Make tailscale status parsing less fragile

Tailscale has an option to print out json instead. This feels like much less fragile way of checking status as we're not reliant on some heuristics and string matching. Instead we can look at very specific field. This also opens up some option in the future to look at more detailed aspects of the state and perhaps react to it in more nuanced way.
artis3n · May 3, 2023 · f716fc2 · f716fc2
1 parent 05407c2
commit f716fc2
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 38 deletions.
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,20 +1,25 @@
 ---
-- name: Tailscale Status
+- name: Fetch Tailscale status
   listen: Confirm Tailscale is Connected
-  ansible.builtin.command: tailscale status
+  ansible.builtin.command: tailscale status --json
   changed_when: false
-  register: handlers_tailscale_status
+  register: tailscale_status
 
-- name: Debug Tailscale Status
+- name: Parse status JSON
+  listen: Confirm Tailscale is Connected
+  vars:
+    status: "{{ tailscale_status.stdout|from_json }}"
+  ansible.builtin.set_fact:
+    tailscale_is_online: "{{ status.Self.Online }}"
+
+- name: Tailscale online status
   listen: Confirm Tailscale is Connected
   ansible.builtin.debug:
-    var: handlers_tailscale_status
-  when:
-    - verbose | bool
+    msg: "Online: {{ tailscale_is_online }}"
+  when: verbose
 
 - name: Assert Tailscale is Connected
   listen: Confirm Tailscale is Connected
   ansible.builtin.assert:
     that:
-      - handlers_tailscale_status.stdout | length != 0
-      - handlers_tailscale_status.stdout is not match('\[L\+V9o\]')
+      - tailscale_is_online
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -59,29 +59,21 @@
     state: started
     enabled: true
 
-- name: Install | Check if Tailscale is connected
-  ansible.builtin.command: tailscale status
+- name: Install | Fetch Tailscale status
+  ansible.builtin.command: tailscale status --json
   changed_when: false
   register: tailscale_status
-  failed_when:
-    - tailscale_status.rc != 0
-    - "'Logged out.' not in tailscale_status.stdout"
-    - "'not logged in' not in tailscale_status.stdout"
 
-- name: Install | Tailscale Status
-  ansible.builtin.debug:
-    var: tailscale_status
-  when: verbose
-
-- name: Install | Record Tailscale Version
-  ansible.builtin.command: tailscale version
-  changed_when: false
-  register: tailscale_version
-  when: verbose
+- name: Install | Parse status JSON
+  vars:
+    status: "{{ tailscale_status.stdout|from_json }}"
+  ansible.builtin.set_fact:
+    tailscale_is_online: "{{ status.Self.Online }}"
+    tailscale_version: "{{ status.Version }}"
 
-- name: Install | Tailscale Version
+- name: Install | Tailscale version and online status
   ansible.builtin.debug:
-    msg: "{{ tailscale_version.stdout.split('\n') }}"
+    msg: "Ver: {{ tailscale_version }} Online: {{ tailscale_is_online }}"
   when: verbose
 
 - name: Install | Save State
@@ -93,27 +85,35 @@
     mode: '0644'
   register: state_file
 
-- name: Install | Bring Tailscale Up
+- name: Install | Bring Tailscale up
+  become: true
+  ansible.builtin.command: "tailscale up"
+  when:
+    - not tailscale_up_skip
+    - state_file is not changed
+    - not tailscale_is_online
+  notify: Confirm Tailscale is Connected
+  async: 60
+  poll: 5
+
+- name: Install | Bring Tailscale up with arguments
   become: true
   ansible.builtin.command: "tailscale up {{ tailscale_args | trim }} --authkey={{ tailscale_authkey }}"
   # Since the auth key is included in this task's output, we do not want to log output
   no_log: "{{ not (insecurely_log_authkey | bool) }}"
   register: tailscale_start
   # If a failure occurred due to state changes, we still want to log a redacted version of the error if "no_log" is true
   ignore_errors: true
-  changed_when: tailscale_start.rc != 0
-  when: >
-    not tailscale_up_skip | bool
-    and (('Logged out.' in tailscale_status.stdout
-    and 'not logged in' in tailscale_status.stdout)
-    or state_file is changed)
+  when:
+    - not tailscale_up_skip
+    - state_file is changed
   notify: Confirm Tailscale is Connected
   async: 60
   poll: 5
 
 - name: Install | Report non-sensitive stdout from "tailscale up"  # noqa: no-handler
   ansible.builtin.debug:
-    msg: "{{ tailscale_start.stdout | regex_replace('tskey.*\\s', 'REDACTED ') | regex_replace('\\t', '') | split('\n') }}"
+    msg: "{{ tailscale_start.stdout | replace(tailscale_auth_key, 'REDACTED') | regex_replace('\\t', '') | split('\n') }}"
   when:
     - tailscale_start is failed
     - tailscale_start.stdout | length > 0
@@ -122,9 +122,7 @@
 - name: Install | Pausing to highlight stdout message above
   ansible.builtin.pause:
     seconds: 5
-  when: >
-    nonsensitive_stdout.skipped is not defined
-    or not nonsensitive_stdout.skipped | bool
+  when: nonsensitive_stdout is not skipped
 
 - name: Install | Clear State Upon Error
   ansible.builtin.file: