From f88eb51b71fb572300ab7f529f1ebc5340b2293a Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 4 Dec 2024 13:47:20 -0800 Subject: [PATCH] Protect hostvars iterations from implicit localhost Ansible-core 2.16.4 appears to have a behavior change where it will include the implicit localhost in hostvars, which means that any location we iterate over hostvars and assume it's a real host could throw an exception. To avoid that, add checks that the variables we are about to access on the host exist. Change-Id: Iff89da761e5f6748b454610a64c2fdd4f5e56a77 --- roles/multi-node-firewall/tasks/main.yaml | 4 ++++ roles/multi-node-hosts-file/tasks/main.yaml | 2 ++ test-playbooks/multinode/multi-node-hosts-file.yaml | 2 ++ test-playbooks/multinode/multi-node-known-hosts.yaml | 2 ++ 4 files changed, 10 insertions(+) diff --git a/roles/multi-node-firewall/tasks/main.yaml b/roles/multi-node-firewall/tasks/main.yaml index fc6f8eebd..ac99e8f12 100644 --- a/roles/multi-node-firewall/tasks/main.yaml +++ b/roles/multi-node-firewall/tasks/main.yaml @@ -17,20 +17,24 @@ ipv4_addresses: > {% set hosts = [] -%} {% for host, vars in hostvars.items() -%} + {% if 'nodepool' in vars -%} {% if vars['nodepool']['private_ipv4'] -%} {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%} {% endif -%} {% if vars['nodepool']['public_ipv4'] -%} {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%} {% endif -%} + {% endif -%} {% endfor -%} {{- hosts | sort | unique -}} ipv6_addresses: > {% set hosts = [] -%} {% for host, vars in hostvars.items() -%} + {% if 'nodepool' in vars -%} {% if vars['nodepool']['public_ipv6'] -%} {% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%} {% endif -%} + {% endif -%} {% endfor -%} {{- hosts | sort | unique -}} diff --git a/roles/multi-node-hosts-file/tasks/main.yaml b/roles/multi-node-hosts-file/tasks/main.yaml index 1a630091c..d7bd23f70 100644 --- a/roles/multi-node-hosts-file/tasks/main.yaml +++ b/roles/multi-node-hosts-file/tasks/main.yaml @@ -3,8 +3,10 @@ host_addresses: > {% set hosts = {} -%} {% for host, vars in hostvars.items() -%} + {% if 'nodepool' in vars -%} {% set _ = hosts.update({host: vars['nodepool']['private_ipv4']}) -%} {% set _ = hosts.update({vars['ansible_hostname']: vars['nodepool']['private_ipv4']}) -%} + {% endif -%} {% endfor -%} {{- hosts -}} diff --git a/test-playbooks/multinode/multi-node-hosts-file.yaml b/test-playbooks/multinode/multi-node-hosts-file.yaml index 4334e534e..c58aeacc7 100644 --- a/test-playbooks/multinode/multi-node-hosts-file.yaml +++ b/test-playbooks/multinode/multi-node-hosts-file.yaml @@ -12,7 +12,9 @@ host_addresses: > {% set hosts = [] -%} {% for host, vars in hostvars.items() -%} + {% if 'nodepool' in vars -%} {% set _ = hosts.append({'host': host, 'address': vars['nodepool']['private_ipv4']}) -%} + {% endif -%} {% endfor -%} {{- hosts -}} diff --git a/test-playbooks/multinode/multi-node-known-hosts.yaml b/test-playbooks/multinode/multi-node-known-hosts.yaml index cc19aa6bc..493b2fb23 100644 --- a/test-playbooks/multinode/multi-node-known-hosts.yaml +++ b/test-playbooks/multinode/multi-node-known-hosts.yaml @@ -12,6 +12,7 @@ host_addresses: > {% set hosts = [] -%} {% for host, vars in hostvars.items() -%} + {% if 'nodepool' in vars -%} {% if vars['nodepool']['private_ipv4'] | length > 0 -%} {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%} {% endif -%} @@ -21,6 +22,7 @@ {% if vars['nodepool']['public_ipv6'] | length > 0 -%} {% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%} {% endif -%} + {% endif -%} {% endfor -%} {{- hosts | sort | unique -}}