fix: Fix conditionals for task file includes

c56e1a98 · Alexander Käb · 7c57d798 · c56e1a98 · c56e1a98 · c56e1a98
Commit c56e1a98 authored 2 years ago by Alexander Käb
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,6 +16,7 @@ generate_node_certs: true
 gl_sidecar_ca_path: "/etc/graylog/sidecar"
 sidecar_cert_dir: "/etc/graylog/sidecar"
 cert_valid_days: 1095
+gl_node_ca_path: {{ gl_sidecar_ca_path }}
 # Cert SAN settings
 node_cert_sans: "{{ lookup('template', 'node-cert-sans.j2') | replace('\n', '') | split(',') | map('trim') | list }}"

--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -12,19 +12,19 @@
      ansible.builtin.fail:
        msg: "Please add a host group 'sidecar-ca' with the host(s) storing the CA file first"
      run_once: true
-      when: "not (groups['sidecar-ca'] is defined)"
+      when: "not ('sidecar-ca' in groups)"
    - name: Fail if 'graylog-nodes' host group is missing # noqa: run_once[task]
      ansible.builtin.fail:
        msg: "Please add a host group 'graylog-nodes' with the host(s) storing the log node CA file first"
      run_once: true
-      when: "not (groups['graylog-nodes'] is defined)"
+      when: "not ('graylog-nodes' in groups)"
 - name: Fail if 'ca-store' host group is missing while using opetion 'use_central_ca_host' # noqa: run_once[task]
  ansible.builtin.fail:
    msg: "Please add a host group 'sidecar-ca' with the host(s) storing the CA file first"
  run_once: true
-  when: "(not (groups['ca-store'] is defined)) and use_central_ca_host"
+  when: "(not ('ca-store' in groups)) and use_central_ca_host"
 - name: Include tasks when not using single ca-host
  when: not use_central_ca_host
@@ -45,24 +45,34 @@
 - name: Include tasks when using single ca-host
  when: use_central_ca_host
  block:
-    - name: Include sidecar tasks (when using a single ca store)
+    - name: Include sidecar tasks (when using a single ca store and gl-groups defined)
-      ansible.builtin.include_tasks: sidecar.yml
+      when: (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
-      when: >
+      block:
-        ((groups['sidecar-ca'] is defined) and (groups['graylog-nodes'] is defined) | ternary(
+        - name: Include sidecar tasks (when using a single ca store and gl-groups defined)
-          (inventory_hostname not in groups['sidecar-ca']) and
+          ansible.builtin.include_tasks: sidecar.yml
-          (inventory_hostname not in groups['graylog-nodes'])
+          when: >
-        , true)) and
+            (inventory_hostname not in groups['sidecar-ca']) and
-        (inventory_hostname not in groups['ca-store'])
+            (inventory_hostname not in groups['graylog-nodes']) and
+            (inventory_hostname not in groups['ca-store'])
-    - name: Include filebeat tasks
+        - name: Include filebeat tasks (when using a single ca store and gl-groups defined)
-      ansible.builtin.include_tasks: filebeat.yml
+          ansible.builtin.include_tasks: filebeat.yml
-      when: >
+          when: >
-        install_filebeat and
+            install_filebeat and
-        ((groups['sidecar-ca'] is defined) and (groups['graylog-nodes'] is defined) | ternary(
+            (inventory_hostname not in groups['sidecar-ca']) and
-          (inventory_hostname not in groups['sidecar-ca']) and
+            (inventory_hostname not in groups['graylog-nodes']) and
-          (inventory_hostname not in groups['graylog-nodes'])
+            (inventory_hostname not in groups['ca-store'])
-        , true)) and
-        (inventory_hostname not in groups['ca-store'])
+    - name: Include sidecar tasks (when using a single ca store without gl-groups defined)
+      when: not (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include sidecar tasks (when using a single ca store without gl-groups defined)
+          ansible.builtin.include_tasks: sidecar.yml
+          when: (inventory_hostname not in groups['ca-store'])
+        - name: Include filebeat tasks  (when using a single ca store without gl-groups defined)
+          ansible.builtin.include_tasks: filebeat.yml
+          when: (inventory_hostname not in groups['ca-store'])
 - name: Switch back to default policy
  ansible.builtin.command:
@@ -71,5 +81,21 @@
  become: true
 - name: Generate Node certificates
-  ansible.builtin.import_tasks: node-certs.yml
  when: generate_node_certs
+  block:
+    - name: Include cert tasks (with gl-groups defined)
+      when: (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include Node Cert tasks (with gl-groups defined)
+          ansible.builtin.include_tasks: node-certs.yml
+          when: >
+            (inventory_hostname not in groups['sidecar-ca']) and
+            (inventory_hostname not in groups['graylog-nodes']) and
+            (inventory_hostname not in groups['ca-store'])
+    - name: Include cert tasks (without gl-groups defined)
+      when: not (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include Node Cert tasks (without gl-groups defined)
+          ansible.builtin.include_tasks: node-certs.yml
+          when: (inventory_hostname not in groups['ca-store'])
--- a/tasks/sidecar.yml
+++ b/tasks/sidecar.yml
@@ -45,6 +45,7 @@
      ansible.builtin.yum:
        name: /tmp/graylog-sidecar.rpm
        state: present
+        disable_gpg_check: true # Github rpm is not signed, may replace true with actual check if signed or not
 - name: Run install command
  ansible.builtin.command: