Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various authentication fixes #7

Merged
merged 3 commits into from
Dec 15, 2024
Merged

Various authentication fixes #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aabf2bb
Fix error: profile name already in use
gizmoguy Dec 8, 2024
334d7d5
Fix browser auth when there are multiple hosts in the ansible play
gizmoguy Dec 15, 2024
6c761de
Reauthenticate with tailscale when advertised tags change
gizmoguy Dec 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ tailscale_valid_args:
- exit-node-allow-lan-access
- hostname
- netfilter-mode
- nickname
- operator
- shields-up
- snat-subnet-routes
Expand All @@ -48,6 +47,7 @@ tailscale_valid_login_args:
tailscale_valid_set_args:
- accept-risk
- auto-update
- nickname
- update-check
- webclient

Expand Down
7 changes: 4 additions & 3 deletions tasks/auth.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,18 @@
- name: Prompt user to authenticate with tailscale in web browser
ansible.builtin.pause:
prompt: |-
To authenticate {{ inventory_hostname }} with tailscale, visit:
To authenticate {{ item }} with tailscale, visit:

{{ _tailscale_state.AuthURL }}
{{ hostvars[item]["_tailscale_state"].AuthURL }}

Press enter to continue
loop: "{{ play_hosts }}"

- name: Wait for device to be authenticated and approved
ansible.builtin.command:
cmd: "tailscale status --peers=false --json"
register: _tailscale_status_cmd
retries: 10
retries: 15
delay: 5
until: (_tailscale_status_cmd.stdout | from_json).BackendState == "Running"
changed_when: false
Expand Down
7 changes: 7 additions & 0 deletions tasks/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
register: _configure_tailscaled
when: tailscale_config != {}

- name: Restart tailscaled when config changes

Check failure on line 21 in tasks/config.yml

View workflow job for this annotation

GitHub Actions / Ansible Lint

no-handler 

Tasks that run when changed should likely be handlers.
ansible.builtin.service:
name: tailscaled
state: restarted
Expand All @@ -41,21 +41,28 @@
ansible.builtin.include_tasks:
file: auth.yml
vars:
_tailscale_login_args: |-

Check warning on line 44 in tasks/config.yml

View workflow job for this annotation

GitHub Actions / Ansible Lint

jinja[spacing] 

Jinja2 spacing could be improved: {% for item in tailscale_args -%}
{% for item in tailscale_args -%}
{% if item.option in tailscale_valid_args + tailscale_valid_login_args -%}
--{{ item.option }}="{{ item.value }}"{{ " " if not loop.last else "" }}
{%- endif %}
{%- endfor %}
_configured_tags: >-
{{ tailscale_args
| selectattr("option", "equalto", "advertise-tags")
| map(attribute="value")
| map("split", ",")
| flatten }}
when:
- _tailscale_state.BackendState == "NeedsLogin"
or _tailscale_state.Self.Tags | default([]) | sort != _configured_tags | sort
tags: molecule-idempotence-notest

- name: Run tailscale set
ansible.builtin.command:
cmd: "tailscale set {{ _tailscale_set_args }}"
vars:
_tailscale_set_args: |-

Check warning on line 65 in tasks/config.yml

View workflow job for this annotation

GitHub Actions / Ansible Lint

jinja[spacing] 

Jinja2 spacing could be improved: {% for item in tailscale_args -%}
{% for item in tailscale_args -%}
{% if item.option in tailscale_valid_args + tailscale_valid_set_args -%}
--{{ item.option }}="{{ item.value }}"{{ " " if not loop.last else "" }}
Expand Down
Loading