Ansible Role dependencies After Role
487 views
Skip to first unread message
ProfHase
Feb 3, 2016, 7:25:35 AM2/3/16
to Ansible Project
Hello,
how do I declare a role dependency which is executed after the role, e.g. :
After every execution of role A, role B is executed
According to this ons:
http://docs.ansible.com/ansible/playbooks_roles.html#roles
the roles in 'dependencies' are executed before.
The Background:
My Role A starts an installer that always overrides the certificates. I also got a certificate deployment role Role B which should always be called after role A.
how do I declare a role dependency which is executed after the role, e.g. :
After every execution of role A, role B is executed
According to this ons:
http://docs.ansible.com/ansible/playbooks_roles.html#roles
the roles in 'dependencies' are executed before.
The Background:
My Role A starts an installer that always overrides the certificates. I also got a certificate deployment role Role B which should always be called after role A.
ProfHase
Feb 17, 2016, 5:14:55 AM2/17/16
to Ansible Project
As there seems to be no way to do this, would it be a feature request?
Alexey Vazhnov
Feb 17, 2016, 7:38:45 AM2/17/16
to Ansible Project
Ansible tasks and roles must be idempotent. If your role can override something, I think it's the wrong way.
Alexey Vazhnov
Feb 17, 2016, 7:40:34 AM2/17/16
to Ansible Project
May be the better way for you is make one playbook for non-idempotent installer role and one for idempotent configuring.
On Wednesday, February 3, 2016 at 5:25:35 PM UTC+5, ProfHase wrote:
ProfHase
Feb 18, 2016, 5:21:56 AM2/18/16
to Ansible Project
Actually everything is idempotent:
The role I consider does upgrade java to a certain release. Of course the cacarts file gets overridden (since some certs might have been revoked etc.).
After each call of this role I need my company certificates to be reincluded into the new cacerts file.
Of course I could simply paste the tasks into this role. Unfortunately, there are some other roles (for e.g. patching some software) which also override the cacerts file.
In this case I will have redundand code in multiple roles.
The role I consider does upgrade java to a certain release. Of course the cacarts file gets overridden (since some certs might have been revoked etc.).
After each call of this role I need my company certificates to be reincluded into the new cacerts file.
Of course I could simply paste the tasks into this role. Unfortunately, there are some other roles (for e.g. patching some software) which also override the cacerts file.
In this case I will have redundand code in multiple roles.
Bourgeois, Ghislain (6013905)
Feb 18, 2016, 9:02:10 AM2/18/16
to Ansible Project
This looks to me like a use case for handlers, but instead of the handler being in a single role, it would apply after many roles. I am not sure this is feasible yet, but would be interested in finding out the solution.
I would have to test, but I think something like this might work:
Role our-cacerts - Containing handler to replace ca-certs if they were changed
Role java - depending on our-cacerts and notifying the handler
Role x - depending on our-cacerts and notifying the handler
I will try to test this today, as we have a use case that would also be solved by this.
Regards,
Ghislain
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/614d2ccd-b50f-4fcd-b125-11b7ac2021bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
I would have to test, but I think something like this might work:
Role our-cacerts - Containing handler to replace ca-certs if they were changed
Role java - depending on our-cacerts and notifying the handler
Role x - depending on our-cacerts and notifying the handler
I will try to test this today, as we have a use case that would also be solved by this.
Regards,
Ghislain
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/614d2ccd-b50f-4fcd-b125-11b7ac2021bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
ProfHase
Feb 20, 2016, 6:54:06 AM2/20/16
to Ansible Project
Merci Ghislain, I ve tried it and it works as you described it, here my files:
Yields
├── main.yml
├── role_a
│ ├── meta
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── role_handler
├── handlers
│ ├── do_certs.yml
│ └── main.yml
└── tasks
├── do_certs.yml
└── main.yml
# role_a/tasks/main.yml
- debug:
msg="Starting Role a"
- command: /bin/false
failed_when: False
changed_when: True
notify:
- do certs
# role_handler/handlers/main.yml
- name: do certs
include: do_certs.yml
# role_handler/tasks/do_certs.yml
- name: copy certs
debug:
msg="Copy Certs"
- name: insert certs
debug:
msg="{{ item }}"
with_items:
- cert1
- cert2
# main.yml
- hosts: localhost
connection: local
roles:
- role_a
Yields
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [role_handler : debug] ****************************************************
ok: [localhost] => {
"msg": "handler role included"
}
TASK [role_a : debug] **********************************************************
ok: [localhost] => {
"msg": "Starting Role a"
}
TASK [role_a : command] ********************************************************
changed: [localhost]
RUNNING HANDLER [role_handler : do certs] **************************************
included: /home/ilya/spielwiese/ansible/post_roles/role_handler/tasks/do_certs.yml for localhost
RUNNING HANDLER [role_handler : copy certs] ************************************
ok: [localhost] => {
"msg": "Copy Certs"
}
RUNNING HANDLER [role_handler : insert certs] **********************************
ok: [localhost] => (item=cert1) => {
"item": "cert1",
"msg": "cert1"
}
ok: [localhost] => (item=cert2) => {
"item": "cert2",
"msg": "cert2"
}
PLAY RECAP *********************************************************************
localhost : ok=7 changed=1 unreachable=0 failed=0
Compilation finished at Sat Feb 20 12:45:07
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [role_handler : debug] ****************************************************
ok: [localhost] => {
"msg": "handler role included"
}
TASK [role_a : debug] **********************************************************
ok: [localhost] => {
"msg": "Starting Role a"
}
TASK [role_a : command] ********************************************************
changed: [localhost]
RUNNING HANDLER [role_handler : do certs] **************************************
included: /home/ilya/spielwiese/ansible/post_roles/role_handler/tasks/do_certs.yml for localhost
RUNNING HANDLER [role_handler : copy certs] ************************************
ok: [localhost] => {
"msg": "Copy Certs"
}
RUNNING HANDLER [role_handler : insert certs] **********************************
ok: [localhost] => (item=cert1) => {
"item": "cert1",
"msg": "cert1"
}
ok: [localhost] => (item=cert2) => {
"item": "cert2",
"msg": "cert2"
}
PLAY RECAP *********************************************************************
localhost : ok=7 changed=1 unreachable=0 failed=0
Compilation finished at Sat Feb 20 12:45:07
Reply all
Reply to author
Forward
0 new messages