ansibleguy/infra_nftables

Don't run kernel config check when the role is skipped

Closed this issue · 1 comments

I'm trying to apply a limited set of roles with ansible-playbook -i inventory.yml -l myservername --tags whatever main.yml -K

The selected tag whatever is unrelated to infra_nftables.

However, the following tags are always ran:

  • NFTables | Checking config
    - name: NFTables | Checking config
    ansible.builtin.assert:
    that:
    - nftables is defined
    - nftables.tables is defined
    - NFT_CONFIG.tables | length > 0
    - NFT_CONFIG.tables[NFT_CONFIG.tables | list | first]['chains'] | default([]) | length > 0
    - not NFT_CONFIG.ext.startswith('.')
    tags: always
  • NFTables | Check | Checking kernel config
    - name: NFTables | Check | Checking kernel config
    ansible.builtin.assert:
    that:
    - "'CONFIG_NF_TABLES=m' in nft_kernel_config.stdout_lines"
    - "'CONFIG_NF_TABLES_INET=y' in nft_kernel_config.stdout_lines"
    - "'CONFIG_NF_TABLES_IPV4=y' in nft_kernel_config.stdout_lines"
    tags: always

The last step is failing as nft_kernel_config.stdout_lines is defined in NFTables | Check | Pulling kernel config, which is not always ran

- name: NFTables | Check | Pulling kernel config
ansible.builtin.shell: 'cat "/boot/config-$(uname -r)" | grep -E "CONFIG_NFT|CONFIG_NF_TABLES"'
args:
executable: '/bin/bash'
register: nft_kernel_config
changed_when: false
check_mode: false
tags: skip_ansible_lint # 'set -o pipefail' will lead to no output
when: >
ansible_virtualization_role is undefined or
ansible_virtualization_role != 'guest' or
('docker' not in ansible_virtualization_tech_guest and
'lxc' not in ansible_virtualization_tech_guest)

Can the dependency be fixed please ?

Thank you

Greetings @Yoda-BZH
I've removed the always tags and replaced them with the role-specific ones.