Bad Jinja2 (YAML syntax error at runtime) in certificate generation

[viccross]

During ICIC deployment, the playbook fails at the certificate generation task. The task is using include_tasks to pull in the common certificate generation module. When I updated this to support all certificate generation types (by adding when statements to the openssl_pkcs12 tasks to pick the right one depending on the certificate being created) I used the wrong syntax.

[viccross]

An example:

when: "{% raw %}{{ item.filename }}{% endraw %}" == "zVM"

gives an error about incorrect bracket or quote usage, pointing at the !=.

I thought it was the Jinja2 raw tagging, but the problem was trying to expand the item.filename fact. I thought I would have to expand the fact, but it turns out that Ansible/Jinja2 knows that if I provide the name of a fact I want the value of that fact. So the correct example is:

when: item.filename == "zVM"

which is so much better because I can get rid of the raw tagging completely.

[viccross]

I found that the previous logic was flawed anyway. I was testing three conditions:

• if the filename was not "zVM"
• if the filename was "zVM"
• if the filename was "zVMLDAP".
  Clearly if the filename is zVMLDAP, two tasks will run (first and third). As it turns out his wouldn't break anything it would just be a duplication of work.

I've changed the first test to use ansible.builtin.match, like so:

when: 'item.filename is not match("zVM*")'

[viccross]

There are two create-certificate.yml.j2 files, one in setup-firstboot-ipconf (this one) and the other in setup-ocp-deployer. The one from firstboot seems to be present on the build ELANs now, but need to make sure there is no race between them! Let's check the one that's in ocp-deployer for currency and necessity.