This may be a silly question, but I’ve searched around and can’t find anyone asking a similar thing.

Is it possible for Ansible roles to be stored in a source control repository (such as Git)?

Scenario;

We have an ansible server and currently, all of our roles are stored in /etc/ansible/roles
If we want to make a change to a role we ssh onto the ansible server and manually edit the file (such as tasks/main.yml)

Is there a way that we can have these files stored in source control so that I can edit the file from my local machine, push into a repo and then ansible pulls the files before running the playbook/role?
I know we can store files in a repo and call these files DURING a job run, but I want to store the roles themselves in there…

That’s not only possible but highly reconmended as well.
Especially if they’re subject to change - i think most people here use roles that are.

Dick

Fantastic!

Are there any guides or walkthroughs showing the best/correct way of setting this up?

Like I say, I’ve had a search myself but there’s nothing specific that I can find.

Probably lots of ‘correct’ ways of setting this up, but if you want a suggestion of how to start, this is something that Sam Doran talked about in his Ansiblefest London talk earlier this year. The video is here: https://www.youtube.com/watch?v=7gEKmsuJr7s&feature=youtu.be

(other interesting presentations here: https://www.ansible.com/videos-ansiblefest-london-2017 , by the way).

Hope this helps,

Jon

Thanks for the links.

Watching the video, it mentions about storing the Playbook in a Git repo, but nothing about storing the roles in a Git repo.

I’m referring to the files that (by default) sit on “/etc/ansible/roles/”

I, personally, don't store anything under /etc/ansible (other than /etc/ansible/ansible.cfg).

I have a directory in my user home that has the following structure:

ansible/
   - group_vars/
   - hsot_vars/
   - library/
   - roles/
   - inventory
   - playlist1.yml
   - playlist2.yml
   ...

This whole directory is a git repository and I cd to that directory before running ansible-playbook.

So, just like you are suggesting, I can work on the roles or libraries or playlists on a develeopment machine (my workstation) and then I can push the repo and pull it down on the production server from which ansible is normally run.

I don't know that this is the best way, but it certainly works.

Steve

I’m not sure that this would work for us as we might have multiple people using/running the same role so it would need to be a common location (ie not a home folder)

In my case I really only have one or two people that would be running ansible, but I have things set up on a role account, so that anyone that needs to would log into the same account.

Another option, I suppose, would be to include a Makefile or something that "installs" your roles from the git repo to /etc/ansible.

But really, there wouldn't be anything fundamentally wrong with /etc/ansible/roles itself being a git repository, probably.

Steve

Storing roles in home directories is not a problem.
I use a similar setup as Steve Saner.
Different users needs to make sure only two things:
1. Check out a git repo into an 'ansible' directory in their home directory.
2. Everyone has the same .ansible.cfg file in his homedirectory.

Relevant for this exercise:

[defaults]
inventory = ~/ansible/inventory.yml
roles_path = ~/ansible/roles
filter_plugins = ~/ansible/filters

You could even store the .ansible.cfg in the git repo and symlink
that, so to keep everyone with the same specs -YMMV.

Dick

If I recall from the talk, the suggestion was each role would have a git repo of its own, then required roles are loaded using a requirements.yml file
Some talk about this pattern here:
https://stackoverflow.com/questions/25230376/how-to-automatically-install-ansible-galaxy-roles

We don’t have lots of people updating roles at the moment so we have all ansible config in a single source code repo and users pull and update their local copies. As noted you have to change ansible.cfg to pick up roles, library and plugins from relative paths but it works ok for us.

The magic world you have to look for in google is “requirements.yml” Two links… Regards, JYL

We use dot dirs, which makes it necessary to run all jobs from the Ansible directory.

$ grep ‘./’ ansible.cfg
inventory = ./hosts.ini
library = ./library
roles_path = ./roles

We have a repository with all Ansible files and each user using Ansible has to check out a private copy of the Ansible directory. This makes it very easy to implement changes without affecting other people.

