refactor: support ansible 2.19

Ansible 2.19 introduces some big changes
https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_core_2.19.html

One big change is that data structures are no longer mutable by the use of python
methods such as __setitem__, setdefault, update, etc. in Jinja constructs.
Instead, items must use filters or other Jinja operations.

One common idiom is to mutate each element in a list. Since we cannot do this
"in-place" anymore, a common way to do this is:

```yaml
- name: Construct a new list from an existing list and mutate each element
  set_fact:
    __new_list: "{{ __new_list | d([]) + [mutated_item] }}"
  loop: "{{ old_list }}"
  mutated_item: "{{ some value based on item from old list }}"

- name: Reset original old list
  set_fact:
    old_list: "{{ __new_list }}"
```

Similarly with dict items:

```yaml
- name: Construct a new dict from an existing dict and mutate each element
  set_fact:
    __new_dict: "{{ __new_dict | d({}) | combine(mutated_item) }}"
  loop: "{{ old_dict | dict2items }}"
  mutated_item: "{{ {item.key: mutation of item.value} }}"

- name: Reset original old dict
  set_fact:
    old_dict: "{{ __new_dict }}"
```

Another big change is that a boolean expression in a when or similar construct
must be converted to a boolean - we cannot rely on the implicit evaluation in
a boolean context. For example, if var is some iterable, like a dict, list,
or string, you used to be able to evaluate an empty value in a boolean context:

```yaml
when: var  # do this only if var is not empty
```

You now have to explicitly test for empty using length:

```yaml
when: var | length > 0  # do this only if var is not empty
```

These are the biggest changes. See the porting guide for others.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>

Author: richm

roles/rsyslog/tasks/deploy.yml

@@ -27,10 +27,18 @@
   loop: '{{ __rsyslog_rules | flatten }}'
   loop_control:
     loop_var: inner_item
+  vars:
+    __default_flows:
+      - name: default_flow
+        inputs: ["{{ __rsyslog_input.name }}"]
+        outputs: [default_files]
+    rsyslog_flows: "{{ logging_flows | d(__default_flows, true) }}"
+    __output_list: "{{ rsyslog_flows | selectattr('inputs', 'contains', __rsyslog_input.name) |
+      map(attribute='outputs') | flatten | list }}"
   when:
     - __rsyslog_enabled | bool
-    - inner_item.filename | d() or inner_item.name | d()
-    - inner_item.options | d() or inner_item.sections | d()
+    - inner_item.filename | d("") | length > 0 or inner_item.name | d("") | length > 0
+    - inner_item.options | d([]) | length > 0 or inner_item.sections | d([]) | length > 0
     - inner_item.state is undefined or inner_item.state != 'absent'
   notify: Restart rsyslogd
   register: __rsyslog_deploy_templates
@@ -52,9 +60,17 @@
   loop: '{{ __rsyslog_rules | flatten }}'
   loop_control:
     loop_var: inner_item
+  vars:
+    __default_flows:
+      - name: default_flow
+        inputs: ["{{ __rsyslog_input.name }}"]
+        outputs: [default_files]
+    rsyslog_flows: "{{ logging_flows | d(__default_flows, true) }}"
+    __output_list: "{{ rsyslog_flows | selectattr('inputs', 'contains', __rsyslog_input.name) |
+      map(attribute='outputs') | flatten | list }}"
   when:
     - (not __rsyslog_enabled | bool) or
       (inner_item.state | d('present') == 'absent')
-    - inner_item.filename | d() or inner_item.name | d()
-    - inner_item.options | d() or inner_item.sections | d()
+    - inner_item.filename | d("") | length > 0 or inner_item.name | d("") | length > 0
+    - inner_item.options | d([]) | length > 0 or inner_item.sections | d([]) | length > 0
   notify: Restart rsyslogd

roles/rsyslog/tasks/deploy_nolog.yml

@@ -32,11 +32,19 @@
   loop_control:
     loop_var: inner_item
   no_log: true
+  vars:
+    __default_flows:
+      - name: default_flow
+        inputs: ["{{ __rsyslog_input.name }}"]
+        outputs: [default_files]
+    rsyslog_flows: "{{ logging_flows | d(__default_flows, true) }}"
+    __output_list: "{{ rsyslog_flows | selectattr('inputs', 'contains', __rsyslog_input.name) |
+      map(attribute='outputs') | flatten | list }}"
   when:
     - __rsyslog_enabled | bool
+    - inner_item.filename | d("") | length > 0 or inner_item.name | d("") | length > 0
+    - inner_item.options | d([]) | length > 0 or inner_item.sections | d([]) | length > 0
     - inner_item.state is undefined or inner_item.state != 'absent'
-    - inner_item.filename | d() or inner_item.name | d()
-    - inner_item.options | d() or inner_item.sections | d()
   notify: Restart rsyslogd
   register: __rsyslog_deploy_nolog_templates
 
@@ -58,9 +66,17 @@
   loop_control:
     loop_var: inner_item
   no_log: true
+  vars:
+    __default_flows:
+      - name: default_flow
+        inputs: ["{{ __rsyslog_input.name }}"]
+        outputs: [default_files]
+    rsyslog_flows: "{{ logging_flows | d(__default_flows, true) }}"
+    __output_list: "{{ rsyslog_flows | selectattr('inputs', 'contains', __rsyslog_input.name) |
+      map(attribute='outputs') | flatten | list }}"
   when:
     - (not __rsyslog_enabled | bool) or
       (inner_item.state | d('present') == 'absent')
-    - inner_item.filename | d() or inner_item.name | d()
-    - inner_item.options | d() or inner_item.sections | d()
+    - inner_item.filename | d("") | length > 0 or inner_item.name | d("") | length > 0
+    - inner_item.options | d([]) | length > 0 or inner_item.sections | d([]) | length > 0
   notify: Restart rsyslogd

roles/rsyslog/tasks/main_core.yml

@@ -109,6 +109,36 @@
 
     - name: Generate global rule to add to __rsyslog_common_rules
       vars:
+        ca_cert_path: |-
+          {% if logging_pki_files | d([]) | length > 0 and
+             (logging_pki_files.0.ca_cert_src | d("") | length > 0 or
+              logging_pki_files.0.ca_cert | d("") | length > 0) %}
+          {%   set __ca_cert_file = logging_pki_files.0.ca_cert_src | d(__rsyslog_default_pki_ca_cert_name) | basename %}
+          {{- logging_pki_files.0.ca_cert |
+             d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __ca_cert_file) -}}
+          {% else %}
+          {{- "" -}}
+          {% endif %}
+        cert_path: |-
+          {% if logging_pki_files | d([]) | length > 0 and
+             (logging_pki_files.0.cert_src | d("") | length > 0 or
+              logging_pki_files.0.cert | d("") | length > 0) %}
+          {%   set __cert_file = logging_pki_files.0.cert_src | d(__rsyslog_default_pki_cert_name) | basename %}
+          {{- logging_pki_files.0.cert |
+             d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __cert_file) -}}
+          {% else %}
+          {{- "" -}}
+          {% endif %}
+        key_path: |-
+          {% if logging_pki_files | d([]) | length > 0 and
+             (logging_pki_files.0.private_key_src | d("") | length > 0 or
+              logging_pki_files.0.private_key | d("") | length > 0) %}
+          {%   set __key_file = logging_pki_files.0.private_key_src | d(__rsyslog_default_pki_key_name) | basename %}
+          {{- logging_pki_files.0.private_key |
+             d(__rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + __key_file) -}}
+          {% else %}
+          {{- "" -}}
+          {% endif %}
         __rsyslog_global_common_rule:
           - filename: '00-global.conf'
             comment: 'Global options'
@@ -152,10 +182,10 @@
         loop_var: inner_item
       when:
         - __rsyslog_enabled | bool
-        - rsyslog_inputs | d([])
-        - inner_item.filename | d() or inner_item.name | d()
+        - rsyslog_inputs | d([]) | length > 0
+        - inner_item.filename | d("") | length > 0 or inner_item.name | d("") | length > 0
         - inner_item.state is undefined or inner_item.state != 'absent'
-        - inner_item.options | d() or inner_item.sections | d()
+        - inner_item.options | d([]) | length > 0 or inner_item.sections | d([]) | length > 0
       notify: Restart rsyslogd
       register: __rsyslog_templates
 
@@ -167,7 +197,7 @@
       file:
         path: |-
           {{ __rsyslog_config_dir }}/{{ inner_item.filename |
-          d((inner_item.weight if inner_item.weight | d() else
+          d((inner_item.weight if inner_item.weight | d("") | length > 0 else
           rsyslog_weight_map[inner_item.type | d("rules")]) +
           "-" + (inner_item.name | d("rules")) + "." +
           (inner_item.suffix | d("conf"))) }}
@@ -177,8 +207,8 @@
         loop_var: inner_item
       when:
         - not __rsyslog_enabled | bool
-        - inner_item.filename | d() or inner_item.name | d()
-        - inner_item.options | d() or inner_item.sections | d()
+        - inner_item.filename | d("") | length > 0 or inner_item.name | d("") | length > 0
+        - inner_item.options | d([]) | length > 0 or inner_item.sections | d([]) | length > 0
       notify: Stop rsyslogd
 
     - name: Include input sub-vars
@@ -189,8 +219,7 @@
       loop: "{{ rsyslog_inputs }}"
       loop_control:
         loop_var: input_item
-      when:
-        - input_item | d([])
+      when: input_item | d([]) | length > 0
 
     - name: Run input sub-tasks
       include_tasks:
@@ -203,8 +232,8 @@
         extended: true
         loop_var: input_item
       when:
-        - input_item | d([])
-        - input_item.type | d()
+        - input_item | d([]) | length > 0
+        - input_item.type | d("") | length > 0
         - input_item.type != "basics" or
           (input_item.type == "basics" and
            (ansible_loop.previtem is not defined or
@@ -220,8 +249,8 @@
       loop_control:
         loop_var: output_item
       when:
-        - output_item | d([])
-        - output_item.type | d()
+        - output_item | d([]) | length > 0
+        - output_item.type | d("") | length > 0
 
     - name: Run output sub-tasks
       include_tasks:
@@ -233,8 +262,7 @@
       loop: "{{ rsyslog_outputs }}"
       loop_control:
         loop_var: output_item
-      when:
-        - output_item | d([])
+      when: output_item | d([]) | length > 0
 
     - name: Get rsyslog config files not owned by any package
       shell: |
@@ -316,8 +344,8 @@
           loop: "{{ [__logging_forwards_tls, __logging_remote_tls] }}"
           when:
             - item | length > 0
-            - not (logging_pki_files.0.ca_cert_src | d() or
-                logging_pki_files.0.ca_cert | d())
+            - logging_pki_files.0.ca_cert_src | d("") | length == 0
+            - logging_pki_files.0.ca_cert | d("") | length == 0
 
         - name: Copy local ca_cert file to the target if needed
           vars:
@@ -332,7 +360,7 @@
           when:
             - __logging_forwards_tls | length > 0 or
               __logging_remote_tls | length > 0
-            - logging_pki_files.0.ca_cert_src | d("")
+            - logging_pki_files.0.ca_cert_src | d("") | length > 0
           notify: Restart rsyslogd
 
         - name: Copy local cert file to the target if needed
@@ -348,7 +376,7 @@
           when:
             - __logging_forwards_tls | length > 0 or
               __logging_remote_tls | length > 0
-            - logging_pki_files.0.cert_src | d("")
+            - logging_pki_files.0.cert_src | d("") | length > 0
           notify: Restart rsyslogd
 
         - name: Copy local key file to the target if needed
@@ -364,7 +392,7 @@
           when:
             - __logging_forwards_tls | length > 0 or
               __logging_remote_tls | length > 0
-            - logging_pki_files.0.private_key_src | d("")
+            - logging_pki_files.0.private_key_src | d("") | length > 0
           notify: Restart rsyslogd
 
     - name: Enable rsyslog service

roles/rsyslog/tasks/set_certs.yml

@@ -1,13 +1,11 @@
 ---
 - name: Deploy certificates
-  when: __rsyslog_cert_subject | d([])
+  when: __rsyslog_cert_subject | d({}) | length > 0
   block:
     # This block collect certificates from local location and
     # copies them to the target host
     - name: Manage certificates if TLS is enabled
-      when: __rsyslog_cert_subject.tls is defined |
-            ternary(__rsyslog_cert_subject.tls,
-                __rsyslog_cert_subject.use_cert | d(true))
+      when: __rsyslog_cert_subject.tls | d((__rsyslog_cert_subject.use_cert | d(true, true)), true)
       block:
         - name: "Copy ca_cert on the control host to the specified path
             on the target host"
@@ -16,7 +14,7 @@
             dest: '{{ __rsyslog_cert_subject.ca_cert |
               d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir) }}'
             mode: '0444'
-          when: __rsyslog_cert_subject.ca_cert_src | d()
+          when: __rsyslog_cert_subject.ca_cert_src | d("") | length > 0
 
         - name: "Copy cert on the control host to the specified path
             on the target host"
@@ -25,7 +23,7 @@
             dest: '{{ __rsyslog_cert_subject.cert |
               d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir) }}'
             mode: '0444'
-          when: __rsyslog_cert_subject.cert_src | d()
+          when: __rsyslog_cert_subject.cert_src | d("") | length > 0
 
         - name: "Copy key on the control host to the specified path
             on the target host"
@@ -34,33 +32,31 @@
             dest: '{{ __rsyslog_cert_subject.private_key |
               d(__rsyslog_default_pki_path + __rsyslog_default_pki_key_dir) }}'
             mode: '0400'
-          when: __rsyslog_cert_subject.private_key_src | d()
+          when: __rsyslog_cert_subject.private_key_src | d("") | length > 0
 
         - name: Check certs - tls is true, but triplets are not given
           fail:
             msg: "Error: you specified tls: true; you must specify all
               3 of ca_cert, cert, private_key, or all 3 of ca_cert_src,
               cert_src, private_key_src, or set tls: false in the
               configuration named {{ __rsyslog_cert_subject.name }}"
-          when: not ((__rsyslog_cert_subject.ca_cert | d() and
-                      __rsyslog_cert_subject.cert | d() and
-                      __rsyslog_cert_subject.private_key | d()) or
-                     (__rsyslog_cert_subject.ca_cert_src | d() and
-                      __rsyslog_cert_subject.cert_src | d() and
-                      __rsyslog_cert_subject.private_key_src | d()))
+          when: not ((__rsyslog_cert_subject.ca_cert | d("") | length > 0 and
+                      __rsyslog_cert_subject.cert | d("") | length > 0 and
+                      __rsyslog_cert_subject.private_key | d("") | length > 0) or
+                     (__rsyslog_cert_subject.ca_cert_src | d("") | length > 0 and
+                      __rsyslog_cert_subject.cert_src | d("") | length > 0 and
+                      __rsyslog_cert_subject.private_key_src | d("") | length > 0))
 
     - name: Check certs - key/certs data are provided, but tls is false
       debug:
         msg: "WARNING: you specified tls: false and also specified one or
           more cert/key files in the configuration named
           {{ __rsyslog_cert_subject.name }}"
       when:
-        - not (__rsyslog_cert_subject.tls is defined |
-               ternary(__rsyslog_cert_subject.tls,
-               __rsyslog_cert_subject.use_cert | d(true)))
-        - (__rsyslog_cert_subject.ca_cert | d() or
-           __rsyslog_cert_subject.cert | d() or
-           __rsyslog_cert_subject.private_key | d()) or
-          (__rsyslog_cert_subject.ca_cert_src | d() or
-           __rsyslog_cert_subject.cert_src | d() or
-           __rsyslog_cert_subject.private_key_src | d())
+        - not (__rsyslog_cert_subject.tls | d((__rsyslog_cert_subject.use_cert | d(true, true)), true))
+        - (__rsyslog_cert_subject.ca_cert | d("") | length > 0 or
+           __rsyslog_cert_subject.cert | d("") | length > 0 or
+           __rsyslog_cert_subject.private_key | d("") | length > 0) or
+          (__rsyslog_cert_subject.ca_cert_src | d("") | length > 0 or
+           __rsyslog_cert_subject.cert_src | d("") | length > 0 or
+           __rsyslog_cert_subject.private_key_src | d("") | length > 0)

roles/rsyslog/tasks/set_vars.yml

@@ -34,7 +34,7 @@
 - name: "Include /vars/main.yml from {{ role_path }}"
   include_vars: "{{ item }}"
   loop: "{{ lookup('lines',
-         '/bin/ls -1 {{ role_path }}/vars/main.yml
-          {{ role_path }}/vars/*/*/main.yml').split(',') }}"
+         '/bin/ls -1 ' ~ role_path ~ '/vars/main.yml
+         ' ~ role_path ~ '/vars/*/*/main.yml').split(',') }}"
   when: __snapshot_gather_vars is defined and
         __snapshot_gather_vars | bool

roles/rsyslog/templates/general_action_params.j2

@@ -5,3 +5,4 @@ action.{{ option }}="{{ value }}"
 {%     endif %}
 {%   endfor %}
 {% endif %}
+{{- "" -}}

roles/rsyslog/templates/general_queue_params.j2

@@ -5,3 +5,4 @@ queue.{{ option }}="{{ value }}"
 {%     endif %}
 {%   endfor %}
 {% endif %}
+{{- "" -}}

roles/rsyslog/templates/global.j2

@@ -1,21 +1,3 @@
-{% set ca_cert_path = '' %}
-{% set cert_path = '' %}
-{% set key_path = '' %}
-{% if logging_pki_files.0.ca_cert_src | d() or logging_pki_files.0.ca_cert | d() %}
-{%   set __ca_cert_file = logging_pki_files.0.ca_cert_src | d(__rsyslog_default_pki_ca_cert_name) | basename %}
-{%   set ca_cert_path = logging_pki_files.0.ca_cert |
-                        d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __ca_cert_file) %}
-{% endif %}
-{% if logging_pki_files.0.cert_src | d() or logging_pki_files.0.cert | d() %}
-{%   set __cert_file = logging_pki_files.0.cert_src | d(__rsyslog_default_pki_cert_name) | basename %}
-{%   set cert_path = logging_pki_files.0.cert |
-                     d(__rsyslog_default_pki_path + __rsyslog_default_pki_cert_dir + __cert_file) %}
-{% endif %}
-{% if logging_pki_files.0.private_key_src | d() or logging_pki_files.0.private_key | d() %}
-{%   set __key_file = logging_pki_files.0.private_key_src | d(__rsyslog_default_pki_key_name) | basename %}
-{%   set key_path = logging_pki_files.0.private_key |
-                    d(__rsyslog_default_pki_path + __rsyslog_default_pki_key_dir + __key_file) %}
-{% endif %}
 global(
   workDirectory="{{ __rsyslog_work_dir }}"
 {% if ca_cert_path != '' %}

roles/rsyslog/templates/input_ovirt.j2

@@ -69,31 +69,14 @@ if $syslogtag == "{{ __rsyslog_input.name }}" then {
   }
 }
 {% endif %}
-{% set outdict = {} %}
-{% for flow in logging_flows %}
-{%   if flow.inputs | intersect([ __rsyslog_input.name ]) %}
-{%     for oname in flow.outputs %}
-{%       set _ = outdict.__setitem__(oname, outdict.get(oname,[])|union([ __rsyslog_input.name ])) %}
-{%     endfor %}
-{%   endif %}
-{% endfor %}
-{% for output in rsyslog_outputs %}
-{%   if outdict[output.name] | d(false) %}
+{% for output_name in __output_list %}
 if
-{%     for inputname in outdict[output.name] %}
-{%       if inputname == __rsyslog_input.name %}
-{%         if not loop.first %}
-  or
-{%         endif %}
-{%         if __rsyslog_ovirt_subtype == "collectd" %}
+{%   if __rsyslog_ovirt_subtype == "collectd" %}
   ($inputname == "{{ __rsyslog_input.name }}")
-{%         elif __rsyslog_ovirt_subtype == "engine" or __rsyslog_ovirt_subtype == "vdsm" %}
+{%   elif __rsyslog_ovirt_subtype == "engine" or __rsyslog_ovirt_subtype == "vdsm" %}
   ($syslogtag == "{{ __rsyslog_input.name }}")
-{%         endif %}
-{%       endif %}
-{%     endfor %}
+{%   endif %}
   then {
-    call {{ output.name }}
+    call {{ output_name }}
 }
-{%   endif %}
 {% endfor %}