convention for merging arrays
This commit is contained in:
parent
0af5ca03d4
commit
c43c830005
|
@ -216,6 +216,23 @@ When making a role or a task the necessary packages must be installed explicitly
|
|||
|
||||
For example for the "mysql" role we obviously need the MySQL packages, but we also need the "apg" package to generate new passwords. This package is installed by "evolinux-base" but the "mysql" role can be executed on a fresh server.
|
||||
|
||||
### merge arrays
|
||||
|
||||
Some roles need to have an array of values in a variable. For example, any roles use a list of trusted IP addresses (firewall, http auth, ssh whitelist…).
|
||||
It this array needs to include some values from a late file inclusion (from var_files, cli argument…) it becomes impossible to merge with another variable.
|
||||
|
||||
The workaround is to have 2 different default variables (eg. `evolix_trusted_ips` and `additional_trusted_ips`), witha default value of `[]` and merge them into the final variable. One of the variables (typically `evolix_xxx`) can be "hardcoded" in a vault and the final array remains extensible.
|
||||
|
||||
Example from the minifirewall role (with a final default value) :
|
||||
|
||||
```
|
||||
evolix_trusted_ips: []
|
||||
additional_trusted_ips: []
|
||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
||||
# and default to ['0.0.0.0/0'] if the result is still empty
|
||||
minifirewall_trusted_ips: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique | default(['0.0.0.0/0'], true) }}"
|
||||
```
|
||||
|
||||
## Caveats
|
||||
|
||||
### Unix permissions must be written as String values
|
||||
|
|
Loading…
Reference in New Issue