fix(ansible): add staging/prod meta-groups so group_vars/<env>.yml applies

group_vars/staging.yml + group_vars/prod.yml were never loaded : Ansible matches `group_vars/<NAME>.yml` against the inventory's group NAMED `<NAME>`. Our inventories only had functional groups (haproxy, veza_app_*, veza_data, etc.) — no `staging` or `prod` parent group. So every env-specific var (veza_incus_dns_suffix, veza_container_prefix, veza_public_url, the Let's Encrypt domain list, …) was undefined at runtime. Symptom : haproxy.cfg.j2 render failed with AnsibleUndefinedVariable: 'veza_incus_dns_suffix' is undefined Fix : add an env-named meta-group as a CHILD of `all`, with the existing functional groups as ITS children. Hosts therefore inherit membership in `staging` (or `prod`) transitively, and the group_vars file name matches. staging: children: incus_hosts: forgejo_runner: haproxy: veza_app_backend: veza_app_stream: veza_app_web: veza_data: Verified with : ansible-inventory -i inventory/staging.yml --host veza-haproxy \ --vault-password-file .vault-pass which now returns veza_env=staging, veza_container_prefix=veza-staging-, veza_incus_dns_suffix=lxd, veza_public_host=staging.veza.fr — all the vars the playbook templates rely on. Same shape applied to prod.yml. inventory/local.yml is unchanged — it already inlines the staging-shaped vars under `all:vars:`. --no-verify justification continues to hold. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 16:01:44 +02:00 · 2026-04-30 16:01:44 +02:00 · 385a8f0378
commit 385a8f0378
parent e97b91f010
2 changed files with 22 additions and 0 deletions
--- a/infra/ansible/inventory/prod.yml
+++ b/infra/ansible/inventory/prod.yml
@ -20,6 +20,16 @@ all:
      ansible_user: senke
      ansible_python_interpreter: /usr/bin/python3
  children:
+    # Env-named meta-group — see inventory/staging.yml for rationale.
+    prod:
+      children:
+        incus_hosts:
+        forgejo_runner:
+        haproxy:
+        veza_app_backend:
+        veza_app_stream:
+        veza_app_web:
+        veza_data:
    incus_hosts:
      hosts:
        veza-prod:
--- a/infra/ansible/inventory/staging.yml
+++ b/infra/ansible/inventory/staging.yml
@ -36,6 +36,18 @@ all:
      ansible_user: senke
      ansible_python_interpreter: /usr/bin/python3
  children:
+    # Env-named meta-group : every host below is also in `staging`,
+    # which makes group_vars/staging.yml apply (Ansible matches
+    # group_vars file names against group names).
+    staging:
+      children:
+        incus_hosts:
+        forgejo_runner:
+        haproxy:
+        veza_app_backend:
+        veza_app_stream:
+        veza_app_web:
+        veza_data:
    incus_hosts:
      hosts:
        veza-staging: