Ansible role to install and configure a Tailscale node.
tailscale up
wouldn't properly redact the authkey when it was used with headscale keys, since their format doesn't match the tskey
pattern. The redaction now uses the tailscale_authkey
variable to ensure that exact value is always redacted. This is how redaction already worked in other areas of the role, but was missed in this step. #456 (Thanks @fredrikekre !)tailscale update
due to an incompatible name for the tailscale source list file. This is now corrected. #449 (Thanks @cnkk !)state: absent
now fully removes all Tailscale configuration data from your device. Previously, this role would uninstall Tailscale, but that might leave the /var/lib/tailscale
directory behind, which contains a tailscaled.state
file alongside log files which may contain information about your tailnet. The tailscaled.state
file could also hypothetically be used to re-authenticate the server to your tailnet if the server is not de-authorized, however this role runs tailscale logout
during uninstallation so the server is always de-authorized from your tailnet. However, I expect users don't want log files, and even stale configuration files, lying around after state: absent
. #435 (Thanks @McSim85 !) #444geerlingguy/docker-debian12-ansible
instead of cisagov/docker-debian12-ansible
in the CI suite because the cisagov repo has been archived.tailscale up
command now incorporates tailscale_up_timeout
. Previously the tailscale_up_timeout
would just be passed to the tailscale up
command and would signify how long the process should wait for tailscaled
to become available. However, if that took longer than 60s, ansible would kill the async task. The async polling will now always be larger than the value in tailscale_up_timeout
. #426 (Thanks @McSim85 !)tailscale_authkey_sting
to tailscale_authkey_string
. This is an internal fact created inside the role so this rename should not impact end users, therefore we are keeping this a patch release.pause
module with wait_for
, which ensures compatibility with playbooks running under strategy: free
.tailscale_oauth_tags
variable with tailscale_tags
. All --advertise-tags
usage should now use tailscale_tags
to list their desired tags. (#407) Thanks @McSim85 !tailscale_authkey
documentation on the README for usage instructions.[!IMPORTANT]
- The README uses more modern GitHub Markdown syntax. See if you can spot it.
Report non-sensitive stdout from "tailscale up"
step. (#344) Thanks @jonvmey !ansible_distribution
translation to debian
(#331) Thanks @frodera!tailscale status
commands now output in JSON for much easier parsing of tailscale state throughout the role (#328) Thanks @mprasil!