Don't set CA facts if ipsec is disabled

2025-08-10 23:03:03 +02:00 · 2019-05-23 17:03:18 +02:00 · 2019-05-23 17:03:18 +02:00 · 40b5404c59
commit 40b5404c59
parent ecb4e555b4
1 changed files with 15 additions and 15 deletions
--- a/users.yml
+++ b/users.yml
@ -51,21 +51,21 @@
          include_vars:
            file: "configs/{{ algo_server }}/.config.yml"

-        - name: CA password prompt
-          pause:
-            prompt: Enter the password for the private CA key
-            echo: false
-          register: _ca_password
-          when:
-            - ca_password is undefined
-            - ipsec_enabled
+        - when: ipsec_enabled
+          block:
+          - name: CA password prompt
+            pause:
+              prompt: Enter the password for the private CA key
+              echo: false
+            register: _ca_password
+            when: ca_password is undefined

-        - name: Set facts based on the input
-          set_fact:
-            CA_password: >-
-              {% if ca_password is defined %}{{ ca_password }}
-              {%- elif _ca_password.user_input %}{{ _ca_password.user_input }}
-              {%- else %}omit{% endif %}
+          - name: Set facts based on the input
+            set_fact:
+              CA_password: >-
+                {% if ca_password is defined %}{{ ca_password }}
+                {%- elif _ca_password.user_input %}{{ _ca_password.user_input }}
+                {%- else %}omit{% endif %}

        - name: Local pre-tasks
          import_tasks: playbooks/cloud-pre.yml
@ -78,7 +78,7 @@
            ansible_ssh_user: "{{ server_user|default('root') }}"
            ansible_connection: "{% if algo_server == 'localhost' %}local{% else %}ssh{% endif %}"
            ansible_python_interpreter: "/usr/bin/python3"
-            CA_password: "{{ CA_password }}"
+            CA_password: "{{ CA_password|default(omit) }}"
      rescue:
        - include_tasks: playbooks/rescue.yml