kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-26 21:45:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/sys-dns-hetzner-rdns/tasks/flavors/cloud.yml
Kevin Veen-Birkenbach a10dd402b8
refactor: improve service handling and introduce MODE_ASSERT 
- Improved get_service_name filter plugin (clearer suffix handling, consistent var names).
- Added MODE_ASSERT flag to optionally execute validation/assertion tasks.
- Fixed systemd unit handling: consistent use of %I instead of %i, correct escaping of instance names.
- Unified on_failure behavior and alarm composer scripts.
- Cleaned up redundant logging, handlers, and debug config.
- Strengthened sys-service template resolution with assert (only active when MODE_ASSERT).
- Simplified timer and suffix handling with get_service_name filter.
- Hardened sensitive tasks with no_log.
- Added conditional asserts across roles (Keycloak, DNS, Mailu, Discourse, etc.).

These changes improve consistency, safety, and validation across the automation stack.

Conversation: https://chatgpt.com/share/68a4ae28-483c-800f-b2f7-f64c7124c274
2025-08-19 19:02:52 +02:00

97 lines
4.0 KiB
YAML
Raw Blame History

---
# Cloud flavor (hcloud API)
- name: Resolve effective hcloud token
set_fact:
_hz_token: >-
{{ HETZNER_API_TOKEN
| default(lookup('env','HETZNER_API_TOKEN'), true)
| default('', true)
}}
no_log: "{{ hetzner_no_log | bool }}"
- name: Assert hcloud token present
ansible.builtin.assert:
that: [ "_hz_token | length > 0" ]
fail_msg: "HETZNER_API_TOKEN is required for the Cloud flavor."
no_log: "{{ hetzner_no_log | bool }}"
when: MODE_ASSERT | bool
- name: Collect hcloud servers if needed (server records without identifier)
hetzner.hcloud.server_info:
api_token: "{{ _hz_token }}"
register: _servers_info
when: rdns_records | selectattr('resource','equalto','server') | selectattr('identifier','undefined') | list | length > 0
no_log: "{{ hetzner_no_log | bool }}"
- name: Init normalized records list
set_fact:
_rdns_records: []
- name: Normalize records (autofill server.identifier by IPv4)
vars:
_match_name: >-
{{
(_servers_info.servers | default([]))
| selectattr('public_net.ipv4.ip','equalto', rec.ip_address | default(''))
| map(attribute='name') | list | first | default('')
}}
_needs_autofill: >-
{{
rec.resource == 'server'
and (rec.identifier is not defined)
and (rec.ip_address | default('') | length > 0)
}}
_normalized: >-
{{
rec if (not _needs_autofill or _match_name == '')
else (rec | combine({'identifier': _match_name}))
}}
set_fact:
_rdns_records: "{{ _rdns_records + [ _normalized ] }}"
loop: "{{ rdns_records }}"
loop_control: { loop_var: rec }
- name: Ensure server identifiers are resolved when required
assert:
that:
- >
(
(_rdns_records | selectattr('resource','equalto','server') | selectattr('identifier','defined') | list | length)
==
(_rdns_records | selectattr('resource','equalto','server') | list | length)
)
fail_msg: "Could not resolve hcloud server by IPv4 for one or more records."
no_log: "{{ hetzner_no_log | bool }}"
when: MODE_ASSERT | bool
- name: Validate records (cloud)
ansible.builtin.assert:
that:
- (_rdns_records | default(rdns_records)) | length > 0
- (_rdns_records | default(rdns_records)) | selectattr('dns_ptr','defined') | list | length == ((_rdns_records | default(rdns_records)) | length)
- (_rdns_records | default(rdns_records)) | selectattr('ip_address','defined') | list | length == ((_rdns_records | default(rdns_records)) | length)
- (_rdns_records | default(rdns_records)) | selectattr('resource','defined') | list | length == ((_rdns_records | default(rdns_records)) | length)
- (
(_rdns_records | default(rdns_records)) | selectattr('resource','equalto','server') | selectattr('identifier','defined') | list | length
+ ((_rdns_records | default(rdns_records)) | rejectattr('resource','equalto','server') | list | length)
) == ((_rdns_records | default(rdns_records)) | length)
no_log: "{{ hetzner_no_log | bool }}"
when: MODE_ASSERT | bool
- name: Apply rDNS via hcloud
hetzner.hcloud.hcloud_rdns:
api_token: "{{ _hz_token }}"
server: "{{ (item.resource == 'server') | ternary(item.identifier, omit) }}"
primary_ip: "{{ (item.resource == 'primary_ip') | ternary(item.identifier, omit) }}"
floating_ip: "{{ (item.resource == 'floating_ip') | ternary(item.identifier, omit) }}"
load_balancer: "{{ (item.resource == 'load_balancer') | ternary(item.identifier, omit) }}"
ip_address: "{{ item.ip_address }}"
dns_ptr: "{{ item.dns_ptr }}"
state: present
loop: "{{ _rdns_records | default(rdns_records) }}"
loop_control:
label: "{{ item.resource }}[{{ item.identifier | default('auto-by-ipv4') }}] {{ item.ip_address }} -> {{ item.dns_ptr }}"
async: "{{ hetzner_async_enabled | ternary(hetzner_async_time, omit) }}"
poll: "{{ hetzner_async_enabled | ternary(hetzner_async_poll, omit) }}"
no_log: "{{ hetzner_no_log | bool }}"
Reference in New Issue View Git Blame Copy Permalink