Issue:
I’m encountering an issue where environment variables defined in my docker-compose.yml file (e.g., GRAFANA_URL, GRAFANA_TOKEN, etc.) are not being passed to the Grafana Backup Tool container when deployed using Ansible. The container appears to start successfully, but attempts restart many times cause of connection denials.
Code Snippets:
---
- name: Deploy Grafana Backup Tool with Scheduled Backups via Git
hosts: master
become: true
vars:
backup_tool_repo: "https://github.com/ysde/grafana-backup-tool.git"
backup_tool_version: "master" # Specify a branch, tag, or commit as needed
backup_image_name: "grafana_backup_tool"
backup_container_name: "grafana_backup_tool"
grafana_network: "home_automation_network"
backup_schedule_time: "0 4 * * *" # Adjust this to your desired backup schedule
tasks:
- name: Install Git
ansible.builtin.package:
name: git
state: present
- name: Ensure backup directory exists and has correct permissions
ansible.builtin.file:
path: /home/sktech/backups/grafana/backups/
state: directory
owner: "1337" # Adjust as necessary, ensuring it matches the container's user
group: "1337" # Adjust as necessary; could be the user's group or another appropriate value
mode: "0755"
- name: Create grafana tool Data Directory Exists
file:
path: "{{ grafana_script_path }}"
state: directory
mode: "0755"
- name: Clone Grafana Backup Tool Repository
ansible.builtin.git:
repo: "{{ backup_tool_repo }}"
dest: "{{ grafana_script_path }}"
version: "{{ backup_tool_version }}"
force: yes # This will reset the local copy to match the remote repository
- name: Create Dockerfile for Grafana Backup Tool
ansible.builtin.copy:
dest: "{{ grafana_script_path }}/Dockerfile"
content: |
FROM python:3.9-alpine
LABEL maintainer="[email protected]"
ENV RESTORE=false
ENV ARCHIVE_FILE=""
# Add repository for edge packages
RUN echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
&& apk --no-cache add python3-dev libffi-dev gcc libc-dev py3-pip py3-cffi py3-cryptography ca-certificates bash git
WORKDIR /opt
# Clone the Grafana backup tool
RUN echo "Cloning the Grafana backup tool..."
&& git clone https://github.com/ysde/grafana-backup-tool.git grafana-backup-tool
&& echo "Cloning completed."
WORKDIR /opt/grafana-backup-tool
# Pre-create the _OUTPUT_ directory and ensure it has the right permissions
RUN echo "Creating _OUTPUT_ directory..."
&& mkdir -p /opt/grafana-backup-tool/_OUTPUT_
&& echo "Directory _OUTPUT_ created."
RUN echo "Setting ownership for _OUTPUT_ directory..."
&& chown -R 1337:1337 /opt/grafana-backup-tool/_OUTPUT_
&& echo "Ownership set."
RUN echo "Setting permissions for _OUTPUT_ directory..."
&& chmod -R 755 /opt/grafana-backup-tool/_OUTPUT_
&& echo "Permissions set."
# Ensure correct permissions for the rest of grafana-backup-tool
RUN echo "Setting permissions for the grafana-backup-tool directory..."
&& chmod -R a+r /opt/grafana-backup-tool
&& find /opt/grafana-backup-tool -type d -print0 | xargs -0 chmod a+rx
&& echo "Permissions for grafana-backup-tool directory set."
# Install the Grafana backup tool
RUN echo "Installing the Grafana backup tool..."
&& pip3 --no-cache-dir install .
&& echo "Installation completed."
# Adjust ownership of the entire grafana-backup-tool directory
RUN echo "Adjusting ownership for the entire grafana-backup-tool directory..."
&& chown -R 1337:1337 /opt/grafana-backup-tool
&& echo "Ownership adjusted."
USER 1337
CMD ["sh", "-c", "grafana-backup save"]
mode: "0644"
- name: Adjust Permissions for Backup Directory on Host
ansible.builtin.shell:
cmd: "chown -R 1337:1337 /home/sktech/backups/grafana/backups/ && chmod -R 755 /home/sktech/backups/grafana/backups/"
ignore_errors: yes
- name: Build Grafana Backup Tool Docker Image and Capture Output
ansible.builtin.shell:
cmd: "docker build -t {{ backup_image_name }}:latest {{ grafana_script_path }} > /tmp/docker_build.log 2>&1"
args:
chdir: "{{ grafana_script_path }}"
register: docker_build_result
- name: Read Docker Build Log
ansible.builtin.slurp:
src: "/tmp/docker_build.log"
register: docker_build_log_content
- name: Decode and Display Docker Build Log
ansible.builtin.debug:
msg: "{{ docker_build_log_content['content'] | b64decode }}"
- name: Ensure Grafana Backup Tool Directory Exists
ansible.builtin.file:
path: "/home/sktech/backups/grafana"
state: directory
mode: "0755"
- name: Create Docker Compose File for Grafana Backup Tool
ansible.builtin.copy:
content: |
version: '3.8'
services:
grafana_backup_tool:
container_name: "{{ backup_container_name }}"
image: "{{ backup_image_name }}:latest"
volumes:
- "{{ grafana_backup_directory }}/backups:/opt/grafana-backup-tool/_OUTPUT_"
networks:
- "{{ grafana_network }}"
environment:
- GRAFANA_URL:"{{ grafana_url }}"
- GRAFANA_TOKEN:"{{ grafana_token }}"
networks:
{{ grafana_network }}:
external: true
dest: "{{ composes_path }}/grafana-backup-tool-compose.yml"
mode: "0644"
- name: Deploy Grafana Backup Tool Container With Environment Variables
ansible.builtin.shell:
cmd: "docker-compose -f '{{ composes_path }}/grafana-backup-tool-compose.yml' up -d"
chdir: "{{ composes_path }}"
- name: Debug environment variables inside the container
ansible.builtin.command:
cmd: docker exec {{ backup_container_name }} env
register: docker_env_output
- name: Show environment variables from container
ansible.builtin.debug:
msg: "{{ docker_env_output.stdout }}"
- name: Setup Backup Cron Job
ansible.builtin.cron:
name: "Scheduled Grafana Backup"
cron_file: "grafana_backup"
user: "root"
job: "docker exec {{ backup_container_name }} grafana-backup save"
minute: "0"
hour: "4"
day: "*"
weekday: "*"
month: "*"
state: present
- name: Trigger Immediate Backup
ansible.builtin.command:
cmd: "docker exec {{ backup_container_name }} grafana-backup save"
