Local ansible-playbook run playbook with vars for role

ansible

I'm pretty new to ansible so I might be setting up things wrong. My idea is I have certain classes of servers. (monitor,web,db for example)

I want to run a local ansible run on them so my play for monitor looks something like

---

# plays/monitor.yaml

- hosts: mongo
  connection: local
  hosts: localhost
  become: yes
  become_user: root
  roles:
    - ../roles/users
    - ../roles/monitor
  vars:
    sensu_install_client: true
    sensu_install_server: true

My roles/monitor/tasks/main.yml looks like

---

# roles/monitor/tasks/main.yaml

- include: common.yml

- include: server.yml
  when: sensu_install_server

- include: client.yml
  when: sensu_install_client

I want to be able to pass in vars so includes will happen in the role. So when I setup my api instances I can do something like

vars:
   sensu_install_client: true

In the play and it will just include the client.yml from the monitor role.

Best Answer

It's not clear to me why this is not working. I can't see a problem. But let me give you some general recommendations, maybe that'll help you too.

Best practice is to have your playbooks on the root level. Have a look at this structure. With that setup, you do not need to specify the path to the roles as Ansible automatically expects roles in the roles directory relative to the playbook. Then your roles section in the playbook is much cleaner:

roles:
  - users
  - monitor

Instead of defining global variables to trigger actions inside roles you can use two other approaches.

1. role parameters

Roles can have parameters. If you want to pass parameters you simply have to convert it to a dictionary:

roles:
  - users
  - role: monitor
    sensu_install_client: true
    sensu_install_server: true

The variables sensu_install_client and sensu_install_server then are available only in the role monitor. This is a litte more cleaner and also makes it clear to anybody these vars will be used in this role, not in the users role.

2. tags

Tags actually are the way how to trigger specific parts of a playbook/roles. Tags though are passed from the command line and not by hardcoded variables in the playbook. Imagine your role main.yml looks like this:

---

# roles/monitor/tasks/main.yaml

- include: common.yml
  tags: always

- include: server.yml
  tags: server

- include: client.yml
  tags: client

The tag always is special and will run the tagged tasks... well you guessed it... always.

Now you would call your playbook like this:

ansible-playbook monitor.yml --tags server

ansible-playbook monitor.yml --tags client

Or if you want to run both you even could do:

ansible-playbook monitor.yml --tags "client,server"

If you use this, don't forget to tag your users role accordingly, or it will not be ran at all.

If you do not specify any --tags all tasks are executed, if you want to filter specific tags you can use the --skip-tags option

ansible-playbook monitor.yml --skip-tags "server"

You could even filter the always tag.

ansible-playbook monitor.yml --tags "server" --skip-tags "always"

Related Solutions

Are Ansible handlers defined in roles ran after the entire playbook or the role

Handlers are executed:

at the end of a play (not playbook)
on executing the meta: flush_handlers task

So "to add a 6 role to the end that needs to have the handlers of the 4th role" you need:

either to split the role assignment into separate plays;

or add a meta task and include the 6th role with include_role module:

roles:
  - role4
tasks:
  - meta: flush_handlers
  - include_role:
      name: role6

For your use case, I'd suggest the first method as the include_role module is still very fresh and there are quirks when using it (see this question on SO).

Moreover, please notice that handlers' names and listen calls are global, so two handlers in separate roles will be in conflict if they had the same name and both roles were assigned in a single play. (ref. Handlers: Running Operations On Change)

Handlers [ ] are referenced by a globally unique name, and are notified by notifiers. [ ] a handler, it will run only once, after all of the tasks complete in a particular play.

Handler names and listen topics live in a global namespace.

Empirical proof (run this shell script to confirm handlers are executed at the end of the play - there were contradicting comments and answers here):

#!/bin/bash

mkdir -p ./sf831880/roles/role1
mkdir -p ./sf831880/roles/role1/handlers
mkdir -p ./sf831880/roles/role1/tasks
mkdir -p ./sf831880/roles/role2
mkdir -p ./sf831880/roles/role2/handlers
mkdir -p ./sf831880/roles/role2/tasks

cat >./sf831880/roles/role1/tasks/main.yml <<TASKS1_END
---
- name: Always true in role1
  command: echo role1
  notify: handler1
TASKS1_END

cat >./sf831880/roles/role2/tasks/main.yml <<TASKS2_END
---
- name: Always true in role2
  command: echo role2
  notify: handler2
TASKS2_END

cat >./sf831880/roles/role1/handlers/main.yml <<HANDLERS1_END
---
- name: handler1
  debug:
    msg: "This is a handler in role1"
HANDLERS1_END

cat >./sf831880/roles/role2/handlers/main.yml <<HANDLERS2_END
---
- name: handler2
  debug:
    msg: "This is a handler in role2"
HANDLERS2_END

cat >./sf831880/playbook.yml <<PLAYBOOK_END
---
- hosts: localhost
  gather_facts: no
  connection: local
  roles:
    - role1
    - role2
  tasks:
    - debug:
        msg: "This is a task in a play"
PLAYBOOK_END

ansible-playbook ./sf831880/playbook.yml

Result:

PLAY [localhost] ***************************************************************

TASK [role1 : Always true in role1] ********************************************
changed: [localhost]

TASK [role2 : Always true in role2] ********************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "msg": "This is a task in a play"
}

RUNNING HANDLER [role1 : handler1] *********************************************
ok: [localhost] => {
    "msg": "This is a handler in role1"
}

RUNNING HANDLER [role2 : handler2] *********************************************
ok: [localhost] => {
    "msg": "This is a handler in role2"

Play modified to contain meta: flush_handlers:

---
- hosts: localhost
  gather_facts: no
  connection: local
  roles:
    - role1
    - role2
  tasks:
    - meta: flush_handlers
    - debug:
        msg: "This is a task in a play"

The result:

PLAY [localhost] ***************************************************************

TASK [role1 : Always true in role1] ********************************************
changed: [localhost]

TASK [role2 : Always true in role2] ********************************************
changed: [localhost]

RUNNING HANDLER [role1 : handler1] *********************************************
ok: [localhost] => {
    "msg": "This is a handler in role1"
}

RUNNING HANDLER [role2 : handler2] *********************************************
ok: [localhost] => {
    "msg": "This is a handler in role2"
}

TASK [debug] *******************************************************************
ok: [localhost] => {
    "msg": "This is a task in a play"

How to use vars in ansible roles

The problem is with the way you use with_items: bare variables are unsupported for quite a while already.

Correct your loop like this: with_items: "{{ ssh_vars }}"