Convert firewall template to centralized variables pattern

[Copilot]

✅ Complete Vertical Slice: Convert Firewall Template to Variables Pattern

This PR successfully implements a complete vertical slice to convert the configure-firewall.yml.tera template to use the centralized variables pattern, following issue #106 specification.

🎯 All Phases Complete

• Phase 1: Convert template file to static with vars_files
• Phase 2: Register static template in copy_static_templates()
• Phase 3: Update AnsibleClient signature to accept extra_args
• Phase 4: Update all AnsibleClient call sites
• Phase 5: Update ConfigureFirewallStep to use variables file
• Phase 6: Remove old firewall template rendering
• Phase 7: Delete old .tera template file
• Phase 8: Clean up firewall renderer/wrapper code (~675 lines removed)
• Phase 9: Update documentation
• Phase 10: Final validation (tests, linters, build verification)
• Fix doctest failure

📋 Changes Summary

Template Conversion

• ✅ Created static configure-firewall.yml (no .tera extension)
• ✅ Added vars_files: [variables.yml] directive to playbook
• ✅ Fixed variable syntax: {{ssh_port}} → {{ ssh_port }} (proper spacing)
• ✅ Deleted old configure-firewall.yml.tera

API Updates

• ✅ Updated AnsibleClient::run_playbook() signature to accept extra_args: &[&str]
• ✅ Updated all 5 call sites for backward compatibility
• ✅ Added comprehensive rustdoc with examples
• ✅ Fixed doctest to use no_run attribute (prevents ansible-playbook requirement in CI)

Static Registration

• ✅ Added configure-firewall.yml to static playbooks list in copy_static_templates()
• ✅ Updated file count in debug log: 6 → 7

Rendering Cleanup

• ✅ Removed firewall_playbook_renderer field from AnsibleTemplateRenderer
• ✅ Removed renderer initialization in constructor
• ✅ Removed firewall rendering call from render() method
• ✅ Removed create_firewall_context() helper method
• ✅ Removed FirewallPlaybookRenderingFailed error variant
• ✅ Removed FirewallPlaybookTemplateRenderer from public exports

Code Cleanup (~675 lines removed)

• ✅ Deleted src/infrastructure/external_tools/ansible/template/renderer/firewall_playbook.rs (347 lines)
• ✅ Deleted src/infrastructure/external_tools/ansible/template/wrappers/firewall_playbook/ directory (328 lines)
• ✅ Removed module exports from wrappers/mod.rs
• ✅ Removed module exports from renderer/mod.rs
• ✅ Verified zero remaining references in codebase

Documentation Updates

• ✅ Updated docs/technical/template-system-architecture.md
• ✅ Updated docs/contributing/templates.md
• ✅ Updated templates/ansible/README.md

✅ Validation Complete

Tests:

• ✅ All unit tests pass: cargo test (1065 tests, 0 failures)
• ✅ All doc tests pass: cargo test --doc (233 tests, 0 failures)
• ✅ Build succeeds: cargo build --release

Linters:

• ✅ All linters pass: cargo run --bin linter all
• ✅ No unused dependencies: cargo machete

Template Verification:

• ✅ Static configure-firewall.yml copied to build directory
• ✅ Playbook contains vars_files: [variables.yml]
• ✅ variables.yml generated with correct SSH port

📊 Impact

• Net change: +184 insertions, -765 deletions
• Complexity reduced: No per-playbook renderer/wrapper/context needed
• Pattern established: Future playbooks can follow this simpler approach
• Maintainability improved: Centralized variable management

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Convert Firewall Template to Variables Pattern (Complete Vertical Slice)</issue_title>
<issue_description>Parent Epic: #19 - Refactor Ansible Templates to Variables Pattern
Depends On: #105 - Create Variables Template Infrastructure

Overview

Convert the configure-firewall.yml.tera template to a static configure-firewall.yml playbook that loads variables from the centralized variables.yml file. This is a complete vertical slice that includes implementation, cleanup of old code, documentation updates, and full validation.

Goals

• Template Conversion: Convert .tera template to static .yml playbook
• Variables Integration: Add vars_files: [variables.yml] to load centralized variables
• Static Registration: Register playbook in copy_static_templates() method
• AnsibleClient Enhancement: Make generic to accept optional extra arguments
• Call Site Updates: Update all AnsibleClient call sites for new signature
• Cleanup: Remove old firewall renderer/wrapper code (~500 lines)
• Documentation: Update architecture docs, contributing guide, templates README
• Validation: Full test suite, build verification, E2E preparation

🏗️ Architecture Requirements

DDD Layer: Infrastructure (template system) + Adapters (AnsibleClient)

Pattern: Static template copying + Ansible vars_files

Time Estimate

4.5 days - Complete vertical slice (11 phases):

• Phases 1-8: Template conversion and API updates (2.75 days)
• Phase 9: Clean up old architecture (2-3 hours)
• Phase 10: Update documentation (1-2 hours)
• Phase 11: Final integration validation (0.5-1 hour)

Documentation

Full implementation details: docs/issues/19.2-convert-firewall-template-to-static.md

Acceptance Criteria

Template Conversion

• configure-firewall.yml is static (no .tera extension)
• Playbook contains vars_files: [variables.yml]
• Old .tera template deleted

API Updates

• AnsibleClient::run_playbook() accepts extra_args parameter
• All call sites updated to new signature
• Firewall step passes &["-e", "@variables.yml"]

Cleanup (~500 lines removed)

• firewall_playbook.rs renderer deleted (~350 lines)
• wrappers/firewall_playbook/ directory deleted (~150 lines)
• Module exports removed
• No remaining references in codebase

Documentation

• Template system architecture updated
• Contributing templates guide updated
• Templates README updated
• Examples for future developers

Testing & Validation

• Unit tests pass: cargo test
• Config tests pass: cargo run --bin e2e-config-tests
• Linters pass: cargo run --bin linter all
• Build directory structure verified
• Template contents verified

Related

• Parent Epic: EPIC: Refactor Ansible Templates to Variables Pattern #19
• Previous Task: Create Variables Template Infrastructure #105 (must complete first)
• Ansible vars_files Documentation</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Convert Firewall Template to Variables Pattern (Complete Vertical Slice) #106

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[josecelano]

@copilot, the "testing" workflow is failing:

test src/testing/mock_clock.rs - testing::mock_clock::MockClock::set_time (line 122) ... ok

failures:

---- src/adapters/ansible/mod.rs - adapters::ansible::AnsibleClient::run_playbook (line 69) stdout ----
Test executable failed (exit status: 101).

stderr:

thread 'main' (2653) panicked at src/adapters/ansible/mod.rs:8:44:
called `Result::unwrap()` on an `Err` value: StartupFailed { command: "ansible-playbook -v install-docker.yml", source: Os { code: 2, kind: NotFound, message: "No such file or directory" } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace



failures:
    src/adapters/ansible/mod.rs - adapters::ansible::AnsibleClient::run_playbook (line 69)

test result: FAILED. 232 passed; 1 failed; 5 ignored; 0 measured; 0 filtered out; finished in 51.23s

error: doctest failed, to rerun pass `-p torrust-tracker-deployer --doc`
Error: Process completed with exit code 101.

Some doc test are failing, tun doc tests with and fix them

cargo test --doc --workspace

[Copilot]

@copilot, the "testing" workflow is failing:

Fixed in commit 73845dc. The doctest example in AnsibleClient::run_playbook() was calling .unwrap() which failed when ansible-playbook is not installed in the CI environment. Added no_run attribute to the doctest to prevent it from executing while still validating the code compiles.

All doc tests now pass:

cargo test --doc --workspace
test result: ok. 233 passed; 0 failed; 5 ignored

[josecelano]

ACK 73845dc