Ansible Role dependencies After Role

Archives Ansible Project
1

Hello,

how do I declare a role dependency which is executed after the role, e.g. :

After every execution of role A, role B is executed

According to this ons:

http://docs.ansible.com/ansible/playbooks_roles.html#roles

the roles in ‘dependencies’ are executed before.

The Background:
My Role A starts an installer that always overrides the certificates. I also got a certificate deployment role Role B which should always be called after role A.

2

As there seems to be no way to do this, would it be a feature request?

3

Ansible tasks and roles must be idempotent. If your role can override something, I think it’s the wrong way.

4

May be the better way for you is make one playbook for non-idempotent installer role and one for idempotent configuring.

5

Actually everything is idempotent:

The role I consider does upgrade java to a certain release. Of course the cacarts file gets overridden (since some certs might have been revoked etc.).
After each call of this role I need my company certificates to be reincluded into the new cacerts file.

Of course I could simply paste the tasks into this role. Unfortunately, there are some other roles (for e.g. patching some software) which also override the cacerts file.
In this case I will have redundand code in multiple roles.

6

This looks to me like a use case for handlers, but instead of the handler being in a single role, it would apply after many roles. I am not sure this is feasible yet, but would be interested in finding out the solution.

I would have to test, but I think something like this might work:

Role our-cacerts - Containing handler to replace ca-certs if they were changed
Role java - depending on our-cacerts and notifying the handler
Role x - depending on our-cacerts and notifying the handler

I will try to test this today, as we have a use case that would also be solved by this.

Regards,

Ghislain

7

Merci Ghislain, I ve tried it and it works as you described it, here my files:

`
├── main.yml
├── role_a
│ ├── meta
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── role_handler
├── handlers
│ ├── do_certs.yml
│ └── main.yml
└── tasks
├── do_certs.yml
└── main.yml

`

`

role_a/tasks/main.yml

  • debug:
    msg=“Starting Role a”

  • command: /bin/false
    failed_when: False
    changed_when: True
    notify:

  • do certs

`

`

role_handler/handlers/main.yml

  • name: do certs
    include: do_certs.yml

`

`

role_handler/tasks/do_certs.yml

  • name: copy certs
    debug:
    msg=“Copy Certs”

  • name: insert certs
    debug:
    msg=“{{ item }}”
    with_items:

  • cert1

  • cert2

main.yml

  • hosts: localhost
    connection: local
    roles:
  • role_a

`

Yields