sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(global_defaults): add semantic validations for IP, hostname, LUKS method, and interface prefix

Browse Source
This commit is contained in:
Sandwich
2026-02-22 02:22:05 +01:00
parent 75267e5140
commit 5a9b346d72
2 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/global_defaults/defaults/main.yml
View File

@@ -34,6 +34,7 @@ hypervisor_defaults:
storage: ""
datacenter: ""
cluster: ""
folder: ""
certs: false
ssh: false

42
roles/global_defaults/tasks/validation.yml
View File

@@ -347,8 +347,48 @@
that:
- item is mapping
- item.bridge is defined and (item.bridge | string | length) > 0
fail_msg: "Each system.network.interfaces[] entry must be a dict with at least a 'bridge' key."
- >-
(item.ip | default('') | string | length) == 0
or (item.prefix | default('') | string | length) > 0
fail_msg: "Each system.network.interfaces[] entry must have a 'bridge' key and 'prefix' when 'ip' is set."
quiet: true
loop: "{{ system_cfg.network.interfaces }}"
loop_control:
label: "{{ item | to_json }}"
- name: Validate hostname format
ansible.builtin.assert:
that:
- hostname is regex("^[a-zA-Z0-9]([a-zA-Z0-9._-]*[a-zA-Z0-9])?$")
fail_msg: "hostname '{{ hostname }}' contains invalid characters. Use only alphanumeric, hyphens, dots, and underscores."
quiet: true
- name: Validate IP address format
when: system_cfg.network.ip is defined and (system_cfg.network.ip | string | length) > 0
ansible.builtin.assert:
that:
- system_cfg.network.ip is regex("^([0-9]{1,3}\\.){3}[0-9]{1,3}$")
fail_msg: "system.network.ip '{{ system_cfg.network.ip }}' is not a valid IPv4 address."
quiet: true
- name: Validate DNS server format
when:
- system_cfg.network.dns.servers is defined
- system_cfg.network.dns.servers | length > 0
ansible.builtin.assert:
that:
- item is regex("^([0-9]{1,3}\\.){3}[0-9]{1,3}$")
fail_msg: "DNS server '{{ item }}' is not a valid IPv4 address."
quiet: true
loop: "{{ system_cfg.network.dns.servers }}"
- name: Validate LUKS method
when: system_cfg.luks.enabled | bool
ansible.builtin.assert:
that:
- system_cfg.luks.method in ["tpm2", "keyfile"]
- >-
(system_cfg.luks.passphrase | string | length) > 0
fail_msg: "system.luks.method must be 'tpm2' or 'keyfile', and luks.passphrase must be set when LUKS is enabled."
quiet: true
no_log: true