Giters

artis3n / ansible-role-tailscale

Ansible role to install and configure a Tailscale node.

Home Page:https://galaxy.ansible.com/artis3n/tailscale

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] Unable to use vault encrypted value for tailscale_authkey

joeypiccola opened this issue · comments

commented

Describe the bug
Ansible role artis3n.tailscale not accepting Ansible vault encrypted tailscale_authkey variable.

When using the following to install and configure tailscale I receive the error The conditional check 'not tailscale_authkey' failed. The error was: An unhandled exception occurred while templating '{{ tailscale_authkey }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{ tailscale_authkey }}'.

When using the plain text tskey-auth string it works fine. I am using other vault-encrypted variables without issue, identically scoped in my playbook's var directory (e.g. vars/main.yaml).

# tailscale.yaml
- name: Configure Tailscale
  include_role:
    name: galaxy_roles/artis3n.tailscale
  vars:
    tailscale_args: "--advertise-exit-node --hostname=colo --accept-routes"
    tailscale_authkey: "{{ tailscale_authkey }}"

- name: Set MSP user password
  tags: account
  user:
    name: "{{ msp_user_name }}"
    password: "{{ msp_user_password }}"

To Reproduce
Steps to reproduce the behavior:

Encrypt tailscale_authkey with Ansible vault and place the value in a role's /var/main.yaml. Use provided yaml and Ansible vault variable syntax (e.g. "{{ tailscale_authkey }}") when leveraging the role artis3n.tailscale.

Expected behavior
The ansible role should run and not error attempting to validate tailscale_authkey.

Target (please complete the following information):

  • OS: osx
  • Ansible version: 2.10.11
  • ansible-playbook: 2.10.11
  • artis3n.tailscale version: installed_version: v4.2.2
  • Tailscale version (set verbose to true): 1.46.0
commented

During submitting the PR I was using Ansible Vault for tailscale_authkey. And I was not able to reproduce this.
So, I assume, there is a typo somewhere in the var name or encrypted string.

commented

During submitting the PR I was using Ansible Vault for tailscale_authkey. And I was not able to reproduce this. So, I assume, there is a typo somewhere in the var name or encrypted string.

Agreed, I'm using the tailscale_authkey as an encrypted vault value and it's working well. Could also be that the vars in /var/main.yaml as OP describes is not being referenced correctly in the playbook?

See: https://github.com/dbrennand/home-ops/blob/dev/ansible/group_vars/tailscale.yml

commented

I encountered this. In my inventory vars file had to save the encrypted string as vault_tailscale_authkey and then reference it as the required variable tailscale_authkey: "{{ vault_tailscale_authkey }}". 🤷🏻‍♀️