:
image: "{{BACKOFFICE_IMAGE}}"
restart: always
container_name: backoffice_gunicorn
hostname: backoffice
environment:
DATABASES: "{{ BACKOFFICE_DATABASES }}"
volumes:
- backoffice-gunicorn_data:/app/static/
networks:
- app-backoffice
- config_service_config-service
....
- On the Vault file: inventories/test/group_vars/docker_secrets.yml
BACKOFFICE_DATABASES: !unsafe |-
{ "default": {}, "users_db": {"ENGINE":"django.db.backends.mysql", "NAME":"backoffice_users", "USER":"user", "PASSWORD":"secret", "HOST":"fra-test-mdb", "PORT":"3306"}, "findb": {"NAME":"financial_db", "ENGINE":"django.db.backends.mysql", "USER":"foo", "PASSWORD":"secret", "HOST":"fra-dev-srv-db.example.local","PORT":"3306"}}
EXPECTED RESULTS
Same like I use with adding the string direct:
DATABASES='{ "default": {}, "users_db": {"ENGINE":"django.db.backends.mysql", "NAME":"backoffice_users", "USER":"user", "PASSWORD":"secret", "HOST":"fra-test-mdb", "PORT":"3306"}, "findb": {"NAME":"financial_db", "ENGINE":"django.db.backends.mysql", "USER":"foo", "PASSWORD":"secret", "HOST":"fra-dev-srv-db.example.local","PORT":"3306"}}'
ACTUAL RESULTS
Double quotes around:
DATABASES="'{ "default": {}, "users_db": {"ENGINE":"django.db.backends.mysql", "NAME":"backoffice_users", "USER":"user", "PASSWORD":"secret", "HOST":"fra-test-mdb", "PORT":"3306"}, "findb": {"NAME":"financial_db", "ENGINE":"django.db.backends.mysql", "USER":"foo", "PASSWORD":"secret", "HOST":"fra-dev-srv-db.example.local","PORT":"3306"}}'"
Have you tried running ansible-playbook with -vvv to actually see what was passed on to the docker_compose module? Because this sounds a lot like Ansible is doing some internal conversion, and the data gets passed wrongly to the module. Which is nothing this collection has any influence on.
Duplicate of https://groups.google.com/d/msgid/ansible-project/4de5000c-e086-4f61-ba79-0c06f4f0778fn%40googlegroups.com
Hi,
the debug (-vvv) shows the same, like I see on the container itself:
...
changed: [fra-test-docker-01.example.local] => changed=true
invocation:
module_args:
api_version: auto
build: false
ca_cert: null
client_cert: null
client_key: null
debug: false
definition:
networks:
app-backoffice:
driver: bridge
config_service_config-service:
external: true
services:
backoffice_gunicorn:
container_name: backoffice_gunicorn
environment:
ALLOWED_HOSTS: '*'
DATABASES: |-
"'{ "default": {}, "users_db": {...}}'"
From a user on Matrix Ansible User help, he asks me to add to the playbook some debugs (before docker_compose module), so I've added:
- name: ------------------ Pint databases for debug ------------------
ansible.builtin.debug:
msg: "{{BACKOFFICE_DATABASES}}"
- debug:
msg: "{{ BACKOFFICE_DATABASES | type_debug}}"
and got
TASK [------------------ Pint databases for debug ------------------] *****************************************************************************************************
ok: [fra-test-docker-01.example.local] =>
msg: '''{ "default": {}, ..."}}'''
TASK [debug] **************************************************************************************************************************************************************
ok: [fra-test-docker-01.example.local] =>
msg: AnsibleUnsafeText
I'm sure, that the extra " " came from the variable definition "{{ FOO}}" as it is otherwise invalid (yaml) syntax
I've upgraded also to 2.10.7 and it does not change anything :-)
Your -vvv output confirms that the quotes are passed to the module from ansible-core's side, so there's nothing this module (or this collection) can do about the problem.
I've upgraded also to 2.10.7 and it does not change anything :-)
FYI, both 2.9.x and 2.10.x are EOL and basically dead.