refactor(virtualization): extract shared Xen disk definitions

refactor: remove unnecessary changed_when from set_fact tasks
refactor(partitioning): remove redundant blockdev --rereadpt calls
2026-03-12 12:27:18 +01:00 · 2026-03-12 12:25:45 +01:00 · 2026-03-12 12:25:15 +01:00 · 2026-03-12 12:24:59 +01:00 · 2026-03-12 12:12:27 +01:00 · 2026-03-12 12:12:27 +01:00
13 changed files with 32 additions and 66 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,5 +1,6 @@
 skip_list:
  - run-once
  - var-naming[no-role-prefix] # user-facing API dicts (cis, system, hypervisor) are intentionally not role-prefixed
+  - args[module] # false positives from variable-based module_defaults (_proxmox_auth, _vmware_auth)
 exclude_paths:
  - roles/global_defaults/
--- a/roles/cleanup/tasks/libvirt.yml
+++ b/roles/cleanup/tasks/libvirt.yml
@@ -14,7 +14,6 @@
    - name: Initialize cleaned VM XML
      ansible.builtin.set_fact:
        cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_get_xml.get_xml }}"
-      changed_when: false

    - name: Remove boot ISO device from VM XML (source match)
      when: boot_iso is defined and boot_iso | length > 0
@@ -28,7 +27,6 @@
      when: boot_iso is defined and boot_iso | length > 0
      ansible.builtin.set_fact:
        cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_boot_source.xmlstring }}"
-      changed_when: false

    - name: Remove boot ISO device from VM XML (target fallback)
      community.general.xml:
@@ -40,7 +38,6 @@
    - name: Update cleaned VM XML after removing boot ISO
      ansible.builtin.set_fact:
        cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_boot.xmlstring }}"
-      changed_when: false

    - name: Remove cloud-init ISO device from VM XML (source match)
      community.general.xml:
@@ -52,7 +49,6 @@
    - name: Update cleaned VM XML after removing cloud-init ISO source match
      ansible.builtin.set_fact:
        cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_cloudinit_source.xmlstring }}"
-      changed_when: false

    - name: Remove cloud-init ISO device from VM XML (target fallback)
      community.general.xml:
@@ -64,7 +60,6 @@
    - name: Update cleaned VM XML after removing cloud-init ISO
      ansible.builtin.set_fact:
        cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_cloudinit.xmlstring }}"
-      changed_when: false

    - name: Strip XML declaration for libvirt define
      ansible.builtin.set_fact:
@@ -76,7 +71,6 @@
            | regex_replace("(?i)encoding=[\"'][^\"']+[\"']", "")
            | trim
          }}
-      changed_when: false

    - name: Update VM definition without installer media
      community.libvirt.virt:
--- a/roles/cleanup/tasks/proxmox.yml
+++ b/roles/cleanup/tasks/proxmox.yml
@@ -25,3 +25,4 @@
      community.proxmox.proxmox_kvm:
        vmid: "{{ system_cfg.id }}"
        state: restarted
+      no_log: true
--- a/roles/cleanup/tasks/xen.yml
+++ b/roles/cleanup/tasks/xen.yml
@@ -7,34 +7,11 @@
    xen_installer_media_enabled: "{{ xen_installer_media_enabled | default(false) }}"
  block:
    - name: Ensure Xen disk definitions exist
-      when: virtualization_xen_disks is not defined
-      ansible.builtin.set_fact:
-        cleanup_xen_disks: "{{ cleanup_xen_disks | default([]) + [cleanup_xen_disk_cfg] }}"
-      vars:
-        device_letter_map: "{{ disk_letter_map }}"
-        device_letter: "{{ device_letter_map[ansible_loop.index0] }}"
-        cleanup_xen_disk_cfg: >-
-          {{
-            {
-              'path': (
-                virtualization_xen_disk_path ~ '/' ~ hostname ~ '.qcow2'
-                if ansible_loop.index0 == 0
-                else virtualization_xen_disk_path ~ '/' ~ hostname ~ '-disk' ~ ansible_loop.index0 ~ '.qcow2'
-              ),
-              'target': 'xvd' ~ device_letter,
-              'size': (item.size | float)
-            }
-          }}
-      loop: "{{ system_cfg.disks }}"
-      loop_control:
-        label: "{{ item | to_json }}"
-        extended: true
-      changed_when: false
+      ansible.builtin.include_tasks: ../../virtualization/tasks/_xen_disks.yml

