lukasmrtvy/gist:a3f87c7c9ab2e3a790d8bb41cb38784f

## gistfile1.txt
---
- name: test
  hosts: localhost
  connection: local
  gather_facts: no

  vars:
    containers:
      grafana:
        image: grafana/grafana:6.0.0
        ports: 3000:3000
        networks:
          - grafana-network
          - traefik-network
        volumes:
          - /data/docker-data/grafana/conf/:/var/lib/grafana/
        secrets:
          GF_SECURITY_ADMIN_PASSWORD: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery1/ff177dcf5a734ad69563908fdcb45933
          GF_SESSION_PROVIDER_CONFIG: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery2/ff177dcf5a734ad69563908fdcb45933
          GF_DATABASE_PASSWORD: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery3/ff177dcf5a734ad69563908fdcb45933
          GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery4/ff177dcf5a734ad69563908fdcb45933
        variables:
          GF_INSTALL_PLUGINS: grafana-azure-monitor-datasource,grafana-azure-data-explorer-datasource
          GF_SESSION_PROVIDER: postgres
          GF_DATABASE_TYPE: postgres
          GF_DATABASE_HOST: redacted.postgres.database.azure.com
          GF_DATABASE_NAME: grafana
          GF_DATABASE_USER: sysadmin@prometheus-monitoring-postgresql
          GF_SERVER_ROOT_URL: https://grafana.production.redacted/
          GF_DATABASE_SSL_MODE: require
          GF_AUTH_GENERIC_OAUTH_ENABLED: true
          GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
          GF_AUTH_GENERIC_OAUTH_CLIENT_ID: redacted
          GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile
          GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://login.microsoftonline.com/redacted/oauth2/v2.0/authorize
          GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://login.microsoftonline.com/redacted/oauth2/v2.0/token
          GF_AUTH_GENERIC_OAUTH_API_URL: https://graph.microsoft.com/oidc/userinfo
      prometheus:
        image: prom/prometheus:v2.6.0
        ports: 9090:9090
        networks:
          - grafana-network
          - traefik-network
        volumes:
          - /data/sadisk/prometheusmonitoring/shared/prometheus/conf/:/etc/prometheus/
          - /data/datadisk/docker-data/prometheus/data:/prometheus
        secrets:
          PROM_PWD1: https://MYVAULT.vault.azure.net/secrets/prom1/ff177dcf5a734ad69563908fdcb45912
          PROM_PWD2: https://MYVAULT.vault.azure.net/secrets/prom2/ff177dcf5a734ad69563908fdcb45911
        cmd: "--storage.tsdb.path=/prometheus"
        user: root


  tasks:

    #- shell: "az keyvault secret show --id {{ item.value }} --query '{ {{ item.key }} : value }' " #
    - shell: >-
        echo '"{{ item.key }}" : "{{ 100 | random   }}"'
      loop_control:
        label: "{{ item.name }} {{ item.key }} {{ item.value }}"
      loop: |
        [
        {% for p in containers %}
        {% for o in containers[p].secrets %}
        {
        "name": "{{ p }}",
        "key": "{{ o }}",
        "value": "{{ containers[p].secrets[o] }}",
        "all" : "{{ containers[p] }}"
        },
        {% endfor %}
        {% endfor %}
        ]
      register: output


    - set_fact:
        containers: |
          {
              {% for c in containers %}
                  "{{ c }}": {
                  {% for prop in containers[c] %}
                    {% if prop == 'secrets' or prop == 'variables' %}
                      "new" : {
                      {% if prop == 'secrets' %}
                        {% for secret in output.results %}
                          {% if c == secret.item.name %}
                            {{ secret.stdout }},
                          {% endif %}
                        {% endfor %}
                      {% elif prop == 'variables' %}
                        {% for key,value in containers[c].variables.items() %}
                          "{{ key }}":"{{ value }}",
                        {% endfor %}
                      {% endif %}
                      },
                    {% else %}
                      "{{ prop }}" : {{ containers[c][prop] | to_json }} ,
                    {% endif %}
                  {% endfor %}
                 },
              {% endfor %}
          }

