Escape Go template syntax in shell commands to prevent Ansible from
interpreting them as Jinja2 templates.
Errors fixed:
template error while templating string: unexpected '.'
String: docker version --format '{{.Server.Version}}'
String: docker images --format "{{.Repository}}:{{.Tag}}"
String: podman version --format '{{.Version}}'
Changes:
- Docker version check: Escape {{.Server.Version}}
- Docker images list: Escape {{.Repository}} and {{.Tag}}
- Podman version check: Escape {{.Version}}
Solution:
Convert {{ to {{ "{{" }} and }} to {{ "}}" }}
This tells Ansible to output literal {{ }} in the shell command
The Docker/Podman CLI then interprets the Go templates correctly
Example:
Before: '{{.Server.Version}}'
After: '{{ "{{" }}.Server.Version{{ "}}" }}'
Result: Shell receives '{{.Server.Version}}' as intended
Testing: Playbook now completes successfully without template errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Complete the fix for all block-level failed_when attributes in
hypervisor detection tasks. Ansible does not support failed_when
at the block level; it must be applied to individual tasks.
Changes:
- Fix Proxmox VE block (line 94-121)
* Move failed_when: false to each task in the block
* Remove invalid block-level failed_when
- Fix LXD/LXC block (line 135-162)
* Move failed_when: false to each task in the block
* Remove invalid block-level failed_when
- Fix Docker block (line 176-199)
* Move failed_when: false to each task in the block
* Remove invalid block-level failed_when
All hypervisor detection blocks now have proper error handling:
✅ libvirt - fixed in previous commit
✅ Proxmox VE - fixed in this commit
✅ LXD/LXC - fixed in this commit
✅ Docker - fixed in this commit
This resolves the recurring Ansible syntax error:
ERROR! 'failed_when' is not a valid attribute for a Block
The playbook should now execute without syntax errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fix three critical errors preventing playbook execution:
1. Ansible syntax error in hypervisor detection
2. Missing OS-specific variable files
3. Invalid inventory plugin configuration
Changes to roles/system_info/tasks/detect_hypervisor.yml:
- Fix invalid failed_when at block level (line 75)
- Move failed_when: false to individual tasks within the block
- Ansible blocks don't support failed_when attribute directly
- Each libvirt detection task now has failed_when: false
Changes to roles/system_info/vars/:
- Create Debian.yml with Debian/Ubuntu specific variables
- Create RedHat.yml with RHEL/CentOS/Rocky/Alma variables
- Create Suse.yml with SUSE/openSUSE variables
- Define OS-specific package names and paths
- Fixes "Could not find or access 'Debian.yml'" error
Changes to inventories/development/libvirt_kvm.yml:
- Fix plugin name: libvirt_kvm → community.libvirt.libvirt
- Update URI to use local system: qemu:///system
- Fix compose variables: use ansible_libvirt_* prefix
- Fix groups conditions to use ansible_libvirt_state
- Fix keyed_groups to use ansible_libvirt_* variables
- Remove unsupported hypervisors array configuration
- Add strict: false for graceful error handling
Error details fixed:
ERROR 1: 'failed_when' is not a valid attribute for a Block
Location: detect_hypervisor.yml:42
Solution: Moved to individual tasks
ERROR 2: Could not find or access 'Debian.yml'
Location: roles/system_info/vars/
Solution: Created OS-specific variable files
ERROR 3: inventory config specifies unknown plugin 'libvirt_kvm'
Location: inventories/development/libvirt_kvm.yml
Solution: Corrected to community.libvirt.libvirt
Testing: These fixes resolve the playbook syntax errors and allow
the gather_system_info playbook to run successfully on available hosts.
Related to: ROLE_ANALYSIS_AND_IMPROVEMENTS.md recommendations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Security improvement to prevent sensitive cloud-init configuration
data from appearing in Ansible logs.
Changes:
- Add no_log: true to all cloud-init user-data template tasks
- Applies to Debian/Ubuntu user-data generation
- Applies to RHEL/CentOS/Rocky/Alma user-data generation
- Applies to SUSE/openSUSE user-data generation
Security rationale:
- Cloud-init user-data contains sensitive information:
* SSH keys and authorized_keys configuration
* User passwords (hashed but still sensitive)
* System configuration details
* Network configuration
- Following CLAUDE.md security guidelines
- Prevents accidental exposure in CI/CD logs
- Aligns with ansible-lint security best practices
Impact:
- No functional changes to role behavior
- Enhanced security posture
- Compliance with security-first principles
Related to: ROLE_ANALYSIS_AND_IMPROVEMENTS.md recommendation 2.2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
