ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit 05add8745a5225ae35c3310d1e5a375bfafb26d1
parent a841cbc9b5d334c97c59ef111784ff47532cbccc
Author: Florian Dold <florian@dold.me>
Date:   Wed, 27 May 2026 01:17:13 +0200

fix more ansible deprecations

Diffstat:

Mroles/auditor/tasks/main.yml | 4++--


Mroles/borg-ssh-export/tasks/main.yml | 2+-


Mroles/challenger/tasks/pre-exchange.yml | 8++++----


Mroles/common_packages/tasks/main.yml | 8++++----


Mroles/database/tasks/main.yml | 2+-


Mroles/devtesting/tasks/main.yml | 2+-


Mroles/exchange/tasks/main.yml | 10+++++-----


Mroles/libeufin-nexus/tasks/main.yml | 6+++---


Mroles/monitoring/tasks/main.yml | 6+++---


Mroles/pixel_borg/tasks/main.yml | 2+-


Mroles/stop_services/tasks/main.yml | 12++++++------


Mroles/webserver/tasks/main.yml | 6+++---


12 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/roles/auditor/tasks/main.yml b/roles/auditor/tasks/main.yml
@@ -7,14 +7,14 @@
     name: taler-auditor.target
     state: stopped
     enabled: false
-  when: "'taler-auditor.target' in services"
+  when: '"taler-auditor.target" in ansible_facts["services"]'
 
 - name: Install Taler auditor package
   apt:
     name:
       - taler-auditor
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Ensure Taler auditor config dir exists from installation
   ansible.builtin.stat:
diff --git a/roles/borg-ssh-export/tasks/main.yml b/roles/borg-ssh-export/tasks/main.yml
@@ -5,7 +5,7 @@
       - borgbackup
       - gzip
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 # This step should not be needed, how else did we log in.
 # That said, can't hurt and seems cleaner to have it.
diff --git a/roles/challenger/tasks/pre-exchange.yml b/roles/challenger/tasks/pre-exchange.yml
@@ -13,21 +13,21 @@
     name: sms-challenger
     state: stopped
     enabled: false
-  when: "'SMS Challenger backend' in services"
+  when: '"SMS Challenger backend" in ansible_facts["services"]'
 
 - name: Ensure email challenger service is stopped before we upgrade
   ansible.builtin.systemd:
     name: email-challenger
     state: stopped
     enabled: false
-  when: "'Email Challenger backend' in services"
+  when: '"Email Challenger backend" in ansible_facts["services"]'
 
 - name: Ensure postal challenger service is stopped before we upgrade
   ansible.builtin.systemd:
     name: postal-challenger
     state: stopped
     enabled: false
-  when: "'Postal Challenger backend' in services"
+  when: '"Postal Challenger backend" in ansible_facts["services"]'
 
 - name: Install Challenger packages (and dependencies)
   ansible.builtin.apt:
@@ -36,7 +36,7 @@
       - texlive-latex-base # for pdflatex of the postal challenger
       - texlive-latex-recommended # for the scrlttr2.cls
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Ensure group "challenger-sms" exists
   ansible.builtin.group:
diff --git a/roles/common_packages/tasks/main.yml b/roles/common_packages/tasks/main.yml
@@ -63,7 +63,7 @@
     autoclean: true
     autoremove: true
     upgrade: safe
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Install packages required by Ansible
   apt:
@@ -71,7 +71,7 @@
       - python3-debian
       - python3-psycopg2
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Install Taler dependencies on Debian/Ubuntu
   apt:
@@ -84,7 +84,7 @@
       - openssl
       - libgnunet
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Install robocop if sanction lists are in use
   apt:
@@ -93,7 +93,7 @@
     state: latest
   when:
     - SANCTION_LIST is defined
-    - ansible_os_family == 'Debian'
+    - ansible_facts["os_family"] == 'Debian'
 
 - name: Install setup-secret-fact helper
   ansible.builtin.copy:
diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml
@@ -8,7 +8,7 @@
     update_cache: true
   notify:
     - Restart postgresql
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Ensure PostgreSQL is started and enabled
   systemd:
diff --git a/roles/devtesting/tasks/main.yml b/roles/devtesting/tasks/main.yml
@@ -7,7 +7,7 @@
       - python3-click
       - taler-harness
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Ensure group for devtesting exists
   group:
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
@@ -7,14 +7,14 @@
     name: taler-exchange.target
     state: stopped
     enabled: false
-  when: "'taler-exchange.target' in services"
+  when: '"taler-exchange.target" in ansible_facts["services"]'
 
 - name: Ensure sanctionscheck service is stopped before we upgrade
   ansible.builtin.systemd:
     name: taler-exchange-sanctionscheck
     state: stopped
     enabled: false
-  when: "'taler-exchange-sanctionscheck.service' in services"
+  when: '"taler-exchange-sanctionscheck.service" in ansible_facts["services"]'
 
 - name: Install latest Taler exchange package
   ansible.builtin.apt:
@@ -23,14 +23,14 @@
       - taler-exchange-typst
       - taler-terms-generator
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Install pdftk
   ansible.builtin.apt:
     name:
       - pdftk
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 
 - name: Check if Typst binary exists
@@ -222,5 +222,5 @@
     state: started
     enabled: true
   when:
-    - "'taler-exchange-sanctionscheck.service' in services"
+    - '"taler-exchange-sanctionscheck.service" in ansible_facts["services"]'
     - SANCTION_LIST is defined
diff --git a/roles/libeufin-nexus/tasks/main.yml b/roles/libeufin-nexus/tasks/main.yml
@@ -7,21 +7,21 @@
     name: libeufin-nexus.target
     state: stopped
     enabled: false
-  when: "'libeufin-nexus.target' in services"
+  when: '"libeufin-nexus.target" in ansible_facts["services"]'
 
 - name: Ensure libeufin-nexus-httpd service is stopped before we upgrade
   service:
     name: libeufin-nexus-httpd.service
     state: stopped
     enabled: false
-  when: "'libeufin-nexus-httpd.service' in services"
+  when: '"libeufin-nexus-httpd.service" in ansible_facts["services"]'
 
 - name: Install libeufin-nexus package
   apt:
     name:
       - libeufin-nexus
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Ensure libeufin config dir exists from installation
   file:
diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml
@@ -28,14 +28,14 @@
     autoclean: true
     autoremove: true
     upgrade: safe
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Stop log export service before update or reconfiguration
   service:
     name: alloy.service
     state: stopped
     enabled: false
-  when: "'alloy.service' in services"
+  when: '"alloy.service" in ansible_facts["services"]'
 
 - name: Stop monitoring services before update or reconfiguration
   service:
@@ -48,7 +48,7 @@
     - prometheus-postgres-exporter.service
     - prometheus-alertmanager.service
     - prometheus.service
-  when: "'prometheus-node-exporter.service' in services"
+  when: '"prometheus-node-exporter.service" in ansible_facts["services"]'
 
 - name: Install prometheus and its exporters
   apt:
diff --git a/roles/pixel_borg/tasks/main.yml b/roles/pixel_borg/tasks/main.yml
@@ -4,7 +4,7 @@
     name:
       - borgbackup
     state: latest
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Setup group for borg backups from spec
   ansible.builtin.group:
diff --git a/roles/stop_services/tasks/main.yml b/roles/stop_services/tasks/main.yml
@@ -8,34 +8,34 @@
   systemd:
     name: taler-exchange.target
     state: stopped
-  when: "'taler-exchange.target' in services"
+  when: '"taler-exchange.target" in ansible_facts["services"]'
 
 - name: Stop merchant
   systemd:
     name: taler-merchant.target
     state: stopped
-  when: "'taler-merchant.target' in services"
+  when: '"taler-merchant.target" in ansible_facts["services"]'
 
 - name: Stop postal-challenger
   systemd:
     name: postal-challenger-httpd.target
     state: stopped
-  when: "'postal-chalelnger-httpd.target' in services"
+  when: '"postal-challenger-httpd.target" in ansible_facts["services"]'
 
 - name: Stop sms-challenger
   systemd:
     name: sms-challenger-httpd.target
     state: stopped
-  when: "'sms-chalelnger-httpd.target' in services"
+  when: '"sms-challenger-httpd.target" in ansible_facts["services"]'
 
 - name: Stop email-challenger
   systemd:
     name: email-challenger-httpd.target
     state: stopped
-  when: "'email-chalelnger-httpd.target' in services"
+  when: '"email-challenger-httpd.target" in ansible_facts["services"]'
 
 - name: Stop auditor
   systemd:
     name: taler-auditor.target
     state: stopped
-  when: "'taler-auditor.target' in services"
+  when: '"taler-auditor.target" in ansible_facts["services"]'
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
@@ -6,21 +6,21 @@
     name: nginx
     state: present
     update_cache: true
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Install certbot base package
   apt:
     name: certbot
     state: present
     update_cache: true
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Install certbot nginx plugin
   apt:
     name: python3-certbot-nginx
     state: present
     update_cache: true
-  when: ansible_os_family == 'Debian'
+  when: ansible_facts["os_family"] == 'Debian'
 
 - name: Remove default nginx configuration
   file: