Ansible 2.3 compatibility #813
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stdout_lines of whoami with -vvvv formerly included `root` but now will include ansi code prefix: `\e[0;32mroot`. Connection as root will always appear to have failed unless Trellis checks for this revised string.
Prevents related warnings introduced in Ansible 2.3 ansible/ansible#ff20ab7
A single var in a `when` parameter will be expanded and the var's jinja delimiters will trigger related warnings introduced in Ansible 2.3 ansible/ansible#ff20ab7
|
This PR works with today's official release of Ansible 2.3. |
Installing Ansible 2.3 installs Jinja2 v2.9.6 (up from v2.8.1). Jinja2 v 2.9.4 changed the truncate.leeway default from 0 to 5 chars, resulting in no truncation for salts up to 21 characters, potentially causing `salt too large (sha512_crypt requires <= 16 chars)` failure. Adding a final parameter `0` (leeway) resolves the issue in Ansible 2.3, but fails on earlier versions with Jinja2 < 2.9.4, causing the error `do_truncate() takes at most 4 arguments (5 given)`. This commit switches to python slice [:16] because it works in all contexts.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Broken out into separate commits, each with a commit message explaining. One commit prevents Ansible's new
dense.pycallback from causing Trellis ssh connection tests to always showrootas failing to connect. The other commits just prevent Ansible's new warning message about jinja delimiters.The commit
Avoid single var containing jinja delimiters in when parameterdeserves some explanation but don't expect this explanation to stand on its own without examining the commit's diff.Consider a
whenparameter with a single var, e.g.,when: site_uses_letsencrypt. The var will be expanded and the var's jinja delimiters will trigger related warnings. This PR's commit avoids the warnings by removing jinja delimiters from the var value/definition:That change prevents the warnings, but makes the
site_uses_letsencryptvar not function in contexts that aren't part of thewhentask parameter. This accounts for why the commit in question removessite_uses_letsencryptfrom the definition ofmissing_hostsThis change to
missing_hostsmeans its two appearances in the formwhen: missing_hosts | countmust be adjusted. However, it turns out that the lack of jinja delimiters insite_uses_letsencryptcauses this adjustment to be ineffective:This accounts for why the commit in question uses the strategy below, leaving the
site_uses_letsencryptalone in a single item (vs. the compound item in the diff above).Tested on Ansible branch 2.3-stable as of
07ea6a6and on Ansible 2.2.0.0. Tests included default configs and alternative configs such as Let's Encrypt enabled, nginx-includes, androotlogin disabled, on DigitalOcean and AWS EC2.