From bd1807a6041311158ed5e1c39ebbf3d4801c1239 Mon Sep 17 00:00:00 2001
From: linus <linus@fsfe.org>
Date: Wed, 15 Dec 2021 18:38:56 +0100
Subject: [PATCH] vastly increase idempotence; credits to max

---
 deploy.yml                  | 49 +++++++++++++++++++++++++
 roles/client/tasks/main.yml | 30 ++++++++-------
 roles/server/tasks/main.yml | 73 ++++++++++---------------------------
 3 files changed, 85 insertions(+), 67 deletions(-)

diff --git a/deploy.yml b/deploy.yml
index 7ebcbd3..bacb000 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -5,10 +5,59 @@
 ---
 - hosts: innernet_server
   remote_user: root
+  tasks:
+    - name: Query innernet-server for peers
+      shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from cidrs;"'
+      register: global_existing_cidrs
+
+    - name: CIDRs already registered on innernet-server
+      debug:
+        msg: "{{ item }}"
+      loop: "{{ global_existing_cidrs.stdout_lines }}"
+
+    - name: CIDRs defined in this playbook
+      debug:
+        msg: "{{ item.name }}"
+      loop: "{{ cidrs }}"
+
+    - name: These CIDRs have been added
+      debug:
+        msg: "{{ item.name }} is new!"
+      when: item.name not in global_existing_cidrs.stdout_lines
+      loop: "{{ cidrs }}"
+
+    - name: Query innernet-server for peers
+      shell: 'sqlite3 /var/lib/innernet-server/{{ network_name }}.db "select name from peers;"'
+      register: global_existing_peers
+
+    - name: Peers already registered on innernet-server
+      debug:
+        msg: "{{ item }}"
+      loop: "{{ global_existing_peers.stdout_lines }}"
+
+    - name: Peers defined in this playbook
+      debug:
+        msg: "{{ item.name }}"
+      loop: "{{ peers }}"
+
+    - name: These peers have been added
+      debug:
+        msg: "{{ item.name }} is new!"
+      when: item.name not in global_existing_peers.stdout_lines
+      loop: "{{ peers }}"
+
+- hosts: innernet_server
+  remote_user: root
+  vars:
+    existing_peers: "{{ global_existing_peers.stdout_lines }}"
+    existing_cidrs: "{{ global_existing_cidrs.stdout_lines }}"
   roles:
     - server
 
 - hosts: innernet_client
   remote_user: root
+  vars:
+    existing_peers: "{{ global_existing_peers.stdout_lines }}"
+    existing_cidrs: "{{ global_existing_cidrs.stdout_lines }}"
   roles:
     - client
diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml
index 63ffbcf..d8ce651 100644
--- a/roles/client/tasks/main.yml
+++ b/roles/client/tasks/main.yml
@@ -4,48 +4,50 @@
 
 ---
 - name: Install needed packages
+  tags: [update]
   apt:
     package:
       - rsync
       - wireguard
       - wireguard-tools
 
-- name: Copy package to server
+- name: Copy package to host
+  tags: [update]
   synchronize:
     src: "innernet.deb"
     dest: "/tmp/innernet.deb"
 
 - name: Install package
+  tags: [update]
   apt:
     deb: "/tmp/innernet.deb"
+    update_cache: true
     install_recommends: true
 
-- name: Copy non-admin invitation to servers
+- name: Copy non-admin invitation to hosts
   synchronize:
     src: "{{ item.name }}.toml"
     dest: "/tmp/{{ item.name }}.toml"
   when:
-    - item.cidr == "machines"
-    # NOTE innernet does not accept '.' in a name
+    # is not existing
+    - item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
+    # only if filename contains a part of the hostname
     - item.name in ansible_host|replace('.', '-')
-    - item.name in added_peers.stdout
-  with_items: "{{ peers }}"
+  loop: "{{ peers }}"
 
-- name: Install non-admin invitation on servers
+- name: Install non-admin invitation on hosts
   shell: |
     innernet install /tmp/{{ item.name }}.toml \
       --default-name \
       --delete-invite
   when:
-    - item.cidr == "machines"
-    # NOTE innernet does not accept '.' in a name
+    # is not existing
+    - item.name not in hostvars['kaim.fsfeurope.org'].global_existing_peers.stdout_lines
+    # only if filename contains a part of the hostname
     - item.name in ansible_host|replace('.', '-')
-    - item.name in added_peers.stdout
-  with_items: "{{ peers }}"
-  ignore_errors: true
+  loop: "{{ peers }}"
 
 - name: Enable innernet daemon
   systemd:
     name: "innernet@{{ network_name }}"
-    state: restarted
-    daemon_reload: true
+    state: started
diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml
index bc26d72..429c8f8 100644
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@@ -4,6 +4,7 @@
 
 ---
 - name: Install needed packages
+  tags: [update]
   apt:
     package:
       - rsync
@@ -11,54 +12,22 @@
       - wireguard-tools
 
 - name: Copy package to server
+  tags: [never, update]
   synchronize:
     src: "innernet-server.deb"
     dest: "/tmp/innernet-server.deb"
 
 - name: Install package
+  tags: [never, update]
   apt:
     deb: "/tmp/innernet-server.deb"
+    update_cache: true
     install_recommends: true
 
-- name: Copy relevant network var to host
-  copy:
-    content: "{{ network_name }}"
-    dest: /root/network.txt
-  register: network_file
-
-- name: Move old cidrs file
-  shell: mv cidrs.txt cidrs.txt.old
-
-- name: Copy relevant cidrs var to host
-  template:
-    src: cidrs.j2
-    dest: /root/cidrs.txt
-  register: cidrs_file
-
-- name: Get changed cidrs
-  shell: awk 'FNR==NR{old[$0];next};!($0 in old)' cidrs.txt.old cidrs.txt
-  register: added_cidrs
-
-- name: Move old peers file
-  shell: mv peers.txt peers.txt.old
-
-- name: Copy relevant peers var to host
-  template:
-    src: peers.j2
-    dest: /root/peers.txt
-  register: peers_file
-
-- name: Get changed peers
-  shell: awk 'FNR==NR{old[$0];next};!($0 in old)' peers.txt.old peers.txt
-  register: added_peers
-
-- name: "These CIDRs have been added"
-  debug:
-    msg: "{{ added_cidrs.stdout|from_yaml }}"
-
-- name: "These peers have been added"
-  debug:
-    msg: "{{ added_peers.stdout|from_yaml }}"
+- name: Check if network is initialised
+  stat:
+    path: "/var/lib/innernet-server/{{ network_name }}.db"
+  register: db_file
 
 - name: Create base network
   shell: |
@@ -67,7 +36,7 @@
       --network-cidr "{{ network_cidr }}" \
       --external-endpoint "[{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}]:{{ network_listen_port }}" \
       --listen-port {{ network_listen_port }}
-  when: network_file.changed
+  when: not db_file.stat.exists
 
 - name: Create CIDRs
   shell: |
@@ -76,10 +45,9 @@
       --name "{{ item.name }}" \
       --cidr "{{ item.cidr }}" \
       --yes
-  with_items: "{{ cidrs }}"
+  loop: "{{ cidrs }}"
   when:
-    - cidrs_file.changed
-    - item.name in added_cidrs.stdout
+    - item.name not in existing_cidrs
 
 - name: Create peers
   shell: |
@@ -91,15 +59,9 @@
       --invite-expires "14d" \
       --auto-ip \
       --yes
-  with_items: "{{ peers }}"
-  ignore_errors: true
+  loop: "{{ peers }}"
   when:
-    - peers_file.changed
-    - item.name in added_peers.stdout
-
-- name: Delete empty files
-  shell: find . -maxdepth 1 -type f -empty -print -delete
-  ignore_errors: true
+    - item.name not in existing_peers
 
 - name: Check for actual peer invitation files
   shell: ls | grep .toml
@@ -117,10 +79,15 @@
     dest: "{{ playbook_dir }}/roles/client/files/{{ item.name }}.toml"
     mode: pull
   when: toml_files.stdout.find(item.name) != -1
-  with_items: "{{ peers }}"
+  loop: "{{ peers }}"
 
 - name: Make sure invitation files are absent on innernet-server
-  shell: "rm -rf /root/*.toml"
+  file:
+    state: absent
+    path: "/root/{{ item.name }}.toml"
+  loop: "{{ peers }}"
+  when:
+    - item.name not in existing_peers
 
 - name: Enable innernet-server daemon
   systemd: