From 609a88ddcfae1222ac4360658adcbc334b125245 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Wed, 24 Jun 2026 20:50:19 +0800 Subject: [PATCH] feat(bridge): fail fast when bridge domain is empty/non-FQDN under Caddy exposure Non-empty pass-through check: xworkmate_bridge_domain feeds /etc/hostname and the caddy site name; an empty/non-FQDN/127.0.0.1 value yields an invalid Caddyfile. Assert a valid FQDN when caddy_enabled (public ingress), with a clear remediation message (set XWORKMATE_BRIDGE_DOMAIN or provide CMDB service_domains). Co-Authored-By: Claude Opus 4.8 --- roles/vhosts/xworkmate_bridge/tasks/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/vhosts/xworkmate_bridge/tasks/main.yml b/roles/vhosts/xworkmate_bridge/tasks/main.yml index aa9400f..ab35629 100644 --- a/roles/vhosts/xworkmate_bridge/tasks/main.yml +++ b/roles/vhosts/xworkmate_bridge/tasks/main.yml @@ -16,6 +16,21 @@ state: present when: ansible_os_family not in ['Darwin', 'Debian', 'Windows'] +# 非空传递检查:bridge 域名喂给 /etc/hostname 与 caddy 站点名;空/非 FQDN/127.0.0.1 +# 会渲染出无效 Caddyfile。公网暴露(caddy_enabled)时必须是合法 FQDN,缺失即抛错。 +- name: Assert bridge domain is a non-empty FQDN when exposed via Caddy + ansible.builtin.assert: + that: + - xworkmate_bridge_domain | default('') | trim | length > 0 + - "'.' in xworkmate_bridge_domain" + - xworkmate_bridge_domain not in ['127.0.0.1', 'localhost'] + fail_msg: >- + xworkmate_bridge_domain 必须是非空 FQDN(用于 /etc/hostname 与 + /etc/caddy/conf.d/xworkmate-bridge 站点名)。请设置 XWORKMATE_BRIDGE_DOMAIN, + 或在 CMDB/inventory 提供 service_domains(当前解析为 + "{{ xworkmate_bridge_domain | default('') }}")。 + when: caddy_enabled | default(true) | bool + # 把目标主机 hostname 设为 bridge 域名(= XWORKMATE_BRIDGE_DOMAIN,否则 CMDB # service_domains)。仅 Linux、且为合法 FQDN 时设置;绝不取 127.0.0.1/localhost。 - name: Set host FQDN from xworkmate-bridge domain