Refactor task includes and update variable handling for Ansible 2.20 migration

This commit updates multiple roles to ensure compatibility with Ansible 2.20. Several include paths and task-loading mechanisms required adjustments, as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions and no longer resolves certain relative include paths the way Ansible 2.18 did. Key changes: - Replaced legacy once_finalize.yml and once_flag.yml with the new structure under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml. - Updated all include_tasks statements to use 'path_join' with playbook_dir, ensuring deterministic and absolute file resolution across roles. - Fixed all network helper includes by converting direct relative paths such as 'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths. - Normalized MATOMO_* variable names for consistency with the updated variable scope behavior in Ansible 2.20. - Removed deprecated patterns that were implicitly supported in Ansible 2.18 but break under the more strict variable and path resolution model in 2.20. These changes are part of the full migration step required to ensure the infinito-nexus roles remain stable, deterministic, and forward-compatible with Ansible 2.20. Details of the discussion and reasoning can be found in this conversation: https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a
2025-12-09 02:45:17 +00:00 · 2025-12-03 11:02:34 +01:00
parent a6ed047765
commit 716ebef33b
169 changed files with 348 additions and 399 deletions
--- a/roles/web-app-moodle/config/main.yml
+++ b/roles/web-app-moodle/config/main.yml
@@ -36,6 +36,6 @@ docker:
      image:          bitnamilegacy/moodle
      name:           moodle
  volumes:
-    data:             moodle_data
-    code:             moodle_code
+    data:             MOODLE_DATA
+    code:             MOODLE_CODE
  
--- a/roles/web-app-moodle/tasks/01_patch_config.yml
+++ b/roles/web-app-moodle/tasks/01_patch_config.yml
@@ -1,30 +1,30 @@
 - name: Update DB host
  command: >
-    docker exec --user root {{ moodle_container }}
-    sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }}
+    docker exec --user root {{ MOODLE_CONTAINER }}
+    sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ MOODLE_CONFIG }}
  notify: docker compose restart

 - name: Update DB name
  command: >
-    docker exec --user root {{ moodle_container }}
-    sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }}
+    docker exec --user root {{ MOODLE_CONTAINER }}
+    sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ MOODLE_CONFIG }}
  notify: docker compose restart

 - name: Update DB user
  command: >
-    docker exec --user root {{ moodle_container }}
-    sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }}
+    docker exec --user root {{ MOODLE_CONTAINER }}
+    sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ MOODLE_CONFIG }}
  notify: docker compose restart

 - name: Update DB password
  command: >
-    docker exec --user root {{ moodle_container }}
-    sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }}
+    docker exec --user root {{ MOODLE_CONTAINER }}
+    sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ MOODLE_CONFIG }}
  notify: docker compose restart
  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Update CFG->wwwroot via sed in container
  command: >
-    docker exec --user root {{ moodle_container }}
-    sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ moodle_config }}
+    docker exec --user root {{ MOODLE_CONTAINER }}
+    sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ MOODLE_CONFIG }}
  notify: docker compose restart
--- a/roles/web-app-moodle/tasks/02_ownership.yml
+++ b/roles/web-app-moodle/tasks/02_ownership.yml
@@ -2,18 +2,18 @@

 - name: Set ownership and permissions on Moodle directories
  vars:
-    moodle_dirs:
-      - "{{ bitnami_code_dir }}"
-      - "{{ bitnami_data_dir }}"
+    MOODLE_DIRS:
+      - "{{ BITNAMI_CODE_DIR }}"
+      - "{{ BITNAMI_DATA_DIR }}"
  block:
    - name: Ensure ownership is correct
-      command: "docker exec --user root {{ moodle_container }} chown -R {{ bitnami_user_group }} {{ item }}"
-      loop: "{{ moodle_dirs }}"
+      command: "docker exec --user root {{ MOODLE_CONTAINER }} chown -R {{ BITNAMI_USER_GROUP }} {{ item }}"
+      loop: "{{ MOODLE_DIRS }}"

    - name: Set directory permissions (770)
-      command: "docker exec --user root {{ moodle_container }} find {{ item }} -type d -exec chmod 770 {} \\;"
-      loop: "{{ moodle_dirs }}"
+      command: "docker exec --user root {{ MOODLE_CONTAINER }} find {{ item }} -type d -exec chmod 770 {} \\;"
+      loop: "{{ MOODLE_DIRS }}"

    - name: Set file permissions (660)
-      command: "docker exec --user root {{ moodle_container }} find {{ item }} -type f -exec chmod 660 {} \\;"
-      loop: "{{ moodle_dirs }}"
+      command: "docker exec --user root {{ MOODLE_CONTAINER }} find {{ item }} -type f -exec chmod 660 {} \\;"
+      loop: "{{ MOODLE_DIRS }}"
--- a/roles/web-app-moodle/tasks/03_oidc.yml
+++ b/roles/web-app-moodle/tasks/03_oidc.yml
@@ -2,7 +2,7 @@

 - name: Check if OIDC plugin is present in container
  command: >
-    docker exec --user root {{ moodle_container }} test -d {{ bitnami_oidc_plugin_dir }}
+    docker exec --user root {{ MOODLE_CONTAINER }} test -d {{ BITNAMI_OIDC_PLUGIN_DIR }}
  register: oidc_plugin_check
  ignore_errors: true
  changed_when: false
@@ -13,11 +13,11 @@
  when: oidc_plugin_check.rc != 0

 #- name: "Upgrade Moodle to apply OIDC plugin"
-#  command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive"
+#  command: "docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive"
 #
 #- name: Clear Moodle cache
 #  command: >
-#    docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/purge_caches.php
+#    docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/purge_caches.php

 - name: "Set Moodle OIDC configuration via CLI"
  loop:
@@ -43,11 +43,11 @@
  loop_control:
    label: "{{ item.name }}"
  command: >
-    docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc
+    docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc
    --name={{ item.name }} --set="{{ item.value }}"

 - name: "Enable OIDC login"
-  command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc"
+  command: "docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc"

 - name: Set auth = 'oidc' for all users except guest
  shell: >
@@ -57,4 +57,4 @@
    executable: /bin/bash

 #- name: Prevent Account Creation
-#  command: docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1
+#  command: docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1
--- a/roles/web-app-moodle/tasks/main.yml
+++ b/roles/web-app-moodle/tasks/main.yml
@@ -2,15 +2,17 @@
 - name: "load docker, db and proxy for {{ application_id }}"
  include_role:
    name: sys-stk-full-stateful
+  vars:
+    docker_compose_flush_handlers: false

 - name: Check if config.php exists
-  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
+  command: docker exec --user root {{ MOODLE_CONTAINER }} test -f {{ MOODLE_CONFIG }}
  register: config_file_exists
  changed_when: false
  failed_when: false

 - name: Check if config.php exists
-  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
+  command: docker exec --user root {{ MOODLE_CONTAINER }} test -f {{ MOODLE_CONFIG }}
  register: config_file_exists
  changed_when: false
  failed_when: false
@@ -23,7 +25,7 @@
  meta: flush_handlers

 - name: Wait until the Moodle container is healthy
-  shell:    docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ moodle_container }}
+  shell:    docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ MOODLE_CONTAINER }}
  register: health_check
  until:    health_check.stdout.strip() == "healthy"
  retries:  120
@@ -34,15 +36,5 @@

 - name: "Configure OIDC login for Moodle if enabled"
  include_tasks: 03_oidc.yml
-  when: applications | get_app_conf(application_id, 'features.oidc', False)
+  when: applications | get_app_conf(application_id, 'features.oidc')

-# Deactivated because it doesn't give helpfull warnings back
-#- name: Run Moodle system check
-#  command: >
-#    docker exec --user {{ bitnami_user }} {{ moodle_container }}
-#    php /opt/bitnami/moodle/admin/cli/checks.php
-#  register: moodle_checks
-#  changed_when: false
-#  failed_when: >
-#    moodle_checks.rc != 0 or
-#    "OK: All" not in moodle_checks.stdout
--- a/roles/web-app-moodle/templates/Dockerfile.j2
+++ b/roles/web-app-moodle/templates/Dockerfile.j2
@@ -1,16 +1,16 @@
-FROM {{ moodle_image }}:{{ moodle_version }}
+FROM {{ MOODLE_IMAGE }}:{{ MOODLE_VERSION }}

 {% if applications | get_app_conf(application_id, 'features.oidc', False) %}
 RUN install_packages unzip curl jq \
 && VERSION=$(curl -s https://api.github.com/repos/microsoft/moodle-auth_oidc/tags \
      | jq -r '.[].name' \
-      | grep v{{ moodle_version }} \
+      | grep v{{ MOODLE_VERSION }} \
      | sort -Vr \
      | head -n1) \
 && echo "Using version $VERSION" \
 && curl -L -o /tmp/oidc.zip https://github.com/microsoft/moodle-auth_oidc/archive/refs/tags/${VERSION}.zip \
 && unzip /tmp/oidc.zip -d /tmp \
- && mv /tmp/moodle-auth_oidc-* {{ bitnami_oidc_plugin_dir }} \
- && chown -R {{ bitnami_user_group }} {{ bitnami_oidc_plugin_dir }} \
+ && mv /tmp/moodle-auth_oidc-* {{ BITNAMI_OIDC_PLUGIN_DIR }} \
+ && chown -R {{ BITNAMI_USER_GROUP }} {{ BITNAMI_OIDC_PLUGIN_DIR }} \
 && rm -rf /tmp/oidc.zip
 {% endif %}
--- a/roles/web-app-moodle/templates/docker-compose.yml.j2
+++ b/roles/web-app-moodle/templates/docker-compose.yml.j2
@@ -2,24 +2,24 @@

  moodle:
 {% set container_port = 8080 %}
-    container_name: {{ moodle_container }}
+    container_name: {{ MOODLE_CONTAINER }}
    {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
-    image: moodle_custom
+    image: MOODLE_CUSTOM
    ports:
      - 127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
-      - 'code:{{ bitnami_code_link }}'
-      - 'data:{{ bitnami_data_dir }}'
+      - 'code:{{ BITNAMI_CODE_LINK }}'
+      - 'data:{{ BITNAMI_DATA_DIR }}'
 {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  code:
-    name: {{ moodle_volume_code }}
+    name: {{ MOODLE_VOLUME_CODE }}
  data:
-    name: {{ moodle_volume_data }}
+    name: {{ MOODLE_VOLUME_DATA }}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
  
--- a/roles/web-app-moodle/vars/main.yml
+++ b/roles/web-app-moodle/vars/main.yml
@@ -1,18 +1,17 @@
 ---
 application_id:                 "web-app-moodle"
 database_type:                  "mariadb"
-bitnami_code_link:              "/bitnami/moodle"
-bitnami_code_dir:               "/opt{{bitnami_code_link}}"
-bitnami_data_dir:               "/bitnami/moodledata"
-bitnami_oidc_plugin_dir:        "{{ bitnami_code_dir }}/auth/oidc"
-bitnami_user:                   "daemon"  
-bitnami_user_group:             "{{ bitnami_user }}:{{ bitnami_user }}"

-docker_compose_flush_handlers:  false # Wait for env update
+BITNAMI_CODE_LINK:              "/bitnami/moodle"
+BITNAMI_CODE_DIR:               "{{ ['/opt', BITNAMI_CODE_LINK ] | path_join }}"
+BITNAMI_DATA_DIR:               "/bitnami/moodledata"
+BITNAMI_OIDC_PLUGIN_DIR:        "{{ [BITNAMI_CODE_DIR,'/auth/oidc'] | path_join }}"
+BITNAMI_USER:                   "daemon"  
+BITNAMI_USER_GROUP:             "{{ BITNAMI_USER }}:{{ BITNAMI_USER }}"

-moodle_config:                  "/bitnami/moodle/config.php"
-moodle_version:                 "{{ applications | get_app_conf(application_id, 'docker.services.moodle.version', True) }}"
-moodle_image:                   "{{ applications | get_app_conf(application_id, 'docker.services.moodle.image', True) }}"
-moodle_container:               "{{ applications | get_app_conf(application_id, 'docker.services.moodle.name', True) }}"
-moodle_volume_data:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-moodle_volume_code:             "{{ applications | get_app_conf(application_id, 'docker.volumes.code', True) }}"
+MOODLE_CONFIG:                  "/bitnami/moodle/config.php"
+MOODLE_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.moodle.version') }}"
+MOODLE_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.moodle.image') }}"
+MOODLE_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.moodle.name') }}"
+MOODLE_VOLUME_DATA:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+MOODLE_VOLUME_CODE:             "{{ applications | get_app_conf(application_id, 'docker.volumes.code') }}"