codeenigma · gregharvey · Sep 5, 2022 · Sep 5, 2022
diff --git a/roles/_exit/tasks/allowed_vars.yml b/roles/_exit/tasks/allowed_vars.yml
@@ -2,14 +2,14 @@
   ansible.builtin.set_fact:
     ce_provision_extra_vars_computed: "{{ ce_provision_extra_vars_computed | default({}) | combine({item.name: lookup('vars', item.name)}, recursive=True) }}"
   when:
-    - ce_provision.extra_repository_allowed_vars is defined
+    - _init.ce_provision_extra_repository_allowed_vars is defined
     - lookup('vars', item.name, default="")
-  loop: "{{ ce_provision.extra_repository_allowed_vars }}"
+  loop: "{{ _init.ce_provision_extra_repository_allowed_vars }}"
 
 - name: Generate/Update custom vars file.
   ansible.builtin.template:
     src: vars.j2
-    dest: "{{ _ce_provision_build_tmp_dir }}/extra/{{ ce_provision.extra_repository_vars_file }}"
+    dest: "{{ _ce_provision_build_tmp_dir }}/extra/{{ _init.ce_provision_extra_repository_vars_file }}"
     mode: "0755"
   delegate_to: localhost
   become: true
@@ -48,7 +48,7 @@
     - _ce_provision_extra_vars_git_changed.stdout
 
 - name: Push newly generated configuration.
-  ansible.builtin.command: "git push origin {{ ce_provision.extra_repository_branch }}"
+  ansible.builtin.command: "git push origin {{ _init.ce_provision_extra_repository_branch }}"
   args:
     chdir: "{{ _ce_provision_build_tmp_dir }}/extra"
   become: true

diff --git a/roles/_exit/tasks/main.yml b/roles/_exit/tasks/main.yml
@@ -1,10 +1,11 @@
 ---
+# Do not include the _exit role at the end of a play without including the _init role at the start.
 - name: Generate/Update custom vars file.
   ansible.builtin.include_tasks: allowed_vars.yml
   when:
-    - ce_provision.extra_repository
-    - ce_provision.extra_repository_vars_file
-    - ce_provision.extra_repository_push
+    - _init.ce_provision_extra_repository
+    - _init.ce_provision_extra_repository_vars_file
+    - _init.ce_provision_extra_repository_push
 
 - name: Store current playbook md5.
   ansible.builtin.copy:

diff --git a/roles/_exit/templates/vars.j2 b/roles/_exit/templates/vars.j2
@@ -1 +1 @@
-{{ ce_provision_extra_vars_computed | allowed_vars(ce_provision.extra_repository_allowed_vars) | to_nice_yaml(indent=2, width=1000) }}
+{{ ce_provision_extra_vars_computed | allowed_vars(_init.ce_provision_extra_repository_allowed_vars) | to_nice_yaml(indent=2, width=1000) }}
diff --git a/roles/_init/README.md b/roles/_init/README.md
@@ -1,6 +1,6 @@
 # Init role
 
-This is meant to ALWAYS be included as the first task of a play.
+This is meant to ALWAYS be included as the first task of a play. If you include this role, as you will in the vast majority of cases, be sure to also include the `_exit` role as the last task of the play.
 
 <!--TOC-->
 <!--ENDTOC-->

diff --git a/roles/_init/defaults/main.yml b/roles/_init/defaults/main.yml
@@ -5,35 +5,13 @@ _init:
   vars_dirs: []
   force_play: false
 
-# ce_provision vars are sometimes needed even when the role isn't used so we define them here.
-# If you are using ce_provision and *not* using _init you can copy these vars to your playbook.
-_ce_provision:
-  username: "{% if is_local is defined and is_local %}ce-dev{% else %}controller{% endif %}"
-
-ce_provision:
-  username: "{{ _ce_provision.username }}"
-  new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  key_name: id_rsa.pub # existing users may have a key of a different name
-  # Main repo.
-  own_repository: "https://github.com/codeenigma/ce-provision.git"
-  own_repository_branch: "master"
-  own_repository_skip_checkout: false
-  # Destination.
-  local_dir: "/home/{{ _ce_provision.username }}/ce-provision"
-  # Private config repo.
-  config_repository: ""
-  config_repository_branch: "master"
-  config_repository_skip_checkout: false
+  # Although these variables logically belong with ce_provision, the _init role needs to
+  # gather the extra variables if there are any, so there are _init variables.
   # Extra config repo.
-  extra_repository: ""
-  extra_repository_branch: "master"
-  extra_repository_skip_checkout: false
-  extra_repository_vars_file: "custom.yml"
-  # Wether to commit back changes to extra repo.
-  extra_repository_push: false
-  extra_repository_allowed_vars: []
-  # List of additional groups to add the user to.
-  groups: []
-  # File containing default roles and collections to install via Ansible Galaxy.
-  # Roles will be installed to $HOME/.ansible/roles for the provision user. This roles path should be added to your ansible.cfg file.
-  galaxy_custom_requirements_file: "/home/{{ _ce_provision.username }}/ce-provision/config/files/galaxy-requirements.yml"
+  ce_provision_extra_repository: ""
+  ce_provision_extra_repository_branch: "master"
+  ce_provision_extra_repository_skip_checkout: false
+  ce_provision_extra_repository_vars_file: "custom.yml"
+  # Whether to commit back changes to extra repo.
+  ce_provision_extra_repository_push: false
+  ce_provision_extra_repository_allowed_vars: []
diff --git a/roles/_init/tasks/allowed_vars.yml b/roles/_init/tasks/allowed_vars.yml
@@ -1,23 +1,23 @@
 - name: Clone custom extra directory.
   ansible.builtin.git:
-    repo: "{{ ce_provision.extra_repository }}"
+    repo: "{{ _init.ce_provision_extra_repository }}"
     dest: "{{ _ce_provision_build_tmp_dir }}/extra"
-    version: "{{ ce_provision.extra_repository_branch }}"
+    version: "{{ _init.ce_provision_extra_repository_branch }}"
   delegate_to: localhost
   become: true
   become_user: "{{ ce_provision.username }}"
 
