search

jason-riddle / ansible-role-tailscale

Tailscale on Linux.
https://galaxy.ansible.com/ui/standalone/roles/jason_riddle/tailscale/
MIT License
6 stars 0 forks source link

Add Support for Auto Updates #109

Open jason-riddle opened 2 months ago

jason-riddle commented 2 months ago

Tailscale now supports auto updates.

This feature was made GA on Feb 14 (https://tailscale.com/changelog#2024-02-14). It was first introduced, in beta, on Oct 30, 2023 in v1.52.0 (https://tailscale.com/changelog#2023-10-30)

To enable auto updates, run tailscale set --auto-update=true. Here's an example in ansible

- name: Enable auto updates.
  command: tailscale set --auto-update=true
  changed_when: false

To disable auto updates, run tailscale set --auto-update=false. Here's an example in ansible

- name: Disable auto updates.
  command: tailscale set --auto-update=false
  changed_when: false

You can also run a one-off command like so

ansible cluster --module-name ansible.builtin.command --args='tailscale set --auto-update=false' --one-line

Perhaps tailscale status --json will show the current value?

See https://tailscale.com/kb/1067/update?tab=linux for more info.

What would be nice is if there was a way to configure this in a native ansible manner. So maybe,

tailscale_auto_update_enabled: false

Which means, by default leave it as disabled. To enable, set the variable to true.

jason-riddle commented 1 month ago

I've been thinking about this more and this might not be a good feature to implement.

tailscale set has a lot things you can set (https://tailscale.com/kb/1080/cli#set). So I'm not sure if the best approach is to have a variable per thing I want to set, so for auto updates, it's

tailscale_auto_update_enabled: false

Or do I want something more flexible, as an example a way to set multiple flags

tailscale_set_flags:
  - accept-dns: true
  - auto-update: false
  # - etc..

The first approach is cleaner and would be simpler to test. I think maintenance would be fine as long as the tailscale set --auto-update flag doesn't go away.

The second approach would be harder to implement and test. However, it offers a lot of flexiblity to a) set current and future flags as they exist and b) remove flags if for some reason they become deprecated.

A third option is to just add another molecule test that a) sets the update flag to true, b) confirm's it's been set to true, and vice versa for setting it to false. Also, update the README to include information on how to set the flag via a one-off ansible command under a "Ad Hoc Command - Configuring Automatic Updates" section.

Something for setting it to true

ansible cluster --module-name ansible.builtin.command --args='tailscale set --auto-update=true' --one-line

and for setting it to false

ansible cluster --module-name ansible.builtin.command --args='tailscale set --auto-update=false' --one-line