Fix three critical errors preventing playbook execution:
1. Ansible syntax error in hypervisor detection
2. Missing OS-specific variable files
3. Invalid inventory plugin configuration
Changes to roles/system_info/tasks/detect_hypervisor.yml:
- Fix invalid failed_when at block level (line 75)
- Move failed_when: false to individual tasks within the block
- Ansible blocks don't support failed_when attribute directly
- Each libvirt detection task now has failed_when: false
Changes to roles/system_info/vars/:
- Create Debian.yml with Debian/Ubuntu specific variables
- Create RedHat.yml with RHEL/CentOS/Rocky/Alma variables
- Create Suse.yml with SUSE/openSUSE variables
- Define OS-specific package names and paths
- Fixes "Could not find or access 'Debian.yml'" error
Changes to inventories/development/libvirt_kvm.yml:
- Fix plugin name: libvirt_kvm → community.libvirt.libvirt
- Update URI to use local system: qemu:///system
- Fix compose variables: use ansible_libvirt_* prefix
- Fix groups conditions to use ansible_libvirt_state
- Fix keyed_groups to use ansible_libvirt_* variables
- Remove unsupported hypervisors array configuration
- Add strict: false for graceful error handling
Error details fixed:
ERROR 1: 'failed_when' is not a valid attribute for a Block
Location: detect_hypervisor.yml:42
Solution: Moved to individual tasks
ERROR 2: Could not find or access 'Debian.yml'
Location: roles/system_info/vars/
Solution: Created OS-specific variable files
ERROR 3: inventory config specifies unknown plugin 'libvirt_kvm'
Location: inventories/development/libvirt_kvm.yml
Solution: Corrected to community.libvirt.libvirt
Testing: These fixes resolve the playbook syntax errors and allow
the gather_system_info playbook to run successfully on available hosts.
Related to: ROLE_ANALYSIS_AND_IMPROVEMENTS.md recommendations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Security improvement to prevent sensitive cloud-init configuration
data from appearing in Ansible logs.
Changes:
- Add no_log: true to all cloud-init user-data template tasks
- Applies to Debian/Ubuntu user-data generation
- Applies to RHEL/CentOS/Rocky/Alma user-data generation
- Applies to SUSE/openSUSE user-data generation
Security rationale:
- Cloud-init user-data contains sensitive information:
* SSH keys and authorized_keys configuration
* User passwords (hashed but still sensitive)
* System configuration details
* Network configuration
- Following CLAUDE.md security guidelines
- Prevents accidental exposure in CI/CD logs
- Aligns with ansible-lint security best practices
Impact:
- No functional changes to role behavior
- Enhanced security posture
- Compliance with security-first principles
Related to: ROLE_ANALYSIS_AND_IMPROVEMENTS.md recommendation 2.2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
