hosts: do the right thing for VPN hosts

Move the vpn ./. base logic from the ipa/client role into the hosts role, so that applying the latter doesn't apply the base profile on VPN hosts. Fixes: fedora-infrastructure#9822 Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-04-01 16:27:57 +02:00 · 2021-04-01 16:27:57 +02:00 · 7a2024398f
commit 7a2024398f
parent 6811f7df63
2 changed files with 14 additions and 10 deletions
--- a/roles/hosts/tasks/main.yml
+++ b/roles/hosts/tasks/main.yml
@ -10,14 +10,21 @@
 # Note that if it's not set it will just skip this play and do nothing.
 #
 - name: setup /etc/hosts for some clients
-  copy: src={{ item }} dest=/etc/hosts
-  with_first_found:
+  vars:
+    hosts_candidates_static:
      - "{{ inventory_hostname }}-hosts"
      - "{{ ansible_hostname }}-hosts"
      - "{{ host_group }}-hosts"
      - "{{ ansible_domain }}-hosts"
      - "{{ datacenter }}-hosts"
-  - "{{ hosts_base | default('base') }}"
+  copy: src={{ item }} dest=/etc/hosts
+  with_first_found: >-
+    {{
+      (hosts_candidates_static + ["vpn"])
+      if (vpn | default(false)) and (datacenter | default('iad2')) != 'iad2'
+      else
+      (hosts_candidates_static + ["base"])
+    }}
  tags:
  - config
  - hosts
--- a/roles/ipa/client/tasks/vpn.yml
+++ b/roles/ipa/client/tasks/vpn.yml
@ -1,6 +1,5 @@
 ---
 - name: Install /etc/hosts for VPN clients
-  when: "(vpn | default(false)) and (datacenter | default('iad2')) != 'iad2'"
  include_role:
    name: hosts
    apply:
@ -8,5 +7,3 @@
        - ipa/client
        - config
        - vpn-client-enablement
-      vars:
-        hosts_base: vpn