feat(bridge): set host FQDN + caddy site from XWORKMATE_BRIDGE_DOMAIN or CMDB service_domains

- xworkmate_bridge_domain falls back to the first CMDB service_domains entry (inventory hostvar / pipeline-injected env) before ai_workspace_public_domain. - New task sets the host's /etc/hostname (and running hostname) to that FQDN on Linux when it's a valid FQDN — never 127.0.0.1/localhost. The caddy site (xworkmate-bridge-site.caddy.j2) already uses the same var. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 15:56:30 +08:00 · 2026-06-24 15:56:30 +08:00 · 3709074916
commit 3709074916
parent c3a0e40566
2 changed files with 19 additions and 1 deletions
--- a/roles/vhosts/xworkmate_bridge/defaults/main.yml
+++ b/roles/vhosts/xworkmate_bridge/defaults/main.yml
@ -49,7 +49,14 @@ deploy_acp_hermes: true

 # Unified domain settings
 ai_workspace_public_domain: "{{ lookup('ansible.builtin.env', 'SERVER_DOMAIN') | default(lookup('ansible.builtin.env', 'ACP_BRIDGE_DOMAIN') | default(lookup('ansible.builtin.env', 'BRIDGE_DOMAIN') | default('xworkmate-bridge.svc.plus', true), true), true) }}"
-xworkmate_bridge_domain: "{{ lookup('ansible.builtin.env', 'XWORKMATE_BRIDGE_DOMAIN') | default(ai_workspace_public_domain, true) }}"
+# 域名优先级：XWORKMATE_BRIDGE_DOMAIN(env，operator 指定) > CMDB service_domains
+# 首个域名(inventory hostvar；on-host 模型由流水线作为该 env 传入) > ai_workspace_public_domain。
+# 用作 xworkmate-bridge.caddy 站点名与 /etc/hostname，绝不为空/127.0.0.1。
+xworkmate_bridge_domain: >-
+  {{ lookup('ansible.builtin.env', 'XWORKMATE_BRIDGE_DOMAIN')
+     | default((service_domains | default('', true) | string | split(',')
+               | map('trim') | reject('equalto', '') | list | first | default('', true)), true)
+     | default(ai_workspace_public_domain, true) }}

 # When false, disables public Caddy access to XWorkmate Bridge.
 xworkmate_bridge_public_access: true
--- a/roles/vhosts/xworkmate_bridge/tasks/main.yml
+++ b/roles/vhosts/xworkmate_bridge/tasks/main.yml
@ -16,6 +16,17 @@
    state: present
  when: ansible_os_family not in ['Darwin', 'Debian', 'Windows']

+# 把目标主机 hostname 设为 bridge 域名(= XWORKMATE_BRIDGE_DOMAIN，否则 CMDB
+# service_domains)。仅 Linux、且为合法 FQDN 时设置；绝不取 127.0.0.1/localhost。
+- name: Set host FQDN from xworkmate-bridge domain
+  ansible.builtin.hostname:
+    name: "{{ xworkmate_bridge_domain }}"
+  when:
+    - ansible_os_family not in ['Darwin', 'Windows']
+    - xworkmate_bridge_domain | default('') | trim | length > 0
+    - "'.' in xworkmate_bridge_domain"
+    - xworkmate_bridge_domain not in ['127.0.0.1', 'localhost']
+
 - name: Ensure xworkmate-bridge service group exists
  ansible.builtin.group:
    name: "{{ xworkmate_bridge_service_group }}"