ansible-proxy-chain/openspec/changes/archive/2026-04-22-fix-trojan-go-extract-dir/design.md

Context

The roles/trojan/tasks/main.yml playbook downloads a trojan-go zip archive to /tmp/trojan-go.zip, then attempts to extract it using ansible.builtin.unarchive with dest: /tmp/trojan-go-extract/. The Ansible unarchive module requires the destination directory to already exist on the remote host — it does not create it automatically. No task in the playbook creates this directory, causing a fatal failure on line 23.

Goals / Non-Goals

Goals:

• Ensure /tmp/trojan-go-extract/ exists before the unarchive task runs
• Keep the fix minimal — no architectural changes

Non-Goals:

• No changes to version, download URL, or extraction logic
• No refactoring of surrounding tasks

Decisions

Add an ansible.builtin.file task with state: directory immediately before the existing unarchive task (line 23). This is the most direct fix and matches the pattern already used elsewhere in the same playbook (e.g., line 9-15 for the config directory).

Alternatives considered:

• Use unarchive with a different dest that already exists (e.g., /tmp/): would pollute /tmp with extra files and require filtering logic.
• Add create_dest: yes-style parameter: no such parameter exists in Ansible's unarchive module.

Risks / Trade-offs

• [Leftover /tmp directory on failure] → The cleanup task at line 46-52 already removes /tmp/trojan-go-extract on success. On failure mid-playbook, the directory persists but /tmp is volatile and cleaned on reboot.