SymfonyCasts stands united with the people of Ukraine
If you liked what you've learned so far, dive in!
Subscribe to get access to this tutorial plus
video, code and script downloads.
With a Subscription, click any sentence in the script to jump to that part of the video!
Login SubscribeHow could we handle sensitive variables - like a database password? Well, committing them to our playbook is probably not a good idea. Nope, we need something better!
First, let's reorganize a little bit! Create a new vars/ directory with a vars.yml file inside. Now, copy all of the variables, add the ---, paste them here, and - you know the drill - un-indent them:
| symfony_root_dir: /var/www/project | |
| symfony_web_dir: "{{ symfony_root_dir }}/web" | |
| symfony_var_dir: "{{ symfony_root_dir }}/var" | |
| symfony_console_path: "{{ symfony_root_dir }}/bin/console" |
Ansible gives us a way to import variables from a file... called vars_files. Point it to ./vars/vars.yml:
| - hosts: vb | |
| vars_files: | |
| - ./vars/vars.yml | |
| ... lines 6 - 170 |
Cool! Believe it or not, we're one step closer to being able to handle sensitive configuration.
In your VM move to /var/www/project:
cd /var/www/project
I want to look at the app/config/parameters.yml file:
cat app/config/parameters.yml
This file holds config for the Symfony project, like the database password. Notice one is called secret. This is supposed to be a unique string that's used for creating some random strings. Right now ours is... not so secret: that's the default value from Symfony.
Let's set this for real! In the vars.yml file, create a new variable: symfony_secret set to udderly secret $tring:
| ... lines 2 - 5 | |
| symfony_secret: "udderly secret $tring" |
Now, in symfony-bootstrap.yml, we can use that variable to modify parameters.yml. Create a new task: "Set Symfony secret in parameters.yml". Use our favorite lineinfile module with dest set to {{ symfony_root_dir }} - that's a variable from our vars file - {{ symfony_root_dir }}/app/config/parameters.yml:
| ... lines 2 - 20 | |
| - name: Set Symfony secret in parameters.yml | |
| lineinfile: | |
| dest: "{{ symfony_root_dir }}/app/config/parameters.yml" | |
| ... lines 24 - 58 |
For regexp, use ^ secret:. Yep, we're looking for 4 spaces then secret:. For line, 4 spaces again then secret: {{ symfony_secret }}:
| ... lines 2 - 20 | |
| - name: Set Symfony secret in parameters.yml | |
| lineinfile: | |
| dest: "{{ symfony_root_dir }}/app/config/parameters.yml" | |
| regexp: "^ secret:" | |
| line: " secret: {{ symfony_secret }}" | |
| tags: | |
| - deploy | |
| ... lines 28 - 58 |
Don't forget to give this the deploy tag!
This will work... but don't even try it! Nope, we need to go further: having sensitive keys committed to my vars.yml file is not a good solution. We need the vault.
Hey Daskifjraewiofj,
Oh, nice! Thanks for sharing this with others! I wonder, how is that \1 called? Any links to the docs where you found this example? Sounds really cool :)
Cheers!
// composer.json
{
"require": {
"php": ">=5.5.9",
"symfony/symfony": "3.1.*", // v3.1.4
"doctrine/orm": "^2.5", // v2.7.2
"doctrine/doctrine-bundle": "^1.6", // 1.6.4
"doctrine/doctrine-cache-bundle": "^1.2", // 1.3.0
"symfony/swiftmailer-bundle": "^2.3", // v2.3.11
"symfony/monolog-bundle": "^2.8", // 2.11.1
"symfony/polyfill-apcu": "^1.0", // v1.2.0
"sensio/distribution-bundle": "^5.0", // v5.0.12
"sensio/framework-extra-bundle": "^3.0.2", // v3.0.16
"incenteev/composer-parameter-handler": "^2.0", // v2.1.2
"doctrine/doctrine-migrations-bundle": "^1.2", // v1.2.0
"snc/redis-bundle": "^2.0", // 2.0.0
"predis/predis": "^1.1", // v1.1.1
"composer/package-versions-deprecated": "^1.11" // 1.11.99
},
"require-dev": {
"sensio/generator-bundle": "^3.0", // v3.0.8
"symfony/phpunit-bridge": "^3.0", // v3.1.4
"doctrine/data-fixtures": "^1.1", // 1.3.3
"hautelook/alice-bundle": "^1.3" // v1.4.1
}
}
Better replacement, this will work regardless of identation and even preserve it: