Automating enrollment/configuration using Ansible

I’m beginning to deploy Tailscale (on Linux) across a network of machines that I manage using Ansible. Adding the repository key/repository is easy, as is installing the package.

I’d like to be able to test from within an Ansible task two things:

  • Whether the node has been joined to a network or not

  • What the current set of flags are (preferably in JSON)

With this information I should be able to fully automate deployment and enrollment. Is this possible?

On the device: tailscale netcheck --format=json or tailscale status --json are likely to be sufficient.

The API can also provide a way to check: tailscale/ at main · tailscale/tailscale · GitHub

OK, step 1 sucessful, the Ansible playbook below will check to see if the machine needs to be authorized and if so, prompt for an authkey and then apply it.

- name: check authentication status
    - ansible.builtin.set_fact:
        _auth_needed: false

    - register: _status
      changed_when: false
          - 'tailscale'
          - 'status'
          - '--json'

    - when: _fields.BackendState == "NeedsLogin"
        _auth_needed: true
        _fields: "{{ _status.stdout | from_json }}"

- name: authenticate if needed
  when: _auth_needed
    - name: get authorization key
      register: _authkey
        prompt: "Enter Tailscale authorization key"
        echo: yes

    - name: authorize machine
          - 'tailscale'
          - 'up'
          - '--authkey'
          - "{{ _authkey.user_input }}"

I find this role to be well maintained and featured enough for my purposes: GitHub - artis3n/ansible-role-tailscale: Ansible role to install and enable a Tailscale node.

1 Like