Fix: Resolve recursive variable reference in Ansible playbooks

- Fix infinite loop in docker_registry_username/docker_registry_password variables - Use _default suffix variables in production.yml to avoid recursion - Make docker registry login optional (ignore_errors) for cases where auth isn't needed - Fix line endings in deploy.sh script
2025-10-31 11:31:43 +01:00
parent 957f43aac4
commit e66f98b84a
3 changed files with 11 additions and 6 deletions
--- a/deployment/ansible/inventory/production.yml
+++ b/deployment/ansible/inventory/production.yml
@@ -12,8 +12,9 @@ all:
    docker_registry: git.michaelschiemer.de:5000
    docker_registry_url: git.michaelschiemer.de:5000
    # Registry credentials (can be overridden via -e or vault)
-    docker_registry_username: "{{ docker_registry_username | default('admin') }}"
-    docker_registry_password: "{{ docker_registry_password | default('registry-secure-password-2025') }}"
+    # Defaults are set here, can be overridden by extra vars or vault
+    docker_registry_username_default: 'admin'
+    docker_registry_password_default: 'registry-secure-password-2025'

    # Application Configuration
    app_name: framework
--- a/deployment/ansible/playbooks/deploy-update.yml
+++ b/deployment/ansible/playbooks/deploy-update.yml
@@ -22,8 +22,8 @@

    - name: Derive docker registry credentials from vault when not provided
      set_fact:
-        docker_registry_username: "{{ docker_registry_username | default(vault_docker_registry_username | default(omit)) }}"
-        docker_registry_password: "{{ docker_registry_password | default(vault_docker_registry_password | default(omit)) }}"
+        docker_registry_username: "{{ docker_registry_username | default(vault_docker_registry_username | default(docker_registry_username_default | default('admin'))) }}"
+        docker_registry_password: "{{ docker_registry_password | default(vault_docker_registry_password | default(docker_registry_password_default | default('registry-secure-password-2025'))) }}"

    - name: Verify Docker is running
      systemd:
@@ -102,9 +102,13 @@
        username: "{{ docker_registry_username }}"
        password: "{{ docker_registry_password }}"
      no_log: yes
+      ignore_errors: yes
      when:
        - docker_registry_username is defined
        - docker_registry_password is defined
+        - docker_registry_username | length > 0
+        - docker_registry_password | length > 0
+      register: registry_login

    - name: Pull new Docker image
      community.docker.docker_image:
--- a/deployment/ansible/playbooks/rollback.yml
+++ b/deployment/ansible/playbooks/rollback.yml
@@ -19,8 +19,8 @@

    - name: Derive docker registry credentials from vault when not provided
      set_fact:
-        docker_registry_username: "{{ docker_registry_username | default(vault_docker_registry_username | default(omit)) }}"
-        docker_registry_password: "{{ docker_registry_password | default(vault_docker_registry_password | default(omit)) }}"
+        docker_registry_username: "{{ docker_registry_username | default(vault_docker_registry_username | default(docker_registry_username_default | default('admin'))) }}"
+        docker_registry_password: "{{ docker_registry_password | default(vault_docker_registry_password | default(docker_registry_password_default | default('registry-secure-password-2025'))) }}"

    - name: Check Docker service
      systemd: