Skip to content

Roles

Ansible roles provide a way for you to make it easier to reuse Ansible code generically. A well-written role will allow you to pass variables to the role from the playbook that adjust its behavior, setting all the site-specific hostnames, IP addresses, user names, secrets, or other locally-specific details you need.

Ansible Role Structure

Role structure:

example/
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   └── main.yml
├── templates
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml
  • Not every role will have all of these directories.

Defining Variables and Defaults

Role variables are defined by creating a vars/main.yml file with key: value pairs in the role directory hierarchy. They are referenced in the role YAML file like any other variable: {{ VAR_NAME }}. These variables have a high precedence and can not be overridden by inventory variables. The intent of these variables is that they are used by the internal functioning of the role.

Default variables allow default values to be set for variables that can be used in a play to configure the role or customize its behavior. They are defined by creating a defaults/main.yml file with key: value pairs in the role directory hierarchy. Default variables have the lowest precedence of any variables available.

  • Define a specific variable in either vars/main.yml or defaults/main.yml, but not in both places.
  • Default variables should be used when it is intended that their values will be overridden.

Using Ansible Roles

Example shows one way to call Ansible roles.

---
- hosts: remote.example.com
  roles:
    - role1
    - role2

When you use a roles section to import roles into a play, the roles will run first, before any tasks that you define for that play.

Controlling Order of Execution

For each play in a playbook, tasks execute as ordered in the tasks list. After all tasks execute, any notified handlers are executed.

When a role is added to a play, role tasks are added to the beginning of the tasks list. If a second role is included in a play, its tasks list is added after the first role.

It may be necessary to execute some play tasks before the roles. To support such scenarios, plays can be configured with a pre_tasks section.

Plays also support a post_tasks keyword. These tasks execute after the play's normal tasks, and any handlers they notify, are run.

Roles can be added to a play using an ordinary task, not just by including them in the roles section of a play. Use the include_role module to dynamically include a role, and use the import_role module to statically import a role.

**Red Hat Enterprise Linux System Roles

Beginning with Red Hat Enterprise Linux 7.4, a number of Ansible roles have been provided with the operating system as part of the rhel-system-roles package.

On RHEL Ansible control noe with vail subscription:

yum install rhel-system-roles

RHEL System roles are located in the /usr/share/ansible/roles.

Creating Roles

Ansible looks for roles in a subdirectory called roles in the directory containing your Ansible Playbook. If Ansible cannot find the role there, it looks at the directories specified by the Ansible configuration setting roles_path, in order.

You can create all the subdirectories and files needed for a new role using standard Linux commands or using the ansible-galaxy init to create the directory structure for a new role.

Defining the Role Content

The following example demonstrates managing motd using tasks, templates and defaults.

tasks/main.yml
---
- name: deliver motd file
  template:
    src: motd.j2
    dest: /etc/motd
    owner: root
    group: root
    mode: 0444
templates/motd.j2
This is the system {{ ansible_facts['hostname'] }}.

Today's date is: {{ ansible_facts['date_time']['date'] }}.

Only use this system with permission.
You can ask {{ system_owner }} for access.
defaults/main.yml
---
system_owner: user@host.example.com

Role Dependencies

Role dependencies allow a role to include other roles as dependencies.

Sample file:

meta/main.yml
---
dependencies:
  - role: apache
    port: 8080
  - role: postgres
    dbname: listdb
    admin_user: admin

The value of any variable defined in a role's defaults directory will be overwritten if that same variable is defined:

  • in an inventory file
  • in a YAML file under the group_vars or host_vars directories of a playbook project
  • as a variable nested in the vars keyword of a play
  • as a variable when including the role in roles keyword of a play

Ansible Galaxy Command-Line Tool

Command include:

ansible-galaxy search
ansible-galaxy info
ansible-galaxy install 
ansible-galaxy list
ansible-galaxy remove

By default, roles are installed into the first directory that is writable in the user's roles_path.

Example:

ansible-galaxy install geerlingguy.redis -p roles/

You can create a roles/requirements.yml file in the project directory that specifies roles.

Example:

ansible-galaxy install -r roles/requirements.yml -p roles

You can use ansible-galaxy to install roles that are not in Ansible Galaxy. You can host your own proprietary or internal roles in a private Git repository or on a web server.

Example:

# from any Git-based repository, using HTTPS
- src: https://gitlab.com/sample/ansible-role.git
  scm: git
  version: master
  name: sample