From 634c60962655c9f4db14135a7dc622debfe68e1b Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Thu, 30 May 2019 07:20:45 +0200
Subject: [PATCH] Don't set CA facts if IPsec is disabled (#1446)

* Don't set CA facts if ipsec is disabled

* localhost update-users fix
---
 config.cfg |  2 +-
 users.yml  | 37 ++++++++++++++++++++-----------------
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/config.cfg b/config.cfg
index cf0318e..3b6745a 100644
--- a/config.cfg
+++ b/config.cfg
@@ -114,7 +114,7 @@ congrats:
   p12_pass: |
     "#        The p12 and SSH keys password for new users is {{ p12_export_password }}       #"
   ca_key_pass: |
-    "#        The CA key password is {{ CA_password }}       #"
+    "#        The CA key password is {{ CA_password|default(omit) }}       #"
   ssh_access: |
     "#      Shell access: ssh -i {{ ansible_ssh_private_key_file|default(omit) }} {{ ansible_ssh_user|default(omit) }}@{{ ansible_ssh_host|default(omit) }}        #"
 
diff --git a/users.yml b/users.yml
index a77676c..540a158 100644
--- a/users.yml
+++ b/users.yml
@@ -25,7 +25,8 @@
           set_fact:
             server_list: >-
               [{% for i in _configs_list.files %}
-                '{{ i.path.split('/')[1] }}'
+                {% set config  = lookup('file', i.path)|from_yaml %}
+                '{{ config.server }}'
                 {{ ',' if not loop.last else '' }}
               {% endfor %}]
 
@@ -51,21 +52,21 @@
           include_vars:
             file: "configs/{{ algo_server }}/.config.yml"
 
-        - name: CA password prompt
-          pause:
-            prompt: Enter the password for the private CA key
-            echo: false
-          register: _ca_password
-          when:
-            - ca_password is undefined
-            - ipsec_enabled
+        - when: ipsec_enabled
+          block:
+          - name: CA password prompt
+            pause:
+              prompt: Enter the password for the private CA key
+              echo: false
+            register: _ca_password
+            when: ca_password is undefined
 
-        - name: Set facts based on the input
-          set_fact:
-            CA_password: >-
-              {% if ca_password is defined %}{{ ca_password }}
-              {%- elif _ca_password.user_input %}{{ _ca_password.user_input }}
-              {%- else %}omit{% endif %}
+          - name: Set facts based on the input
+            set_fact:
+              CA_password: >-
+                {% if ca_password is defined %}{{ ca_password }}
+                {%- elif _ca_password.user_input %}{{ _ca_password.user_input }}
+                {%- else %}omit{% endif %}
 
         - name: Local pre-tasks
           import_tasks: playbooks/cloud-pre.yml
@@ -78,7 +79,7 @@
             ansible_ssh_user: "{{ server_user|default('root') }}"
             ansible_connection: "{% if algo_server == 'localhost' %}local{% else %}ssh{% endif %}"
             ansible_python_interpreter: "/usr/bin/python3"
-            CA_password: "{{ CA_password }}"
+            CA_password: "{{ CA_password|default(omit) }}"
       rescue:
         - include_tasks: playbooks/rescue.yml
 
@@ -111,7 +112,9 @@
       - debug:
           msg:
             - "{{ congrats.common.split('\n') }}"
-            - "    {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"
+            - "    {{ congrats.p12_pass if algo_ssh_tunneling or ipsec_enabled else '' }}"
+            - "    {{ congrats.ca_key_pass if algo_store_cakey and ipsec_enabled else '' }}"
+            - "    {{ congrats.ssh_access if algo_provider != 'local' else ''}}"
         tags: always
       rescue:
         - include_tasks: playbooks/rescue.yml