I’m beginning to deploy Tailscale (on Linux) across a network of machines that I manage using Ansible. Adding the repository key/repository is easy, as is installing the package.
I’d like to be able to test from within an Ansible task two things:
Whether the node has been joined to a network or not
What the current set of flags are (preferably in JSON)
With this information I should be able to fully automate deployment and enrollment. Is this possible?
On the device: tailscale netcheck --format=json or tailscale status --json are likely to be sufficient.
The API can also provide a way to check: tailscale/api.md at main · tailscale/tailscale · GitHub
OK, step 1 sucessful, the Ansible playbook below will check to see if the machine needs to be authorized and if so, prompt for an authkey and then apply it.
- name: check authentication status
block:
- ansible.builtin.set_fact:
_auth_needed: false
- register: _status
changed_when: false
ansible.builtin.command:
argv:
- 'tailscale'
- 'status'
- '--json'
- when: _fields.BackendState == "NeedsLogin"
ansible.builtin.set_fact:
_auth_needed: true
vars:
_fields: "{{ _status.stdout | from_json }}"
- name: authenticate if needed
when: _auth_needed
block:
- name: get authorization key
register: _authkey
ansible.builtin.pause:
prompt: "Enter Tailscale authorization key"
echo: yes
- name: authorize machine
ansible.builtin.command:
argv:
- 'tailscale'
- 'up'
- '--authkey'
- "{{ _authkey.user_input }}"
I find this role to be well maintained and featured enough for my purposes: GitHub - artis3n/ansible-role-tailscale: Ansible role to install and enable a Tailscale node.