 - name: Check if file exists.
   ansible.builtin.stat:
-    path: "{{ _ce_provision_build_tmp_dir }}/extra/{{ ce_provision.extra_repository_vars_file }}"
+    path: "{{ _ce_provision_build_tmp_dir }}/extra/{{ _init.ce_provision_extra_repository_vars_file }}"
   delegate_to: localhost
   become: true
   become_user: "{{ ce_provision.username }}"
   register: _extra_repository_vars_file
 
 - name: Include custom variables.
   ansible.builtin.include_vars:
-    file: "{{ _ce_provision_build_tmp_dir }}/extra/{{ ce_provision.extra_repository_vars_file }}"
+    file: "{{ _ce_provision_build_tmp_dir }}/extra/{{ _init.ce_provision_extra_repository_vars_file }}"
     name: _ce_provision_extra_vars
   delegate_to: localhost
   become: true
@@ -27,7 +27,7 @@
 
 - name: Filter allowed custom variables.
   ansible.builtin.set_fact:
-    ce_provision_extra_vars_filtered: "{{ _ce_provision_extra_vars | allowed_vars(ce_provision.extra_repository_allowed_vars) }}"
+    ce_provision_extra_vars_filtered: "{{ _ce_provision_extra_vars | allowed_vars(_init.ce_provision_extra_repository_allowed_vars) }}"
   when:
     - _extra_repository_vars_file.stat.exists
 
@@ -38,4 +38,4 @@
     - _extra_repository_vars_file.stat.exists
     - ce_provision_extra_vars_filtered is defined
     - ce_provision_extra_vars_filtered[item.name] is defined
-  loop: "{{ ce_provision.extra_repository_allowed_vars }}"
+  loop: "{{ _init.ce_provision_extra_repository_allowed_vars }}"
diff --git a/roles/_init/tasks/main.yml b/roles/_init/tasks/main.yml
@@ -59,6 +59,6 @@
 - name: Load custom vars file.
   ansible.builtin.include_tasks: allowed_vars.yml
   when:
-    - ce_provision.extra_repository
-    - ce_provision.extra_repository_vars_file
-    - ce_provision.extra_repository_allowed_vars
+    - _init.ce_provision_extra_repository
+    - _init.ce_provision_extra_repository_vars_file
+    - _init.ce_provision_extra_repository_allowed_vars
diff --git a/roles/ce_provision/defaults/main.yml b/roles/ce_provision/defaults/main.yml
@@ -1,3 +1,24 @@
 ---
-# See roles/_init/defaults/main.yml for variables
-# All ce_provision variables should be set in _init
+# See roles/_init/defaults/main.yml for extra variables repo settings.
+_ce_provision:
+  username: "{% if is_local is defined and is_local %}ce-dev{% else %}controller{% endif %}"
+
+ce_provision:
+  username: "{{ _ce_provision.username }}"
+  new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
+  key_name: id_rsa.pub # existing users may have a key of a different name
+  # Main repo.
+  own_repository: "https://github.com/codeenigma/ce-provision.git"
+  own_repository_branch: "master"
+  own_repository_skip_checkout: false
+  # Destination.
+  local_dir: "/home/{{ _ce_provision.username }}/ce-provision"
+  # Private config repo.
+  config_repository: ""
+  config_repository_branch: "master"
+  config_repository_skip_checkout: false
+  # List of additional groups to add the user to.
+  groups: []
+  # File containing default roles and collections to install via Ansible Galaxy.
+  # Roles will be installed to $HOME/.ansible/roles for the provision user. This roles path should be added to your ansible.cfg file.
+  galaxy_custom_requirements_file: "/home/{{ _ce_provision.username }}/ce-provision/config/files/galaxy-requirements.yml"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{{ ce_provision_extra_vars_computed \| allowed_vars(ce_provision.extra_repository_allowed_vars) \| to_nice_yaml(indent=2, width=1000) }}
		{{ ce_provision_extra_vars_computed \| allowed_vars(_init.ce_provision_extra_repository_allowed_vars) \| to_nice_yaml(indent=2, width=1000) }}