We have one repository as our “ansible root” (e.g. /etc/ansible). This repository includes all our roles (as git submodules) that are in separate repositories. This gives a lot of versioning power, but also nice separation.

ll

total 264K
-rw-r–r-- 1 mtersmitten mtersmitten 270 aug 11 10:10 all-3x-kernel-removal.yml
-rw-r–r-- 1 mtersmitten mtersmitten 1,1K aug 3 10:46 all-bootstrap.yml
-rw-r–r-- 1 mtersmitten mtersmitten 79 jan 19 2017 all-debug.yml
-rw-r–r-- 1 mtersmitten mtersmitten 710 mrt 4 2016 all-dns-spf.yml
-rw-r–r-- 1 mtersmitten mtersmitten 249 mrt 4 2016 all-ssh-client-config.yml
-rw-r–r-- 1 mtersmitten mtersmitten 245 mrt 4 2016 all-ssh-keys-scan.yml
-rw-r–r-- 1 mtersmitten mtersmitten 15K jan 17 2017 ansible.cfg
drwxrwxr-x 2 mtersmitten mtersmitten 4,0K sep 4 20:52 bin/
drwxrwxr-x 22 mtersmitten mtersmitten 4,0K aug 3 10:46 files/
drwxrwxr-x 48 mtersmitten mtersmitten 4,0K sep 4 20:52 group_vars/
drwxrwxr-x 28 mtersmitten mtersmitten 4,0K sep 4 20:52 host_vars/
-rwxr-xr-x 1 mtersmitten mtersmitten 4,5K mrt 27 22:32 inventory.py*
-rw-r–r-- 1 mtersmitten mtersmitten 1003 jan 16 2017 Makefile
-rw-r–r-- 1 mtersmitten mtersmitten 50 mrt 4 2016 pylintrc
-rw-r–r-- 1 mtersmitten mtersmitten 117 aug 30 19:31 requirements.txt
drwxrwxr-x 130 mtersmitten mtersmitten 4,0K apr 7 22:10 roles/
drwxr-xr-x 4 mtersmitten mtersmitten 4,0K mrt 4 2016 tasks/
drwxr-xr-x 8 mtersmitten mtersmitten 4,0K mrt 4 2016 templates/
-rw-r–r-- 1 mtersmitten mtersmitten 3,6K aug 3 10:46 tiers-production-app-deploy.yml
-rw-r–r-- 1 mtersmitten mtersmitten 439 mrt 4 2016 tiers-production-app-dns-ptr.yml
-rw-r–r-- 1 mtersmitten mtersmitten 1,4K aug 3 10:46 tiers-production-app-mysql-pt-table-diff.yml
-rw-r–r-- 1 mtersmitten mtersmitten 249 dec 16 2016 tiers-production-app-mysql-reset-root-password.yml
-rw-r–r-- 1 mtersmitten mtersmitten 963 mrt 4 2016 tiers-production-app-mysql-setup-replication.yml
-rw-r–r-- 1 mtersmitten mtersmitten 163 mrt 4 2016 tiers-production-app-mysql-slave-start.yml
-rw-r–r-- 1 mtersmitten mtersmitten 781 dec 16 2016 tiers-production-app-web-maintenance.yml
-rw-r–r-- 1 mtersmitten mtersmitten 1,9K dec 16 2016 tiers-production-app-web-rolling-reboot.yml
-rw-r–r-- 1 mtersmitten mtersmitten 1,7K dec 16 2016 tiers-production-app-web-rolling-update.yml
-rw-r–r-- 1 mtersmitten mtersmitten 2,0K jan 14 2017 tiers-production-app.yml
-rw-r–r-- 1 mtersmitten mtersmitten 422 mrt 4 2016 tiers-production-wordpress-deploy.yml
-rw-r–r-- 1 mtersmitten mtersmitten 1,2K aug 3 10:46 tiers-production-wordpress.yml
-rw-r–r-- 1 mtersmitten mtersmitten 429 aug 3 10:46 tiers-staging.yml

git submodule status

cbeb1ea0e62793a2e4f721c65e18759ba5904a86 roles/adminer (v2.0.3)
eee5903480843a0181af4717d30053d5ae789175 roles/ansible (v1.0.13)
4eec9d3ea5f80475ca7231964959f196c9f9f18e roles/apache-mod-php-53 (v1.1.10)
bd52ffa59a9db6fe75733a2067886d0c238dcbcd roles/apache-mod-php-56 (v3.5.12)
160b66b760331b7049761c6f0aff29ae6324dc3a roles/apache-mod-php-ondrej (heads/master)
751d3e8d9de44f55b36b988b75a3b709112e16ee roles/apparmor (v1.0.9)
051ba5cd4f8dc5cd51acb9066fc177a57a9bbe36 roles/apt (v1.4.9)
d48b84f8096bf2e6b40812c75074aca1d682b665 roles/apt-file (v1.0.8)
31ad38591dbb5406d5db617b437e1f9ac157fba0 roles/autossh-tunnel-client (v1.1.9)
92ac4c1a7792c833bbe7efec5e112c5c1211dc7c roles/autossh-tunnel-server (v1.1.7)
fbe7cb720127868f63c0808f23e8c9448e910089 roles/bash (v2.2.8)
78493825b2a2581cbcc47762c4ac8d710c133304 roles/ca-certificates (v1.0.8)
400772f9bb82514638922c712ecdb0d282f7f1f6 roles/cacti-client (v1.0.7)
ca38e61ee93ec801ab4a913e389a8c192a6cadf9 roles/cacti-rrd-backup (v1.0.8)
f527d7d9659b5b90f78654e9259f8577e619c46d roles/cakephp-queue (v2.0.9)
d7e3264f8eb2f687aa5b533b2e7e9a947adc2090 roles/chrome (v1.0.8)
6ae1b40285368e410e11b13031819bbd231d0c37 roles/common-schema (v1.0.10)
9dd95355e556dc842961dd637c2ff2cda602bd5e roles/composer (v2.0.8)
441c3052af5c5976a20b955a19ffa955a6b0564d roles/conntrack (v1.0.9)
16b662fc25e5c72cb9b1451621a39d2d60b735ca roles/cron-apt (v1.2.8)
6b642f48b2ce9a846cfe826ea9af0a1819606667 roles/deploy-cakephp (v1.1.10)
84b1ae230dc579ea774ad8c2940ee5f65afbcdc8 roles/deploy-wp-themes (v1.0.8)
71350675175baf0a9574d66d8175ca8e18bbe095 roles/dns (v1.0.12)
8194a79fcf96ddd87cd3d2ecdda327f63ec51aea roles/dnsmasq (v1.0.9)
48825ad5bb1f344a17a097487314cb46f8888117 roles/docker (v2.0.13)
df00f3d62731b6289a3ade35a69ea2d370da17e2 roles/docker-compose (v1.9.1)
20be901352e20cd848be5a1dbeaf5c7c0ca296f2 roles/docker-machine (v1.5.5)
33088a734feb393afddc2c6f04da12a66777d746 roles/dropbox (v1.0.10)
aa66344b2b7d46490e0302023c7d806cd6e2eeab roles/duplicity (v1.0.8)
06b7ef00f82e4d6bceb8e38d753a1708c5e57a00 roles/duply (v2.0.9)
1acf8f84d55d2d8a3b3f96fbdc24c65560a6fb50 roles/duply-backup (v1.2.9)
abf0fbea52d5d4dcd04ac74e402d9af31e1abb9b roles/fail2ban (v3.1.2)
f717ac8a07fd867d537fa7550e7abd95f1efea85 roles/fonts (v1.0.8)
9699ae078f0812d71df5f1e5b9fbf0ce27468482 roles/gnu-parallel (v1.0.6)
f4d18c6a99f56dba8424d95b390fc762e3617276 roles/haproxy (v5.2.1)
b0957fbde57857d421dceeec88fbb48b5c0a1040 roles/haproxyctl (v1.0.8)
66114dba8e1cca105015a1a65dd174707697859a roles/haveged (v1.0.8)
ddb7ecabb3fbdf3801d82f9cd1309f8245b9f3ad roles/hipchat (v2.0.6)
e2bae5cffbee5cfa5a57daae411e712451bf0911 roles/hostname (v1.1.6)
14a7bddfaca7221f21c0953d77be9f8807ede532 roles/hp-proliant-support-pack (v1.0.8)
e12f27d87ba6ee3c4291f6a1b5a3a16a066b4d0e roles/htop (v2.0.11)
6c87e4e82a40bd503acb8257ddaaca4b9291d3c5 roles/innotop (v1.0.8)
84583465567d8db556d4886f701c16fe9a64e689 roles/insecure-platform-warning (v1.0.11)
99cc7d33b65542823f1f62aa791fcd37ecc1ded4 roles/insync (v1.0.9)
a5a89b10ca9cdb1dbb47ce72b290ca9ffab22a2d roles/integrit (v1.0.8)
7d01f03e518e6b1ef2f4fcc4a360c4a50c779b82 roles/jenkins (v1.2.6)
5a7a85b3b0f730a7db42af9818b6ea72a825175e roles/keepalived (v2.3.6)
ad95eba2e0cf4dfcef423ac82b01584faeaac232 roles/komodo-ide (v1.0.10)
1a2bd24a2c84df9010df7aea497796c873f97959 roles/latest-git (v1.0.7)
933e8a4f1d34311327020d7a338146656b36d86d roles/limits (v1.1.9)
983037021b4fdd3a8a3e7545fc4adfd336100ad3 roles/locales (v1.0.11)
186e849967e941d8c4ecb882b8ff0e97b452b83f roles/logcheck (v1.1.10)
8f832ec1e128ef648fa15d765af6bb6f9f8f3d36 roles/logrotated (v1.0.12)
49ebae7c44a6560dc051532699af435168bf11ae roles/mailcatcher (v1.0.9)
51748cb2167e7cc712176e7a71c29a68cc956a5d roles/mailhog (v2.0.3)
a1d45998674726b3328978d5d5294e7bba3a9b17 roles/mainwp-crons (v1.0.8)
a9c6e9c4b3e227cbf530b200b780221afa6668bf roles/megacli (v1.0.10)
3e35573b5e70a2d7631967adcbfddbc83ff5f13a roles/memcached (v1.1.11)
fcbd3354d2c907e7ee75836c328eaac0db5af639 roles/memtier-benchmark (v1.0.12)
b0bbc1c30d63433edd6f6bbba537499632cf1f05 roles/mimetex (v1.0.10)
325209c9578c0ff4f69c6db678126a9db0db1f52 roles/mydumper (v1.1.10)
cb49bb5b7134869f129bd2df2847de396ad76a18 roles/mydumper-backup (v2.4.10)
f5bc2f0e9f942913c24f81c06f2e7086c88dbc2c roles/nagios-client (v1.1.8)
a71c08b1e89bca11246830924e8608cb5b2d37a0 roles/nagios-plugin-hipsaint (v1.0.9)
af5c5686f14878019cc135d51905af0420e05b95 roles/nagios-plugin-percona (v1.0.8)
f977a9210d217d081c996daca0c31b795d41178f roles/nagios-server (v1.2.2)
13696ef3a7c978ec83358cdbb1bc6b554643eea8 roles/nano (v2.0.9)
fed91e658510918271d6046208ebf1d77f6f8f02 roles/netbeans-ide (v1.1.9)
fd39ae02352125d146a26404dc2a63bd231fdada roles/netcat (v1.0.9)
da4fbe700288d9cdc801e7feece54a7fd32abdd2 roles/network-interfaces (v1.1.8)
ee9f95f1a8b5f716f1578184d5d7c7a4d286ef02 roles/new-relic-servers (v1.0.10)
fda34f0bf1c9167fc8a540b19c74bd8b10208e19 roles/nginx (heads/initial-working-version)
76e3c2eba97ae0e3328cafb0fd910f680bb6b278 roles/nodejs (v4.0.6)
aeaa1d39252ece2e8bf83407f411e5b492925063 roles/ntp (v1.0.9)
aa6ca788efc7f1d626e342be1b60e2d8a5ef7262 roles/oracle-java (v1.1.9)
414419bf2b7da6e3fbe298df5c82a165d0580425 roles/packer-io (v2.0.8)
52bb8245fdfa796c2137fedb00ab85615becb3ef roles/packer-template (v1.1.2)
dd2fd049e389671c3d9c89c52b3bdd0efaaf9688 roles/percona-client (v2.0.7)
