From: Matt Birkholz Date: Sat, 22 Nov 2025 20:30:32 +0000 (-0700) Subject: Create a check-inst-vars role. Better explain members-empty.yml. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=05905ae09ec62ece1f0de8d4fe83b8ec4caf6dcc;p=Institute Create a check-inst-vars role. Better explain members-empty.yml. Follow the example of the other roles to ensure that the check-inst-vars.yml playbook is getting the same variable settings. --- diff --git a/README.org b/README.org index 7ecbb0c..ce9e221 100644 --- a/README.org +++ b/README.org @@ -5959,33 +5959,50 @@ The playbook that updates [[file:private/vars.pl][=private/vars.pl=]]: #+BEGIN_SRC conf :tangle playbooks/check-inst-vars.yml - hosts: localhost gather_facts: no - tasks: - - include_vars: ../public/vars.yml - - include_vars: ../private/vars.yml - - copy: - content: | - $domain_name = "{{ domain_name }}"; - $domain_priv = "{{ domain_priv }}"; + roles: [ check-inst-vars ] +#+END_SRC + +** The check-inst-vars Role + +This role is executed by =playbooks/check-inst-vars.yml= and is not +just a playbook because it needs a copy of the role defaults. + +#+CAPTION: [[file:roles_t/check-inst-vars/defaults/main.yml][=roles_t/check-inst-vars/defaults/main.yml=]] +#+BEGIN_SRC conf :tangle roles_t/check-inst-vars/defaults/main.yml :noweb no-export :mkdirp yes +--- +<> +<> +#+END_SRC - $front_addr = "{{ front_addr }}"; - $front_wg_pubkey = "{{ front_wg_pubkey }}"; +#+CAPTION: [[file:roles_t/check-inst-vars/tasks/main.yml][=roles_t/check-inst-vars/tasks/main.yml=]] +#+BEGIN_SRC conf :tangle roles_t/check-inst-vars/tasks/main.yml :mkdirp yes +--- +- include_vars: ../public/vars.yml +- include_vars: ../private/vars.yml +- copy: + content: | + $domain_name = "{{ domain_name }}"; + $domain_priv = "{{ domain_priv }}"; - $public_wg_net_cidr = "{{ public_wg_net_cidr }}"; - $public_wg_port = "{{ public_wg_port }}"; + $front_addr = "{{ front_addr }}"; + $front_wg_pubkey = "{{ front_wg_pubkey }}"; - $private_net_cidr = "{{ private_net_cidr }}"; - $wild_net_cidr = "{{ wild_net_cidr }}"; + $public_wg_net_cidr = "{{ public_wg_net_cidr }}"; + $public_wg_port = "{{ public_wg_port }}"; - $gate_wild_addr = "{{ gate_wild_addr }}"; - $gate_wg_pubkey = "{{ gate_wg_pubkey }}"; + $private_net_cidr = "{{ private_net_cidr }}"; + $wild_net_cidr = "{{ wild_net_cidr }}"; - $campus_wg_net_cidr = "{{ campus_wg_net_cidr }}"; - $campus_wg_port = "{{ campus_wg_port }}"; + $gate_wild_addr = "{{ gate_wild_addr }}"; + $gate_wg_pubkey = "{{ gate_wg_pubkey }}"; - $core_addr = "{{ core_addr }}"; - $core_wg_pubkey = "{{ core_wg_pubkey }}"; - dest: ../private/vars.pl - mode: u=rw,g=,o= + $campus_wg_net_cidr = "{{ campus_wg_net_cidr }}"; + $campus_wg_port = "{{ campus_wg_port }}"; + + $core_addr = "{{ core_addr }}"; + $core_wg_pubkey = "{{ core_wg_pubkey }}"; + dest: ../private/vars.pl + mode: u=rw,g=,o= #+END_SRC Most of these settings are already in =private/vars.yml=. The @@ -6184,11 +6201,22 @@ clients: - thing 3 LdsCsgfjKCfd5+VKS+Q/dQhWO8NRNygByDO2VxbXlSQ= #+END_SRC -The test campus starts with the empty membership roll found in -[[file:private/members-empty.yml][=private/members-empty.yml=]] and saved in =private/members.yml= -(which is /not/ tangled from this document, thus /not/ over-written -during testing). If =members.yml= is not found, =members-empty.yml= -is used instead. +The =members.yml= file will be modified during testing, and should not +be overwritten by a re-tangle during testing, so it not tangled from +this file. Thus in the fresh built (e.g. test) system +=private/members.yml= does not exist, not until a ~./inst new~ command +creates the first member. Until then, Ansible includes the +=private/members-empty.yml= file. It does that using the +~first_found~ lookup plugin and a list of the two files with +=members.yml= first and =members-empty.yml= last. That list is the +value of ~membership_rolls~. + +#+CAPTION: ~membership-rolls~ +#+BEGIN_SRC conf +membership_rolls: +- "../private/members.yml" +- "../private/members-empty.yml" +#+END_SRC #+CAPTION: [[file:private/members-empty.yml][=private/members-empty.yml=]] #+BEGIN_SRC conf :tangle private/members-empty.yml :tangle-mode u=rw,g=,o= @@ -6198,16 +6226,6 @@ usernames: [] clients: [] #+END_SRC -Both locations go on the ~membership_rolls~ variable used by the -~include_vars~ tasks. - -#+CAPTION: ~membership-rolls~ -#+BEGIN_SRC conf -membership_rolls: -- "../private/members.yml" -- "../private/members-empty.yml" -#+END_SRC - Using the standard Perl library ~YAML::XS~, the subroutine for reading the membership roll is simple, returning the top-level hash read from the file. The dump subroutine is another story (below). diff --git a/playbooks/check-inst-vars.yml b/playbooks/check-inst-vars.yml index 9919862..adc0c37 100644 --- a/playbooks/check-inst-vars.yml +++ b/playbooks/check-inst-vars.yml @@ -1,29 +1,3 @@ - hosts: localhost gather_facts: no - tasks: - - include_vars: ../public/vars.yml - - include_vars: ../private/vars.yml - - copy: - content: | - $domain_name = "{{ domain_name }}"; - $domain_priv = "{{ domain_priv }}"; - - $front_addr = "{{ front_addr }}"; - $front_wg_pubkey = "{{ front_wg_pubkey }}"; - - $public_wg_net_cidr = "{{ public_wg_net_cidr }}"; - $public_wg_port = "{{ public_wg_port }}"; - - $private_net_cidr = "{{ private_net_cidr }}"; - $wild_net_cidr = "{{ wild_net_cidr }}"; - - $gate_wild_addr = "{{ gate_wild_addr }}"; - $gate_wg_pubkey = "{{ gate_wg_pubkey }}"; - - $campus_wg_net_cidr = "{{ campus_wg_net_cidr }}"; - $campus_wg_port = "{{ campus_wg_port }}"; - - $core_addr = "{{ core_addr }}"; - $core_wg_pubkey = "{{ core_wg_pubkey }}"; - dest: ../private/vars.pl - mode: u=rw,g=,o= + roles: [ check-inst-vars ] diff --git a/roles_t/check-inst-vars/defaults/main.yml b/roles_t/check-inst-vars/defaults/main.yml new file mode 100644 index 0000000..93a1113 --- /dev/null +++ b/roles_t/check-inst-vars/defaults/main.yml @@ -0,0 +1,41 @@ +--- +private_net: + "{{ private_net_cidr | ansible.utils.ipaddr('network') }}" +private_net_mask: + "{{ private_net_cidr | ansible.utils.ipaddr('netmask') }}" +private_net_and_mask: "{{ private_net }} {{ private_net_mask }}" +wild_net: "{{ wild_net_cidr | ansible.utils.ipaddr('network') }}" +wild_net_mask: + "{{ wild_net_cidr | ansible.utils.ipaddr('netmask') }}" +wild_net_and_mask: "{{ wild_net }} {{ wild_net_mask }}" +wild_net_broadcast: + "{{ wild_net_cidr | ansible.utils.ipaddr('broadcast') }}" +public_wg_net: + "{{ public_wg_net_cidr | ansible.utils.ipaddr('network') }}" +public_wg_net_mask: + "{{ public_wg_net_cidr | ansible.utils.ipaddr('netmask') }}" +public_wg_net_and_mask: + "{{ public_wg_net }} {{ public_wg_net_mask }}" +campus_wg_net: + "{{ campus_wg_net_cidr | ansible.utils.ipaddr('network') }}" +campus_wg_net_mask: + "{{ campus_wg_net_cidr | ansible.utils.ipaddr('netmask') }}" +campus_wg_net_and_mask: + "{{ campus_wg_net }} {{ campus_wg_net_mask }}" +core_addr_cidr: "{{ private_net_cidr | ansible.utils.ipaddr('1') }}" +gate_addr_cidr: "{{ private_net_cidr | ansible.utils.ipaddr('2') }}" +gate_wild_addr_cidr: + "{{ wild_net_cidr | ansible.utils.ipaddr('1') }}" +front_wg_addr_cidr: + "{{ public_wg_net_cidr | ansible.utils.ipaddr('1') }}" +core_wg_addr_cidr: + "{{ public_wg_net_cidr | ansible.utils.ipaddr('2') }}" + +core_addr: "{{ core_addr_cidr | ansible.utils.ipaddr('address') }}" +gate_addr: "{{ gate_addr_cidr | ansible.utils.ipaddr('address') }}" +gate_wild_addr: + "{{ gate_wild_addr_cidr | ansible.utils.ipaddr('address') }}" +front_wg_addr: + "{{ front_wg_addr_cidr | ansible.utils.ipaddr('address') }}" +core_wg_addr: + "{{ core_wg_addr_cidr | ansible.utils.ipaddr('address') }}" diff --git a/roles_t/check-inst-vars/tasks/main.yml b/roles_t/check-inst-vars/tasks/main.yml new file mode 100644 index 0000000..ab22595 --- /dev/null +++ b/roles_t/check-inst-vars/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- include_vars: ../public/vars.yml +- include_vars: ../private/vars.yml +- copy: + content: | + $domain_name = "{{ domain_name }}"; + $domain_priv = "{{ domain_priv }}"; + + $front_addr = "{{ front_addr }}"; + $front_wg_pubkey = "{{ front_wg_pubkey }}"; + + $public_wg_net_cidr = "{{ public_wg_net_cidr }}"; + $public_wg_port = "{{ public_wg_port }}"; + + $private_net_cidr = "{{ private_net_cidr }}"; + $wild_net_cidr = "{{ wild_net_cidr }}"; + + $gate_wild_addr = "{{ gate_wild_addr }}"; + $gate_wg_pubkey = "{{ gate_wg_pubkey }}"; + + $campus_wg_net_cidr = "{{ campus_wg_net_cidr }}"; + $campus_wg_port = "{{ campus_wg_port }}"; + + $core_addr = "{{ core_addr }}"; + $core_wg_pubkey = "{{ core_wg_pubkey }}"; + dest: ../private/vars.pl + mode: u=rw,g=,o=