hosts: do the right thing for VPN hosts

Move the vpn ./. base logic from the ipa/client role into the hosts
role, so that applying the latter doesn't apply the base profile on VPN
hosts.

Fixes: fedora-infrastructure#9822

Signed-off-by: Nils Philippsen <nils@redhat.com>

roles/hosts/tasks/main.yml

@@ -10,14 +10,21 @@
 # Note that if it's not set it will just skip this play and do nothing.
 #
 - name: setup /etc/hosts for some clients
+  vars:
+    hosts_candidates_static:
+      - "{{ inventory_hostname }}-hosts"
+      - "{{ ansible_hostname }}-hosts"
+      - "{{ host_group }}-hosts"
+      - "{{ ansible_domain }}-hosts"
+      - "{{ datacenter }}-hosts"
   copy: src={{ item }} dest=/etc/hosts
-  with_first_found:
+  with_first_found: >-
-  - "{{ inventory_hostname }}-hosts"
+    {{
-  - "{{ ansible_hostname }}-hosts"
+      (hosts_candidates_static + ["vpn"])
-  - "{{ host_group }}-hosts"
+      if (vpn | default(false)) and (datacenter | default('iad2')) != 'iad2'
-  - "{{ ansible_domain }}-hosts"
+      else
-  - "{{ datacenter }}-hosts"
+      (hosts_candidates_static + ["base"])
-  - "{{ hosts_base | default('base') }}"
+    }}
   tags:
   - config
   - hosts

roles/ipa/client/tasks/vpn.yml

@@ -1,6 +1,5 @@
 ---
 - name: Install /etc/hosts for VPN clients
-  when: "(vpn | default(false)) and (datacenter | default('iad2')) != 'iad2'"
   include_role:
     name: hosts
     apply:
@@ -8,5 +7,3 @@
         - ipa/client
         - config
         - vpn-client-enablement
-      vars:
-        hosts_base: vpn