Make tls_everywhere validations compatible with ansible_facts

Via [1] we cannot rely on ansible_* vars anymore. So let's switch to
ansible_facts. This should fix the following error:

  2021-04-22 22:08:36,708 p=36100 u=mistral n=ansible | fatal:
  [undercloud]: FAILED! => {"msg": "The task includes an option with an
  undefined variable. The error was: {{ tls_everywhere_undercloud_fqdn |
  default(ansible_fqdn) }}: 'ansible_fqdn' is undefined\n\nThe error
  appears to be in
  '/usr/share/ansible/roles/tls_everywhere/tasks/ipa-server-check.yaml':
  line 59, column 7, but may\nbe elsewhere in the file depending on the
  exact syntax problem.\n\nThe offending line appears to be:\n\n\n    -
  name: kinit as the host entity\n      ^ here\n"}

Closes-Bug: #1925999

[1] 4e79336d69

Change-Id: If23c41d343678dcbbd0b4aae10ca6281a33e385f
This commit is contained in:
Michele Baldessari 2021-04-24 11:12:45 +02:00
parent 2577f3dddf
commit 62b33cb30c
2 changed files with 3 additions and 3 deletions

View File

@ -133,7 +133,7 @@
- name: Set fact for IdM/FreeIPA host entry - name: Set fact for IdM/FreeIPA host entry
set_fact: set_fact:
host_entry: "{{ ansible_fqdn }}@{{ ipa_realm.value }}" host_entry: "{{ ansible_facts['fqdn'] }}@{{ ipa_realm.value }}"
when: ipa_conf_stat.stat.exists when: ipa_conf_stat.stat.exists
- name: Set fact for IdM/FreeIPA host principal - name: Set fact for IdM/FreeIPA host principal

View File

@ -23,7 +23,7 @@
# This playbook contains the following parameters # This playbook contains the following parameters
# - tls_everywhere_check_dns_aci - which determines if we want to check # - tls_everywhere_check_dns_aci - which determines if we want to check
# for the DNS ACI. This defaults to true. # for the DNS ACI. This defaults to true.
# - tls_everywhere_undercloud_fqdn - which defaults to ansible_fqdn # - tls_everywhere_undercloud_fqdn - which defaults to ansible_facts['fqdn']
- name: check if undercloud is an ipa client - name: check if undercloud is an ipa client
stat: stat:
@ -34,7 +34,7 @@
when: ipa_default_conf.stat.exists when: ipa_default_conf.stat.exists
vars: vars:
check_dns_aci: "{{ tls_everywhere_check_dns_aci | default(True)}}" check_dns_aci: "{{ tls_everywhere_check_dns_aci | default(True)}}"
undercloud_fqdn: "{{ tls_everywhere_undercloud_fqdn | default(ansible_fqdn) }}" undercloud_fqdn: "{{ tls_everywhere_undercloud_fqdn | default(ansible_facts['fqdn']) }}"
ipa_server_aci_check_failures: [] ipa_server_aci_check_failures: []
fail_1: >- fail_1: >-
The IPA server does not have the required ACI to allow host The IPA server does not have the required ACI to allow host