-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot delegate to a host defined by a variable whose value is determined using ansible_facts, for package module #82598
Comments
Files identified in the description:
If these files are incorrect, please update the |
note: caused by 'facts' being flagged 'unsafe' and the |
There has not been a quick fix for this so I had a look at potential workarounds to allow me to move my Ansible version forward. It seems that adding the
|
See ansible/ansible#82598 Setting the 'use' parameter to something other than 'auto' should cause a different code path to be use in the package action plugin which could avoid the templating unsafe text inside the plugin. Change-Id: I0c14510eb625d74a654a6398387ab74c4355a4e8
* Update ansible-role-python_venv_build from branch 'master' to d80a61f81089338e5dc9a2cfd98ee3d322014c3a - Workaround ansible unsafe text templating bug See ansible/ansible#82598 Setting the 'use' parameter to something other than 'auto' should cause a different code path to be use in the package action plugin which could avoid the templating unsafe text inside the plugin. Change-Id: I0c14510eb625d74a654a6398387ab74c4355a4e8
See ansible/ansible#82598 Setting the 'use' parameter to something other than 'auto' should cause a different code path to be use in the package action plugin which could avoid the templating unsafe text inside the plugin. Change-Id: I0c14510eb625d74a654a6398387ab74c4355a4e8 (cherry picked from commit d80a61f)
Summary
When delegating to a host, you might have some logic that decides which host to delegate to.
An example of that might be using the CPU architecture from ansible_facts to delegate a task to another host which must be the same architecture. This is a contrived example for the purpose of this bug report.
If the logic that determines the delegate_to target uses a regular host variable the resulting type will be AnsibleUnicode and whatever is passed to delegate_to is templated correctly. If ansible_facts[] is used to determine the delegate_to target then the type will be AnsibleUnsafeText and templating of the variable will not happen.
git-bisect indicates that this change behaviour was introduced in fea1304
This https://github.com/ansible/ansible/blob/v2.15.8/lib/ansible/plugins/action/package.py#L49
leads to https://github.com/ansible/ansible/blob/v2.15.8/lib/ansible/template/__init__.py#L744-L746
and returns the original untemplated text as the module name
There are other action plugins (service for example) which use the same templating pattern for delegation and I expect these fail in the same way.
Issue Type
Bug Report
Component Name
package, service
Ansible Version
Configuration
OS / Environment
Darwin RD012343 21.6.0 Darwin Kernel Version 21.6.0: Wed Oct 4 23:55:28 PDT 2023; root:xnu-8020.240.18.704.15~1/RELEASE_X86_64 x86_64
Also reproducible on ubuntu 22.04
Steps to Reproduce
Expected Results
I expected the task to be delegated to the host computed by the variable delegate_host2 as has happened in ansible versions prior to 2.15.7.
Actual Results
Code of Conduct
The text was updated successfully, but these errors were encountered: