From 0e9b7e5d5fb7825d503c745a24c970bf41ed9455 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 29 Feb 2024 12:28:15 +0100 Subject: [PATCH 1/2] sap_maintain_etc_hosts: no longer use ansible.utils.ip Checking the ip address against a regex pattern should be sufficient to ensure valid IP addresses are passed to the role. Solves issue #667. Signed-off-by: Bernd Finger --- roles/sap_maintain_etc_hosts/defaults/main.yml | 4 ++++ roles/sap_maintain_etc_hosts/meta/argument_specs.yml | 12 ++++++++++++ .../tasks/update_host_present.yml | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/sap_maintain_etc_hosts/defaults/main.yml b/roles/sap_maintain_etc_hosts/defaults/main.yml index bd6c1cf5b..718730176 100644 --- a/roles/sap_maintain_etc_hosts/defaults/main.yml +++ b/roles/sap_maintain_etc_hosts/defaults/main.yml @@ -45,3 +45,7 @@ # the role creates a default value from ansible_facts sap_maintain_etc_hosts_list: "{{ sap_hana_cluster_nodes | default(sap_ha_pacemaker_cluster_cluster_nodes) | default(omit) }}" + +# regex patterns for IP address validation: +sap_maintain_etc_hosts_regexp_ipv4: '^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$' +sap_maintain_etc_hosts_regexp_ipv6: '^(?:[a-fA-F0-9]{0,4}:){7}[a-fA-F0-9]{0,4}$' diff --git a/roles/sap_maintain_etc_hosts/meta/argument_specs.yml b/roles/sap_maintain_etc_hosts/meta/argument_specs.yml index 4244e41ed..a52430bf7 100644 --- a/roles/sap_maintain_etc_hosts/meta/argument_specs.yml +++ b/roles/sap_maintain_etc_hosts/meta/argument_specs.yml @@ -82,3 +82,15 @@ argument_specs: state: absent - node_name: host2 state: absent + + sap_maintain_etc_hosts_regexp_ipv4: + default: '^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$' + description: + - regex pattern for IPv4 address validation + type: str + + sap_maintain_etc_hosts_regexp_ipv6: + default: '^(?:[a-fA-F0-9]{0,4}:){7}[a-fA-F0-9]{0,4}$' + description: + - regex pattern for IPv6 address validation + type: str diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml index 54714284c..43caec15d 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml @@ -6,7 +6,8 @@ - name: Verify that variable node_ip is in the correct format ansible.builtin.assert: - that: thishost.node_ip is ansible.utils.ip + that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or + thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) msg: "Variable 'node_ip' is not an IP address. Please use the correct format" - name: Verify that variable node_name is set From 8b8748f9c40d087bbae78eaf80f916d83bf40543 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 29 Feb 2024 12:41:26 +0100 Subject: [PATCH 2/2] sap_maintain_etc_hosts: use the regex method also for assert Relates to #667. Signed-off-by: Bernd Finger --- roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml index dddf8f467..135023b18 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml @@ -1,7 +1,8 @@ --- - name: Verify that variable node_ip is in the correct format ansible.builtin.assert: - that: thishost.node_ip is ansible.utils.ip + that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or + thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) msg: "Variable 'node_ip' is not an IP address. Please use the correct format" when: thisnode.node_ip is defined