From 62b33cb30cee932d6a0db90fe0f2adfbc4407499 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Sat, 24 Apr 2021 11:12:45 +0200 Subject: [PATCH] Make tls_everywhere validations compatible with ansible_facts Via [1] we cannot rely on ansible_* vars anymore. So let's switch to ansible_facts. This should fix the following error: 2021-04-22 22:08:36,708 p=36100 u=mistral n=ansible | fatal: [undercloud]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {{ tls_everywhere_undercloud_fqdn | default(ansible_fqdn) }}: 'ansible_fqdn' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/tls_everywhere/tasks/ipa-server-check.yaml': line 59, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: kinit as the host entity\n ^ here\n"} Closes-Bug: #1925999 [1] https://opendev.org/openstack/tripleo-heat-templates/commit/4e79336d69e6b7fa4b026922bac7953bafeee96d Change-Id: If23c41d343678dcbbd0b4aae10ca6281a33e385f --- roles/tls_everywhere/tasks/common.yaml | 2 +- roles/tls_everywhere/tasks/ipa-server-check.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/tls_everywhere/tasks/common.yaml b/roles/tls_everywhere/tasks/common.yaml index 1b2ed4d98..ac1dc0e38 100644 --- a/roles/tls_everywhere/tasks/common.yaml +++ b/roles/tls_everywhere/tasks/common.yaml @@ -133,7 +133,7 @@ - name: Set fact for IdM/FreeIPA host entry set_fact: - host_entry: "{{ ansible_fqdn }}@{{ ipa_realm.value }}" + host_entry: "{{ ansible_facts['fqdn'] }}@{{ ipa_realm.value }}" when: ipa_conf_stat.stat.exists - name: Set fact for IdM/FreeIPA host principal diff --git a/roles/tls_everywhere/tasks/ipa-server-check.yaml b/roles/tls_everywhere/tasks/ipa-server-check.yaml index b1cd0c701..1ab2fca35 100644 --- a/roles/tls_everywhere/tasks/ipa-server-check.yaml +++ b/roles/tls_everywhere/tasks/ipa-server-check.yaml @@ -23,7 +23,7 @@ # This playbook contains the following parameters # - tls_everywhere_check_dns_aci - which determines if we want to check # for the DNS ACI. This defaults to true. -# - tls_everywhere_undercloud_fqdn - which defaults to ansible_fqdn +# - tls_everywhere_undercloud_fqdn - which defaults to ansible_facts['fqdn'] - name: check if undercloud is an ipa client stat: @@ -34,7 +34,7 @@ when: ipa_default_conf.stat.exists vars: check_dns_aci: "{{ tls_everywhere_check_dns_aci | default(True)}}" - undercloud_fqdn: "{{ tls_everywhere_undercloud_fqdn | default(ansible_fqdn) }}" + undercloud_fqdn: "{{ tls_everywhere_undercloud_fqdn | default(ansible_facts['fqdn']) }}" ipa_server_aci_check_failures: [] fail_1: >- The IPA server does not have the required ACI to allow host