Abort Playbook on Play Failure

Archives Ansible Project
1

I’m trying to use Ansible to automate the creation of Amazon machine images. The basic process is: 1) create an instance 2) run ansible play on that instance 3) convert that instance to an AMI

Right now I’m cramming all of these steps into one playbook with three separate plays, primarily because the AWS API is run against the host ‘localhost’ whereas provisioning the instance with Ansible requires pointing Ansible to the instance. The problem is that the ‘convert instance to ami’ play will run regardless of whether the previous play succeeded or failed. I only want to create the AMI if the instance was actually successfully provisioned, but I haven’t found a good way to do it. Playbook looks like this:

2

Use ansible maximum fail percentage and set it to 1% (or 0% if 0 isn't treated special). This way, if any tasks fail on the play executing on the play running against the nodejs group, the Ami play following will not run. http://docs.ansible.com/ansible/playbooks_delegation.html#maximum-failure-percentage

3

Thanks for the suggestion. Unfortunately, this does not work. I tried your suggestion:

  • name: run ansible on all hosts in group
    become: yes
    hosts: nodejs
    max_fail_percentage: 1
    roles:
  • nodejs

… as well as the ‘any_errors_fatal’ option, like this:

  • name: run ansible on all hosts in group
    become: yes
    hosts: nodejs
    any_errors_fatal: True
    roles:
  • nodejs

However, regardless of failure on the play run against nodejs, the playbook continues running straight into the ‘convert instance to ami’ play:

  • name: convert instance to ami
    hosts: localhost
    vars:
    region: us-west-2
    tasks:
  • name: build ami
    ec2_ami:
    name: amlx-nodejs
    description: basic nodejs image
    instance_id: “{{item.id}}”
    region: “{{region}}”
    wait: yes
    with_items: ec2.tagged_instances

Is this the way Ansible is supposed to work? Should I be separating this out into separate playbooks and having a service like Jenkins manage running multiple playbooks?

4

My solution has been to build testing into the image-building step, so:

  1. create instance
  2. run nodejs ansible role on instance
  3. bake instance into image… but don’t do it if port 80 isn’t open on the instance:
  • name: convert instance to ami

hosts: localhost
vars:
region: us-west-2
tags: { type: nodejs-pre-image }

check that the web daemon will actually start before building the image

– this test could definitely be more comprehensive, ie, with uri module

tasks:

  • name: wait for port 80 open
    wait_for:
    host: “{{item.private_ip}}”
    port: 80
    with_items: ec2.tagged_instances
  • name: build ami
    ec2_ami:

[ … and so on … ]

This has the added benefit of forcing me to do what I’ve been meaning to do anyway, build some testing into my Ansible scripts. That’s a good thing!