From 6a18b8043cc7b64d3f9a9c095f3e473e615c9354 Mon Sep 17 00:00:00 2001 From: gardar Date: Fri, 3 Feb 2023 11:12:13 +0000 Subject: [PATCH] fix(ci): failing legacy platforms and delegation issues. (#321) * fix: make os package dependencies optional in plugin too * fix: inconsistent omit behavior with delegate_to * fix: default value for vault token was never used * style(lint): fix jinja spacing * fix(ci): pin runner to ubuntu 20.04 since 22.04 brakes systemd on old distros --- .github/workflows/molecule.yml | 6 +++--- defaults/main.yml | 2 +- tasks/main.yml | 2 +- tasks/plugins/acme.yml | 8 +++++--- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 74bfbc31..d24db782 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -13,7 +13,7 @@ env: jobs: discover-scenarios: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: scenarios: ${{ steps.set-scenarios.outputs.scenarios }} steps: @@ -28,7 +28,7 @@ jobs: echo "::set-output name=scenarios::$scenarios" lint: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: - discover-scenarios strategy: @@ -48,7 +48,7 @@ jobs: needs: - lint - discover-scenarios - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: fail-fast: false matrix: diff --git a/defaults/main.yml b/defaults/main.yml index 789c1b9a..aa7387eb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -283,7 +283,7 @@ validate_certs_during_api_reachable_check: true vault_tls_certs_path: "{{ lookup('env', 'VAULT_TLS_DIR') | default(('/opt/vault/tls' if (vault_install_hashi_repo) else '/etc/vault/tls'), true) }}" vault_tls_private_path: "{{ lookup('env', 'VAULT_TLS_DIR') | default(('/opt/vault/tls' if (vault_install_hashi_repo) else '/etc/vault/tls'), true) }}" -vault_tls_src_files: "{{ lookup('env', 'VAULT_TLS_SRC_FILES') | default(role_path+'/files', true) }}" +vault_tls_src_files: "{{ lookup('env', 'VAULT_TLS_SRC_FILES') | default(role_path ~ '/files', true) }}" vault_tls_disable: "{{ lookup('env', 'VAULT_TLS_DISABLE') | default(1, true) }}" vault_tls_gossip: "{{ lookup('env', 'VAULT_TLS_GOSSIP') | default(0, true) }}" diff --git a/tasks/main.yml b/tasks/main.yml index e2a1aed1..8c3615c2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -403,7 +403,7 @@ default(vault_tls_disable | ternary('http', 'https') ~ '://' ~ vault_addr ~ ':' ~ vault_port, true) }}" VAULT_CACERT: "{{ lookup('env', 'VAULT_CACERT') | default(vault_tls_config_path ~ '/' ~ vault_tls_ca_file if not (vault_tls_disable) else '', true) }}" - VAULT_TOKEN: "{{ lookup('env', 'VAULT_TOKEN') | default(lookup('file', '~/.vault-token', errors='ignore')) }}" + VAULT_TOKEN: "{{ lookup('env', 'VAULT_TOKEN') | default(lookup('file', '~/.vault-token', errors='ignore'), true) }}" - name: Vault status debug: diff --git a/tasks/plugins/acme.yml b/tasks/plugins/acme.yml index bae76716..25b5d154 100644 --- a/tasks/plugins/acme.yml +++ b/tasks/plugins/acme.yml @@ -8,14 +8,16 @@ - name: Vault acme plugin installation block: - name: Fetch acme vault plugin - delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', omit) }}" + delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', inventory_hostname) }}" block: - name: Install dependencies package: name: "{{ vault_os_packages }}" state: present become: true - when: (vault_plugin_acme_install == 'remote') + when: + - (vault_plugin_acme_install == 'remote') + - (vault_os_packages is defined) and (vault_os_packages | length > 0) - name: Create temporary directory for acme vault plugin file: @@ -63,7 +65,7 @@ file: path: "{{ __vault_plugin_acme_zip_dir.path }}" state: absent - delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', omit) }}" + delegate_to: "{{ (vault_plugin_acme_install == 'local') | ternary('localhost', inventory_hostname) }}" run_once: "{{ (vault_plugin_acme_install == 'local') }}" when: (vault_plugins_src_dir_cleanup)