Remove matrix_playbook_traefik_certs_dumper_role_enabled in favor of just devture_traefik_certs_dumper_enabled

We don't need these 2 roughly-the-same settings related to the traefik-certs-dumper role. For Traefik, it makes sense, because it's a component used by the various related playbooks and they could step onto each other's toes if the role is enabled, but Traefik is disabled (in that case, uninstall tasks will run). As for Traefik certs dumper, the other related playbooks don't have it, so there's no conflict. Even if they used it, each one would use its own instance (different `devture_traefik_certs_dumper_identifier`), so there wouldn't be a conflict and uninstall tasks can run without any danger.
2023-03-01 09:29:14 +02:00 · 2023-03-01 09:29:14 +02:00 · f7149103e4
commit f7149103e4
parent f372403d22
3 changed files with 8 additions and 12 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -38,12 +38,10 @@ matrix_playbook_traefik_role_enabled: "{{ matrix_playbook_reverse_proxy_type !=
 # installed in another way.
 matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"

-matrix_playbook_traefik_certs_dumper_role_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"
-
 # Controls the additional network that reverse-proxyable services will be connected to.
 matrix_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"

-matrix_playbook_ssl_retrieval_method: "{{ 'lets-encrypt' if matrix_playbook_traefik_certs_dumper_role_enabled else matrix_ssl_retrieval_method }}"
+matrix_playbook_ssl_retrieval_method: "{{ 'lets-encrypt' if devture_traefik_certs_dumper_enabled else matrix_ssl_retrieval_method }}"

 matrix_playbook_ssl_enabled: "{{ matrix_playbook_ssl_retrieval_method in ['lets-encrypt', 'self-signed', 'manually-managed'] }}"

@ -360,7 +358,7 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{'name': 'devture-traefik.service', 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
    +
-    ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if matrix_playbook_traefik_certs_dumper_role_enabled else [])
+    ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else [])
  }}

 ########################################################################
@ -1789,7 +1787,7 @@ matrix_bot_postmoogle_systemd_required_services_list: |
    +
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
    +
-    (matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and matrix_playbook_traefik_certs_dumper_role_enabled else [])
+    (matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled else [])
  }}

 # Postgres is the default, except if not using internal Postgres server
@ -2131,7 +2129,7 @@ matrix_coturn_container_additional_volumes: |
         'dst': '/privatekey.key',
         'options': 'ro',
       },
-      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and matrix_playbook_traefik_certs_dumper_role_enabled and matrix_coturn_tls_enabled else []
+      ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
    )
  }}

@ -2139,7 +2137,7 @@ matrix_coturn_systemd_required_services_list: |
  {{
    ['docker.service']
    +
-    ([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and matrix_playbook_traefik_certs_dumper_role_enabled and matrix_coturn_tls_enabled else [])
+    ([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
  }}

 ######################################################################
@ -3807,9 +3805,7 @@ devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_ad
 #                                                                      #
 ########################################################################

-# To completely disable the Traefik certs dumper role from running, use `matrix_playbook_traefik_certs_dumper_role_enabled: false`.
-# See the comment there for more details about why we have both `devture_traefik_certs_dumper_enabled` and `matrix_playbook_traefik_certs_dumper_role_enabled`.
-devture_traefik_certs_dumper_enabled: "{{ matrix_playbook_traefik_certs_dumper_role_enabled }}"
+devture_traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"

 devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper

--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@ -121,8 +121,7 @@
    - when: matrix_playbook_traefik_role_enabled | bool
      role: galaxy/com.devture.ansible.role.traefik

-    - when: matrix_playbook_traefik_certs_dumper_role_enabled | bool
-      role: galaxy/com.devture.ansible.role.traefik_certs_dumper
+    - role: galaxy/com.devture.ansible.role.traefik_certs_dumper

    - when: devture_systemd_service_manager_enabled | bool
      role: galaxy/com.devture.ansible.role.systemd_service_manager
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@ -36,6 +36,7 @@
    - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'}
    - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'}
    - {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled'}
+    - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'}

 - name: (Deprecation) Catch and report matrix_postgres variables
  ansible.builtin.fail: