Ansible Role Tailscale Versions Save

Added

• This role now publishes a set of facts about the Tailscale node that was configured. See full details in the README. #464

Changed

• Speaking of which, the README's layout has been changed to better present info to users more clearly. There's a table of contents now.

Fixed

• tailscale up wouldn't properly redact the authkey when it was used with headscale keys, since their format doesn't match the tskey pattern. The redaction now uses the tailscale_authkey variable to ensure that exact value is always redacted. This is how redaction already worked in other areas of the role, but was missed in this step. #456 (Thanks @fredrikekre !)
• OpenSUSE distros sometimes failed repo signature validation when adding the Tailscale repo. This has now been definitively resolved so there will no longer be intermittent zypper failures. #460

New Contributors

• @kaiyou made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/453
• @fredrikekre made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/456

Fixed

• Debian distros would previously fail to invoke tailscale update due to an incompatible name for the tailscale source list file. This is now corrected. #449 (Thanks @cnkk !)

New Contributors

• @cnkk made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/449

Fixed

• This role will no longer intermittently fail due to colliding variable names with other roles or tasks that may be running in your playbook. This changes internal variable names only, so it is not a breaking change. #431 (Thanks @mhitza !)
• state: absent now fully removes all Tailscale configuration data from your device. Previously, this role would uninstall Tailscale, but that might leave the /var/lib/tailscale directory behind, which contains a tailscaled.state file alongside log files which may contain information about your tailnet. The tailscaled.state file could also hypothetically be used to re-authenticate the server to your tailnet if the server is not de-authorized, however this role runs tailscale logout during uninstallation so the server is always de-authorized from your tailnet. However, I expect users don't want log files, and even stale configuration files, lying around after state: absent. #435 (Thanks @McSim85 !) #444

Changed

• This repo now uses geerlingguy/docker-debian12-ansible instead of cisagov/docker-debian12-ansible in the CI suite because the cisagov repo has been archived.

New Contributors

• @mhitza made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/431

Fixed

• The Ansible async task timeout on the tailscale up command now incorporates tailscale_up_timeout. Previously the tailscale_up_timeout would just be passed to the tailscale up command and would signify how long the process should wait for tailscaled to become available. However, if that took longer than 60s, ansible would kill the async task. The async polling will now always be larger than the value in tailscale_up_timeout. #426 (Thanks @McSim85 !)
• Renamed tailscale_authkey_sting to tailscale_authkey_string. This is an internal fact created inside the role so this rename should not impact end users, therefore we are keeping this a patch release.

Changed

• Updated the devcontainer configuration in the project to Python 3.12
• Updated Python dependencies for the local project

Added

• Incorporated Dependabot's new devcontainers support, so devcontainer features with upgrades will trigger Dependabot update PRs

Fixed

• Replaced use of the pause module with wait_for, which ensures compatibility with playbooks running under strategy: free.

Changed

• Updated the development environment in the repository to Python 3.12

New Contributors

• @markstos made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/415

Changed

• The tags behavior introduced in 4.3.0 for OAuth authkeys has been improved. This replaces the tailscale_oauth_tags variable with tailscale_tags. All --advertise-tags usage should now use tailscale_tags to list their desired tags. (#407) Thanks @McSim85 !

Added

• Added additional validation at the front of the role to catch misconfigured variables. (#407) Thanks @McSim85 !

Added

• Added support for Tailscale OAuth authkey types (#399, #402). Thanks @McSim85 ! Review tailscale_authkey documentation on the README for usage instructions.

Changed

[!IMPORTANT]

• The README uses more modern GitHub Markdown syntax. See if you can spot it.

Removed

• Ubuntu 16.04 is no longer supported by this role. Ubuntu 16.04 serves a version of Python below the minimum requirements for Ansible.

New Contributors

• @McSim85 made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/399

Changed

• Updated Python and GitHub Action dependencies

Fixed

• Fixed a typo introduced in #328 that broke redaction of the authkey in the Report non-sensitive stdout from "tailscale up" step. (#344) Thanks @jonvmey !

New Contributors

• @jonvmey made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/344

Added

• Added support for OSMC by fixing its ansible_distribution translation to debian (#331) Thanks @frodera!

Fixed

• Fixed situations on Fedora-like systems in which a degraded systemd would fail the role execution, when that is actually a continuable state (#336)

Changed

• The tailscale status commands now output in JSON for much easier parsing of tailscale state throughout the role (#328) Thanks @mprasil!
• Improved the Headscale support in the CI suite (#328) Thanks @mprasil!

New Contributors

• @frodera made their first contribution in https://github.com/artis3n/ansible-role-tailscale/pull/331