kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-03 19:58:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7405883b488fe94df381c51ac9f1102714640cfc
computer-playbook/roles/sys-dns-hetzner-rdns/tasks/flavors/robot.yml
Kevin Veen-Birkenbach a10dd402b8 refactor: improve service handling and introduce MODE_ASSERT 
- Improved get_service_name filter plugin (clearer suffix handling, consistent var names).
- Added MODE_ASSERT flag to optionally execute validation/assertion tasks.
- Fixed systemd unit handling: consistent use of %I instead of %i, correct escaping of instance names.
- Unified on_failure behavior and alarm composer scripts.
- Cleaned up redundant logging, handlers, and debug config.
- Strengthened sys-service template resolution with assert (only active when MODE_ASSERT).
- Simplified timer and suffix handling with get_service_name filter.
- Hardened sensitive tasks with no_log.
- Added conditional asserts across roles (Keycloak, DNS, Mailu, Discourse, etc.).

These changes improve consistency, safety, and validation across the automation stack.

Conversation: https://chatgpt.com/share/68a4ae28-483c-800f-b2f7-f64c7124c274
2025-08-19 19:02:52 +02:00

45 lines
1.6 KiB
YAML
Raw Blame History

---
# Robot flavor (Robot Webservice API)
- name: Assert Robot credentials present
ansible.builtin.assert:
that:
- (HETZNER_ROBOT_USER | default('') | length) > 0
- (HETZNER_ROBOT_PASSWORD | default('') | length) > 0
fail_msg: "Robot credentials required: HETZNER_ROBOT_USER / HETZNER_ROBOT_PASSWORD."
no_log: "{{ hetzner_no_log | bool }}"
when: MODE_ASSERT | bool
- name: Validate records (robot)
ansible.builtin.assert:
that:
- rdns_records | length > 0
- (rdns_records | selectattr('ip_address','defined') | list | length) == (rdns_records | length)
- (rdns_records | selectattr('dns_ptr','defined') | list | length) == (rdns_records | length)
fail_msg: "Each record must have ip_address and dns_ptr for Robot rDNS."
no_log: "{{ hetzner_no_log | bool }}"
when: MODE_ASSERT | bool
- name: Apply rDNS via Hetzner Robot API
vars:
hetzner_robot_base_url: "{{ HETZNER_ROBOT_BASE_URL }}"
ip_path: "{{ item.ip_address | urlencode }}"
ansible.builtin.uri:
url: "{{ hetzner_robot_base_url }}/rdns/{{ ip_path }}"
method: POST
user: "{{ HETZNER_ROBOT_USER }}"
password: "{{ HETZNER_ROBOT_PASSWORD }}"
force_basic_auth: true
headers:
Accept: application/json
body_format: form-urlencoded
body:
ptr: "{{ item.dns_ptr }}"
status_code: [200, 201]
loop: "{{ rdns_records }}"
loop_control:
label: "{{ item.ip_address }} -> {{ item.dns_ptr }}"
async: "{{ hetzner_async_enabled | ternary(hetzner_async_time, omit) }}"
poll: "{{ hetzner_async_enabled | ternary(hetzner_async_poll, omit) }}"
no_log: "{{ hetzner_no_log | bool }}"
Reference in New Issue View Git Blame Copy Permalink