How to evaluate a yaml key using jinja and then evaluate its value using jinja in .j2 file using ansible?
Q: "evaluate the dev_db_password ... while ansible templates secret.j2. Is there a way to achieve this in the same line by modifying dbpassword: ... ?"
A: Yes. There is. Try lookup plugin vars. See ansible-doc -t lookup vars
dbpassword: "{{'{{'}} {{ lookup('vars', namespace + '_db_password') }} {{'}}'}}"
For example, the template
shell> cat secret.j2stringData: consoleadminpassword: "{{'{{'}} {{ lookup('vars', namespace + '_console_password') }} {{'}}'}}" consolenonadminpassword: "{{'{{'}} {{ lookup('vars', namespace + '_console_password') }} {{'}}'}}" dbpassword: "{{'{{'}} {{ lookup('vars', namespace + '_db_password') }} {{'}}'}}"
and the playbook
- hosts: localhost tasks: - template: src: secret.j2 dest: secret.yml vars: namespace: dev dev_console_password: passwd_console dev_db_password: passwd_db
give
shell> cat secret.yml stringData: consoleadminpassword: "{{ passwd_console }}" consolenonadminpassword: "{{ passwd_console }}" dbpassword: "{{ passwd_db }}"
If you don't need the next evaluation of the variables (passwords) in the dictionary the template below
shell> cat secret.j2stringData: consoleadminpassword: {{ lookup('vars', namespace + '_console_password') }} consolenonadminpassword: {{ lookup('vars', namespace + '_console_password') }} dbpassword: {{ lookup('vars', namespace + '_db_password') }}
will give
shell> cat secret.yml stringData: consoleadminpassword: passwd_console consolenonadminpassword: passwd_console dbpassword: passwd_db
If you put the passwords into an encrypted file
shell> cat dev.yml dev_console_password: passwd_consoledev_db_password: passwd_db
shell> ansible-vault encrypt dev.ymlEncryption successful
shell> cat dev.yml$ANSIBLE_VAULT;1.1;AES25630663636653963333864346339303034356463356234383035363561356365376130396465323736...
the playbook will give the same results
- hosts: localhost vars: namespace: dev tasks: - include_vars: "{{ namespace }}.yml" - template: src: secret.j2 dest: secret.yml