ignore_errors: yes
#*Remember:**
#
# Replace `~/.env` with the actual path to your `.env` file containing credentials.
# This playbook ensures credentials are handled securely within the container, avoiding exposure in the #mage or playbook itself.
# Make sure the `.env` file has appropriate permissions (600) to restrict
- Logs
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=3000): Max retries exceeded with url: /api/health (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f6b77a8a640>: Failed to establish a new connection: [Errno 111] Connection refused'))
sktech@debian-server:~/Composes$
localhost means that the vars are not passing to the env of the container`
here is the proof
/opt/grafana-backup-tool $ env
HOSTNAME=5670030ba225
PYTHON_PIP_VERSION=23.0.1
SHLVL=1
HOME=/
GPG_KEY=E3FF2839C048B25C084DEBE9B26995E310250568
PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/dbf0c85f76fb6e1ab42aa672ffca6f0a675d9ee4/public/get-pip.py
TERM=xterm
PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LANG=C.UTF-8
ARCHIVE_FILE=
RESTORE=false
PYTHON_VERSION=3.9.18
PYTHON_SETUPTOOLS_VERSION=58.1.0
PWD=/opt/grafana-backup-tool
PYTHON_GET_PIP_SHA256=dfe9fd5c28dc98b5ac17979a953ea550cec37ae1b47a5116007395bfacff2ab9
/opt/grafana-backup-tool $
In this Ansible playbook the influx variables are passing correctly into the env of the container
- name: Deploy InfluxDB Container
hosts: master
become: true
tasks:
- name: Ensure InfluxDB Data Directory Exists
file:
path: "{{ general_cont_path }}/influxdb/data"
state: directory
mode: "0755"
- name: Create Docker Compose File for InfluxDB
copy:
content: |
version: '3.8'
services:
influxdb:
container_name: influxdb
image: influxdb:latest
ports:
- "8086:8086"
volumes:
- /etc/localtime:/etc/localtime:ro
- influxdb_data:/var/lib/influxdb
- /home/sktech/Backups/db_backups/:/backups
restart: unless-stopped
environment:
- INFLUXDB_DB="{{ influx_db }}""
- INFLUXDB_USER="{{ influxdb_user }}""
- INFLUXDB_USER_PASSWORD="{{ influxdb_user_password }}""
- INFLUXDB_ADMIN_ENABLED=true
- INFLUXDB_ADMIN_USER=root
- INFLUXDB_ADMIN_PASSWORD="{{ influxdb_admin_password }}""
networks:
- home_automation_network
volumes:
influxdb_data:
name: influxdb_data
driver: local
driver_opts:
type: none
device: "{{ general_cont_path }}/influxdb/data"
o: bind
networks:
home_automation_network:
external: true
dest: "{{ composes_path }}/influxdb-compose.yml"
mode: "0644"
- name: Deploy InfluxDB Container Using Docker Compose
community.general.docker_compose:
project_src: "{{ composes_path }}"
files:
- influxdb-compose.yml
state: present
pull: yes
restarted: yes
-INFO
The vars are correctly syntaxed i have checked the grafana_backup_tool.yml compose and they are passed correctly there.
Question:
What could be causing the environment variables not to be passed correctly to the container when using Ansible with Docker Compose? Any insights or suggestions for further troubleshooting would be greatly appreciated.
Expected Outcome:
I’m aiming to have the environment variables defined in docker-compose.yml successfully available within the running Grafana Backup Tool container, enabling it to connect to Grafana and perform backups as intended.
Troubleshooting Steps:
-
Verified Variable Definitions: I’ve confirmed that the environment variables are correctly defined in the environment section of the grafana_backup_tool service within my docker-compose.yml file. I’ve replaced placeholders like {{ grafana_url }} with their actual values.
-
Checked Docker Logs: I’ve inspected the docker build logs and container logs for any errors related to access denial and there was as shown above.
-
Tested Manually: I’ve successfully passed the environment variables manually using docker exec command, confirming that the container can indeed process them. This suggests the issue lies in how Ansible and Docker Compose are interacting.I have test
ls envand the values where passed. -
Isolated the Problem: I’ve narrowed down the issue to the Ansible task responsible for deploying the container using community.general.docker_compose.
-
OFFICIAL DOCS OF GRAFANA BACKUP TOOL
2
Answers
After implement what you said i have changed my setups to:
and i still get no variables passed on env.
Weird....but in the grafana_backup_tool logs the error has changed
My grafana container is up and running so i dont know why the error though,even the variables are not shown in env.
Your syntax is wrong at least. In the example that you say is working, you have this:
and in the non-working this:
The difference is
:vs=. Use=and it should work.Minimal example to verify the behavior
Testing running the command
docker exec -it b84f96ec1f80 env