    - name: Render Xen VM configuration without installer media
      vars:
        xen_installer_media_enabled: false
-        virtualization_xen_disks: "{{ virtualization_xen_disks | default(cleanup_xen_disks | default([])) }}"
      ansible.builtin.template:
        src: xen.cfg.j2
        dest: /tmp/xen-{{ hostname }}.cfg
--- a/roles/configuration/tasks/encryption/keyfile.yml
+++ b/roles/configuration/tasks/encryption/keyfile.yml
@@ -86,7 +86,6 @@
            device: "{{ configuration_luks_device }}"
            passphrase: "{{ configuration_luks_passphrase }}"
            new_keyfile: "/mnt{{ configuration_luks_keyfile_path }}"
-          register: configuration_luks_addkey_retry
          failed_when: false
          no_log: true

--- a/roles/configuration/tasks/encryption/tpm2.yml
+++ b/roles/configuration/tasks/encryption/tpm2.yml
@@ -80,11 +80,10 @@
          host stderr={{ configuration_luks_tpm2_enroll_host.stderr | default('') }}
  rescue:
    - name: Warn about TPM2 enrollment failure
-      ansible.builtin.fail:
+      ansible.builtin.debug:
        msg: >-
          WARNING: TPM2 enrollment failed — falling back to keyfile auto-decrypt.
          The system will use a keyfile instead of TPM2 for automatic LUKS unlock.
-      ignore_errors: true

    - name: Fallback to keyfile auto-decrypt
      ansible.builtin.set_fact:
--- a/roles/partitioning/tasks/_create_filesystems.yml
+++ b/roles/partitioning/tasks/_create_filesystems.yml
@@ -24,7 +24,6 @@
      ansible.builtin.command: >-
        tune2fs -O "^orphan_file,^metadata_csum_seed"
        "{{ install_drive }}{{ partitioning_part_sep }}{{ partitioning_boot_fs_partition_suffix }}"
-      register: partitioning_boot_ext4_tune_result
      changed_when: false

    - name: Create swap filesystem
--- a/roles/partitioning/tasks/_create_partitions.yml
+++ b/roles/partitioning/tasks/_create_partitions.yml
@@ -65,9 +65,7 @@
          ansible.builtin.command: "{{ item }}"
          loop:
            - "partprobe {{ install_drive }}"
-            - "blockdev --rereadpt {{ install_drive }}"
            - "udevadm settle"
-          register: partitioning_partprobe_result
          changed_when: false
          failed_when: false

@@ -91,9 +89,7 @@
          ansible.builtin.command: "{{ item }}"
          loop:
            - "partprobe {{ install_drive }}"
-            - "blockdev --rereadpt {{ install_drive }}"
            - "udevadm settle"
-          register: partitioning_partprobe_retry
          changed_when: false
          failed_when: false

@@ -116,6 +112,5 @@
      loop:
        - "partprobe {{ install_drive }}"
        - "udevadm settle"
-      register: partitioning_partprobe_settle
      changed_when: false
      failed_when: false
--- a/roles/partitioning/tasks/_setup_luks.yml
+++ b/roles/partitioning/tasks/_setup_luks.yml
@@ -21,7 +21,6 @@
          algorithm: "{{ system_cfg.luks.pbkdf }}"
          iteration_time: "{{ (system_cfg.luks.iter | float) / 1000 }}"
        passphrase: "{{ system_cfg.luks.passphrase | string }}"
-      register: partitioning_luks_format_result
      no_log: true

    - name: Force-close LUKS mapper
@@ -51,7 +50,6 @@
            name: "{{ system_cfg.luks.mapper }}"
            passphrase: "{{ system_cfg.luks.passphrase | string }}"
            allow_discards: "{{ 'discard' in (system_cfg.luks.options | lower) }}"
-          register: partitioning_luks_open_result
          no_log: true
      rescue:
        - name: Force-close stale LUKS mapper
@@ -79,7 +77,6 @@
            name: "{{ system_cfg.luks.mapper }}"
            passphrase: "{{ system_cfg.luks.passphrase | string }}"
            allow_discards: "{{ 'discard' in (system_cfg.luks.options | lower) }}"
-          register: partitioning_luks_open_retry
          no_log: true

    - name: Get LUKS UUID
--- a/roles/partitioning/tasks/btrfs.yml
+++ b/roles/partitioning/tasks/btrfs.yml
@@ -56,7 +56,6 @@
        - { subvol: var_log_audit }
      loop_control:
        label: "{{ item.subvol }}"
-      register: partitioning_btrfs_subvol_result

    - name: Set quotas for subvolumes
      when: system_cfg.features.cis.enabled | bool
@@ -74,7 +73,6 @@
        btrfs filesystem mkswapfile --size {{ partitioning_swap_size_gb }}g --uuid clear /mnt/@swap/swapfile
      args:
        creates: /mnt/@swap/swapfile
-      register: partitioning_btrfs_swap_result

    - name: Unmount Partition
      ansible.posix.mount:
--- a/roles/virtualization/tasks/_xen_disks.yml
+++ b/roles/virtualization/tasks/_xen_disks.yml
@@ -0,0 +1,26 @@
+---
+- name: Build Xen disk definitions
+  when: virtualization_xen_disks is not defined
+  block:
+    - name: Compute Xen disk configuration
+      ansible.builtin.set_fact:
+        virtualization_xen_disks: "{{ virtualization_xen_disks | default([]) + [_xen_disk_cfg] }}"
+      vars:
+        device_letter_map: "{{ disk_letter_map }}"
+        device_letter: "{{ device_letter_map[ansible_loop.index0] }}"
+        _xen_disk_cfg: >-
+          {{
+            {
+              'path': (
+                virtualization_xen_disk_path ~ '/' ~ hostname ~ '.qcow2'
+                if ansible_loop.index0 == 0
+                else virtualization_xen_disk_path ~ '/' ~ hostname ~ '-disk' ~ ansible_loop.index0 ~ '.qcow2'
+              ),
+              'target': 'xvd' ~ device_letter,
+              'size': (item.size | float)
+            }
+          }}
+      loop: "{{ system_cfg.disks }}"
+      loop_control:
+        label: "{{ item | to_json }}"
+        extended: true
--- a/roles/virtualization/tasks/delete.yml
+++ b/roles/virtualization/tasks/delete.yml
@@ -70,6 +70,7 @@
          - xl
          - destroy
          - "{{ hostname }}"
+      changed_when: false
      failed_when: false

    - name: Remove Xen VM config
--- a/roles/virtualization/tasks/xen.yml
+++ b/roles/virtualization/tasks/xen.yml
@@ -2,28 +2,7 @@
 - name: Deploy VM on Xen
  block:
    - name: Build disk definitions
-      ansible.builtin.set_fact:
-        virtualization_xen_disks: "{{ virtualization_xen_disks | default([]) + [virtualization_xen_disk_cfg] }}"
-      vars:
-        device_letter_map: "{{ disk_letter_map }}"
-        device_letter: "{{ device_letter_map[ansible_loop.index0] }}"
-        virtualization_xen_disk_cfg: >-
-          {{
-            {
-              'path': (
-                virtualization_xen_disk_path ~ '/' ~ hostname ~ '.qcow2'
-                if ansible_loop.index0 == 0
-                else virtualization_xen_disk_path ~ '/' ~ hostname ~ '-disk' ~ ansible_loop.index0 ~ '.qcow2'
-              ),
-              'target': 'xvd' ~ device_letter,
-              'size': (item.size | float)
-            }
-          }}
-      loop: "{{ system_cfg.disks }}"
-      loop_control:
-        label: "{{ item | to_json }}"
-        extended: true
-      changed_when: false
+      ansible.builtin.include_tasks: _xen_disks.yml

    - name: Create VM disks for Xen
      delegate_to: localhost
Author	SHA1	Message	Date
Sandwich	4336d864b3	refactor(virtualization): extract shared Xen disk definitions	2026-03-12 12:27:18 +01:00
Sandwich	62e50c19ff	refactor: remove unnecessary changed_when from set_fact tasks	2026-03-12 12:25:45 +01:00
Sandwich	b7cf1b10a9	refactor(partitioning): remove redundant blockdev --rereadpt calls	2026-03-12 12:25:15 +01:00
Sandwich	fc2d924349	refactor(partitioning): remove unused register variables	2026-03-12 12:24:59 +01:00
Sandwich	67e3753ece	chore: suppress args[module] false positives from variable-based module_defaults	2026-03-12 12:12:27 +01:00
Sandwich	da9e287e56	fix(cleanup): add no_log to Proxmox VM restart task	2026-03-12 12:12:27 +01:00
Sandwich	a8ea4f0962	fix(virtualization): add missing changed_when to Xen VM stop task	2026-03-12 12:12:27 +01:00
Sandwich	754668b734	fix(configuration): replace fail+ignore_errors with debug for TPM2 fallback warning	2026-03-12 12:12:27 +01:00