    - debug:
        msg: "{{ containers }}"
	---
	- name: test
	hosts: localhost
	connection: local
	gather_facts: no

	vars:
	containers:
	grafana:
	image: grafana/grafana:6.0.0
	ports: 3000:3000
	networks:
	- grafana-network
	- traefik-network
	volumes:
	- /data/docker-data/grafana/conf/:/var/lib/grafana/
	secrets:
	GF_SECURITY_ADMIN_PASSWORD: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery1/ff177dcf5a734ad69563908fdcb45933
	GF_SESSION_PROVIDER_CONFIG: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery2/ff177dcf5a734ad69563908fdcb45933
	GF_DATABASE_PASSWORD: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery3/ff177dcf5a734ad69563908fdcb45933
	GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: https://MYVAULT.vault.azure.net/secrets/grafana-aad-discovery4/ff177dcf5a734ad69563908fdcb45933
	variables:
	GF_INSTALL_PLUGINS: grafana-azure-monitor-datasource,grafana-azure-data-explorer-datasource
	GF_SESSION_PROVIDER: postgres
	GF_DATABASE_TYPE: postgres
	GF_DATABASE_HOST: redacted.postgres.database.azure.com
	GF_DATABASE_NAME: grafana
	GF_DATABASE_USER: sysadmin@prometheus-monitoring-postgresql
	GF_SERVER_ROOT_URL: https://grafana.production.redacted/
	GF_DATABASE_SSL_MODE: require
	GF_AUTH_GENERIC_OAUTH_ENABLED: true
	GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
	GF_AUTH_GENERIC_OAUTH_CLIENT_ID: redacted
	GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile
	GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://login.microsoftonline.com/redacted/oauth2/v2.0/authorize
	GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://login.microsoftonline.com/redacted/oauth2/v2.0/token
	GF_AUTH_GENERIC_OAUTH_API_URL: https://graph.microsoft.com/oidc/userinfo
	prometheus:
	image: prom/prometheus:v2.6.0
	ports: 9090:9090
	networks:
	- grafana-network
	- traefik-network
	volumes:
	- /data/sadisk/prometheusmonitoring/shared/prometheus/conf/:/etc/prometheus/
	- /data/datadisk/docker-data/prometheus/data:/prometheus
	secrets:
	PROM_PWD1: https://MYVAULT.vault.azure.net/secrets/prom1/ff177dcf5a734ad69563908fdcb45912
	PROM_PWD2: https://MYVAULT.vault.azure.net/secrets/prom2/ff177dcf5a734ad69563908fdcb45911
	cmd: "--storage.tsdb.path=/prometheus"
	user: root


	tasks:

	#- shell: "az keyvault secret show --id {{ item.value }} --query '{ {{ item.key }} : value }' " #
	- shell: >-
	echo '"{{ item.key }}" : "{{ 100 \| random }}"'
	loop_control:
	label: "{{ item.name }} {{ item.key }} {{ item.value }}"
	loop: \|
	[
	{% for p in containers %}
	{% for o in containers[p].secrets %}
	{
	"name": "{{ p }}",
	"key": "{{ o }}",
	"value": "{{ containers[p].secrets[o] }}",
	"all" : "{{ containers[p] }}"
	},
	{% endfor %}
	{% endfor %}
	]
	register: output


	- set_fact:
	containers: \|
	{
	{% for c in containers %}
	"{{ c }}": {
	{% for prop in containers[c] %}
	{% if prop == 'secrets' or prop == 'variables' %}
	"new" : {
	{% if prop == 'secrets' %}
	{% for secret in output.results %}
	{% if c == secret.item.name %}
	{{ secret.stdout }},
	{% endif %}
	{% endfor %}
	{% elif prop == 'variables' %}
	{% for key,value in containers[c].variables.items() %}
	"{{ key }}":"{{ value }}",
	{% endfor %}
	{% endif %}
	},
	{% else %}
	"{{ prop }}" : {{ containers[c][prop] \| to_json }} ,
	{% endif %}
	{% endfor %}
	},
	{% endfor %}
	}

	- debug:
	msg: "{{ containers }}"