refactor(global_defaults): single source of truth for family-default resolution

2026-05-28 17:25:23 +02:00
parent 00acd4d200
commit 441876fab9
6 changed files with 49 additions and 70 deletions
--- a/roles/global_defaults/tasks/system.yml
+++ b/roles/global_defaults/tasks/system.yml
@@ -1,10 +1,7 @@
 ---
-# Two code paths:
-#   1. Fresh run (system_cfg undefined): normalize from raw `system` input.
-#   2. Pre-computed (system_cfg already set, e.g. from main project's deploy_iac):
-#      merge with bootstrap system_defaults to fill missing fields (luks, features,
-#      etc.) that bootstrap expects but the main project doesn't set, then derive
-#      convenience facts (hostname, os, os_version).
+# Fresh run normalizes raw `system` input. A pre-computed system_cfg (from the main
+# project's deploy_iac) is instead merged with system_defaults to fill the fields
+# bootstrap expects, then convenience facts are derived.
 - name: Normalize system and disk configuration
  when: system_cfg is not defined
  block:
@@ -50,37 +47,6 @@
  ansible.builtin.set_fact:
    system_cfg: "{{ system_defaults | combine(system | default({}), recursive=True) | combine(system_cfg, recursive=True) }}"

- name: Apply family defaults (content source, firewall backend) for pre-computed system_cfg
-  when:
-    - system_cfg is defined
-    - _bootstrap_needs_enrichment | default(false) | bool
-  vars:
-    # Same family resolution as _normalize_system.yml - kept in sync manually.
-    _mirror_defaults:
-      debian: "https://deb.debian.org/debian/"
-      ubuntu: "http://archive.ubuntu.com/ubuntu/"
-      ubuntu-lts: "http://archive.ubuntu.com/ubuntu/"
-    _os: "{{ system_cfg.os | default('') | string | lower }}"
-  ansible.builtin.set_fact:
-    system_cfg: >-
-      {{
-        system_cfg | combine({
-          'content': {
-            'source': system_cfg.content.source
-                      if (system_cfg.content.source | default('') | string | trim | length > 0)
-                      else ('dvd' if _os == 'rhel' else 'mirror'),
-            'url': system_cfg.content.url
-                   if (system_cfg.content.url | default('') | string | trim | length > 0)
-                   else (_mirror_defaults[_os] | default('')),
-          },
-          'features': {'firewall': {'backend':
-            system_cfg.features.firewall.backend
-            if (system_cfg.features.firewall.backend | default('') | string | trim | length > 0)
-            else ('ufw' if _os in ['debian', 'ubuntu', 'ubuntu-lts'] else 'firewalld')
-          }},
-        }, recursive=True)
-      }}
-
 - name: Populate primary network fields from first interface (pre-computed)
  when:
    - system_cfg is defined
@@ -117,3 +83,8 @@
    - system_cfg is defined
    - install_drive is not defined
  ansible.builtin.include_tasks: _normalize_disks.yml
+
+# Runs on every path before validation, so an empty firewall.backend / content.source
+# resolves to the family default even when system_cfg arrived pre-computed.
+- name: Apply family defaults (content source, firewall backend)
+  ansible.builtin.include_tasks: _apply_family_defaults.yml