playbook: Use Ansible fact for default IPv4

Combining when and register made it impossible to have "portable" way to find default (public) IPv4 with shell script. This is expected behaviour of ansible, see https://github.com/ansible/ansible/issues/12779 As Ansbile provides information about a host, use it (ansible_default_ipv4.address) to fetch this kind of address.

playbook: Use Ansible fact for default IPv4
Combining when and register made it impossible to have "portable" way to find default (public) IPv4 with shell script. This is expected behaviour of ansible, see https://github.com/ansible/ansible/issues/12779 As Ansbile provides information about a host, use it (ansible_default_ipv4.address) to fetch this kind of address.
62681800 · Łukasz Nowak · 1cfe05a8 · 62681800 · 62681800 · 62681800
Commit 62681800 authored Dec 12, 2017 by Łukasz Nowak
3 changed files
--- a/playbook/roles/standalone-shared/tasks/main.yml
+++ b/playbook/roles/standalone-shared/tasks/main.yml
@@ -2,18 +2,8 @@
  - name: fetch shared vars
    include_vars: erp5-common.yml

-  - name: Fetch public IPv4 (Debian)
-    shell: ifconfig `route -n | grep '^0\.0\.0\.0' | head -n 1 | awk '{print $NF}'` | { IFS=' :';read r;read r r a r;echo $a; }
-    register: public_ipv4
-    when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian"
-
-  - name: Fetch public IPv4 (CentOS)
-    shell: ifconfig `route -n | grep '^0\.0\.0\.0' | head -n 1 | awk '{print $NF}'` | { IFS=' :';read r;read r a r r;echo $a; }
-    register: public_ipv4
-    when: ansible_distribution == "CentOS"
-
  - name: Store public IPv4 for other scripts
-    shell: echo "{{ public_ipv4.stdout }}" > /tmp/playbook-{{ playbook_name }}-public-ipv4
+    shell: echo "{{ ansible_default_ipv4.address }}" > /tmp/playbook-{{ playbook_name }}-public-ipv4

  - name: create instance request script
    template: src={{ request_instance_template }} dest=/tmp/playbook-request-{{ playbook_name }} mode=700

--- a/playbook/roles/standalone-shared/templates/request-erp5-frontend.j2
+++ b/playbook/roles/standalone-shared/templates/request-erp5-frontend.j2
 computer_id = 'local_computer'
 frontend_software_release_url = '{{ frontend_software_release_url }}'
 supply(frontend_software_release_url, computer_id)
-public_ipv4 = '{{ public_ipv4.stdout }}'
 # frontend master partition
 request(software_release=frontend_software_release_url, partition_reference='{{ frontend_master_reference }}')

@@ -20,7 +19,7 @@ if backend_url is not None:
    partition_parameter_kw={
        'url': backend_url,
        'type': 'zope',
-        'custom_domain': public_ipv4,
+        'custom_domain': '{{ ansible_default_ipv4.address }}',
        'server-alias': '*',
        'https-only': 'true'
    }

--- a/playbook/roles/standalone-shared/templates/setup-firewall.j2
+++ b/playbook/roles/standalone-shared/templates/setup-firewall.j2
@@ -16,8 +16,8 @@ if [ ! -z "$frontend_ipv4" ] ; then
  iptables -t nat -vnL OUTPUT | grep dpt:443 | grep -q "${local_access_comment}" && iptables -t nat -D OUTPUT `iptables -t nat -vnL OUTPUT --line-numbers | grep dpt:443 | grep "${local_access_comment}" | cut -d ' ' -f 1`
  iptables -t nat -vnL PREROUTING | grep dpt:80 | grep -q "${remote_access_comment}" && iptables -t nat -D PREROUTING `iptables -t nat -vnL PREROUTING --line-numbers | grep dpt:80 | grep "${remote_access_comment}" | cut -d ' ' -f 1`
  iptables -t nat -vnL OUTPUT | grep dpt:80 | grep -q "${local_access_comment}" && iptables -t nat -D OUTPUT `iptables -t nat -vnL OUTPUT --line-numbers | grep dpt:80 | grep "${local_access_comment}" | cut -d ' ' -f 1`
-  iptables -t nat -A OUTPUT -p tcp -d {{ public_ipv4.stdout }} --dport 443 -j DNAT --to $frontend_ipv4:4443 -m comment --comment "${local_access_comment}"
-  iptables -t nat -A PREROUTING -p tcp -d {{ public_ipv4.stdout }} --dport 443 -j DNAT --to-destination $frontend_ipv4:4443 -m comment --comment "${remote_access_comment}"
-  iptables -t nat -A OUTPUT -p tcp -d {{ public_ipv4.stdout }} --dport 80 -j DNAT --to $frontend_ipv4:8080 -m comment --comment "${local_access_comment}"
-  iptables -t nat -A PREROUTING -p tcp -d {{ public_ipv4.stdout }} --dport 80 -j DNAT --to-destination $frontend_ipv4:8080 -m comment --comment "${remote_access_comment}"
+  iptables -t nat -A OUTPUT -p tcp -d {{ ansible_default_ipv4.address }} --dport 443 -j DNAT --to $frontend_ipv4:4443 -m comment --comment "${local_access_comment}"
+  iptables -t nat -A PREROUTING -p tcp -d {{ ansible_default_ipv4.address }} --dport 443 -j DNAT --to-destination $frontend_ipv4:4443 -m comment --comment "${remote_access_comment}"
+  iptables -t nat -A OUTPUT -p tcp -d {{ ansible_default_ipv4.address }} --dport 80 -j DNAT --to $frontend_ipv4:8080 -m comment --comment "${local_access_comment}"
+  iptables -t nat -A PREROUTING -p tcp -d {{ ansible_default_ipv4.address }} --dport 80 -j DNAT --to-destination $frontend_ipv4:8080 -m comment --comment "${remote_access_comment}"
 fi