fix(ci): failing legacy platforms and delegation issues. (#321)

* fix: make os package dependencies optional in plugin too * fix: inconsistent omit behavior with delegate_to * fix: default value for vault token was never used * style(lint): fix jinja spacing * fix(ci): pin runner to ubuntu 20.04 since 22.04 brakes systemd on old distros
ansible-community · Feb 3, 2023 · 6a18b80 · 6a18b80
1 parent 623d40a
commit 6a18b80
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
@@ -13,7 +13,7 @@ env:
 
 jobs:
   discover-scenarios:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     outputs:
       scenarios: ${{ steps.set-scenarios.outputs.scenarios }}
     steps:
@@ -28,7 +28,7 @@ jobs:
           echo "::set-output name=scenarios::$scenarios"
 
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     needs:
       - discover-scenarios
     strategy:
@@ -48,7 +48,7 @@ jobs:
     needs:
       - lint
       - discover-scenarios
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -283,7 +283,7 @@ validate_certs_during_api_reachable_check: true
 
 vault_tls_certs_path: "{{ lookup('env', 'VAULT_TLS_DIR') | default(('/opt/vault/tls' if (vault_install_hashi_repo) else '/etc/vault/tls'), true) }}"
 vault_tls_private_path: "{{ lookup('env', 'VAULT_TLS_DIR') | default(('/opt/vault/tls' if (vault_install_hashi_repo) else '/etc/vault/tls'), true) }}"
-vault_tls_src_files: "{{ lookup('env', 'VAULT_TLS_SRC_FILES') | default(role_path+'/files', true) }}"
+vault_tls_src_files: "{{ lookup('env', 'VAULT_TLS_SRC_FILES') | default(role_path ~ '/files', true) }}"
 
 vault_tls_disable: "{{ lookup('env', 'VAULT_TLS_DISABLE') | default(1, true) }}"
 vault_tls_gossip: "{{ lookup('env', 'VAULT_TLS_GOSSIP') | default(0, true) }}"

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -403,7 +403,7 @@
                      default(vault_tls_disable | ternary('http', 'https') ~ '://' ~ vault_addr ~ ':' ~ vault_port, true) }}"
         VAULT_CACERT: "{{ lookup('env', 'VAULT_CACERT') |
                        default(vault_tls_config_path ~ '/' ~ vault_tls_ca_file if not (vault_tls_disable) else '', true) }}"
-        VAULT_TOKEN: "{{ lookup('env', 'VAULT_TOKEN') | default(lookup('file', '~/.vault-token', errors='ignore')) }}"
+        VAULT_TOKEN: "{{ lookup('env', 'VAULT_TOKEN') | default(lookup('file', '~/.vault-token', errors='ignore'), true) }}"
 
 - name: Vault status
   debug:

diff --git a/tasks/plugins/acme.yml b/tasks/plugins/acme.yml
@@ -8,14 +8,16 @@
 - name: Vault acme plugin installation
   block:
     - name: Fetch acme vault plugin
-      delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', omit) }}"
+      delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', inventory_hostname) }}"
       block:
         - name: Install dependencies
           package:
             name: "{{ vault_os_packages }}"
             state: present
           become: true
-          when: (vault_plugin_acme_install == 'remote')
+          when:
+            - (vault_plugin_acme_install == 'remote')
+            - (vault_os_packages is defined) and (vault_os_packages | length > 0)
 
         - name: Create temporary directory for acme vault plugin
           file:
@@ -63,7 +65,7 @@
       file:
         path: "{{ __vault_plugin_acme_zip_dir.path }}"
         state: absent
-      delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', omit) }}"
+      delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', inventory_hostname) }}"
       run_once: "{{ (vault_plugin_acme_install == 'local') }}"
       when: (vault_plugins_src_dir_cleanup)