Describe the bug
This commit added the role variables to vars/main.yml
. This makes the role very very difficult to use, and in fact breaks instances where the role was working fine before.
The problem is one of variable precedence. Variables defined in vars/main.yml
have very very high precdence, see this list from the ansible docs: https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
Notably vars in vars/main.yml
override host_vars, group_vars, and play vars (and a bunch more, but these are the most commonly used).
To Reproduce
Inventory host vars file:
# host_vars/myhost.yml
---
tailscale_auth_key: my encrypted key
Playbook
- hosts: myhost
pre_tasks:
# this prints out 'my encrypted key' showing that the var is indeed set in the hostvars
- debug:
msg: "{{ hostvars[inventory_hostname].tailscale_auth_key }}"
roles:
- role: artis3n.tailscale
Result:
TASK [artis3n.tailscale : Tailscale Auth Key Required] *********************************************
Wednesday 25 August 2021 11:17:51 +0200 (0:00:00.332) 0:00:38.857 ******
fatal: [myhost]: FAILED! => changed=false
msg: |-
You must include a Node Authorization auth key. Set a `tailscale_auth_key` ansible-vault encrypted variable. You can create this key from: https://login.tailscale.com/admin/authkeys.
Expected behavior
It should work without error
Target (please complete the following information):
- OS: Fedora
- Ansible version: 2.10.4
artis3n.tailscale
version: 1.31.1
Proposed Solution
IMHO, the correct way is to leave the vars/main.yml
empty in this case, and specify the variable defaults in defaults/main.yml
.
I see the comment in vars/main.yml
says "Variables that a user may want to modify." I understand why you did this. It seems natural to put variables that the user should/must define in vars/main.yml
as a sort of declaration, but this is not how ansible works (unfortunately). In reality declaring variables in that file makes it more difficult to modify them.
Ansible has no real mechanism to "declare" variables that have no sane default, except by documenting them in the docs and raising runtime errors when variables are not well defined.
You can always use the following to guard against undefined variables.
when: tailscale_auth_key is not defined or tailscale_auth_key == None and not tailscale_up_skip | bool