8b4c4077e46584866b13bb855cdd3f9bdcc4e1d1 roles/percona-server (v3.0.8)
863a3bef576019c27b9935b4bbf34e1ed0b706e0 roles/percona-server-tools (v2.2.9)
2da53fff52515e80b54392e267ecc382da791af3 roles/percona-toolkit (v1.1.10)
4c63e31944223ac53dabfece08f2be3d203e09e0 roles/pflogsumm (v1.0.8)
ee77aa3b76bf7cd64381ba365ef210d827fa6e7f roles/php-56-cli (v2.1.7)
088bc8872c96146930948aa001726727ce588795 roles/php-cli-ondrej (v2.1.12)
cf261a430a98b5abfd7f7e94cc14c03308713e59 roles/phpmemcachedadmin (v1.0.10)
5c5a29fd6864435f675b7ac171cf0b0da0f2771e roles/phpredis (v1.1.12)
4715600f502e7d89eb5726d5299fe878fd91c5ae roles/phpstorm (v1.0.9)
169da15c64cc388204fc8d7574702906c47fdb0c roles/pip (v2.0.6)
84016ffa80b0fe39b1bea1c2c2956f0a00347de0 roles/postfix (v2.1.2)
4117710325a3306e92c36a5acdf216f458a2f69e roles/pycharm (v1.0.9)
fcd129a0189f8433d62c4ed44daea4a5d59781f3 roles/r (v1.2.10)
ca9b7872e0ed6caa72cb44e8f9d61fd41cfe5cd3 roles/rc-local (v1.0.7)
24168041e4629ca91306a54142d03c16775c2922 roles/redis (v2.0.12)
fd665c992c66894ea45f135fc86cc8e0bc3c512a roles/rstudio (v2.0.13)
1bb71a0166e45a6c20ec6b31b02a929e625e63bb roles/rstudio-server (v2.0.12)
87ced2f07c26a93e7886f8f4e27cd33c6dc43704 roles/rsync-sync (v1.2.9)
99a389b5f7ab30644f378299df7601746d3c8ac8 roles/rsyslog (v3.1.7)
4d5b5cd41cd9c394aaf9c21abccbab5fd1b83430 roles/screen (v2.0.9)
ac92dcdfaea134f65e26a04c3ea06f32486f4bfe roles/serve-branch (v1.0.12)
e8e6f4e9ac0c91be3c7746169ae344e3e36fd07a roles/siege (v1.1.9)
66048e6725721be59b05a6d8b089442b8ed0f11d roles/slack (v1.5.8)
7e205dbcad8ea0b5ac722bb9b5cb25ca22735aa7 roles/snmpd (v1.1.11)
6737ce054bee2003db2b5ae9e5c1774c11fe3431 roles/socat (v1.0.9)
336c53dba6bb07a6c84894b84eaa38e753eba0c2 roles/ssh-client (v1.0.11)
edb342f23f4fe8079735759cec94d08e0d4ce2a8 roles/ssh-keys (v2.0.10)
99b14add7d0b46bfcea73e8adb9a36dc464f3359 roles/ssh-server (v1.0.10)
2bab463d4fff0ad47f95e4a72fbc9fa8961c5341 roles/sudoers (v2.0.6)
9c00f34f877dc5bd2cac4b6d5948ca9c2b4a5c89 roles/supervisor (v1.9.6)
451558dc72759a57e954b7045979d3cdf3f3e765 roles/swapfile (v1.0.10)
d8a9a5dcbfc098c51e1218d8e058647f34209920 roles/sysctl (v1.0.10)
a576bffe5f9f6a1249a52e47c800c896a006e108 roles/sysfs (v1.0.8)
a2ef189b8d1c17b8a9b04028654ad16028b1d7fd roles/timezone (v1.0.13)
f79973d7426c2ceed19375ceef3db4d59c4ffab3 roles/top (v2.0.9)
86fad60ffd27b69bf214a19553ceed2b3e9cef5c roles/tsocks (v1.0.8)
66674cc5050a8995522f846d64e7de7349569f49 roles/twisted-connect-proxy (v1.1.8)
a1e01028d2a92e00010065998c93341b526f9836 roles/ufw (v3.0.7)
dbfd51e9f22bcc452c72afe27b11bd0a1337b3fd roles/updatedb (v1.0.8)
e77d8d06cb85ea1a3f8ccb4e7ff295eb7d897088 roles/user (v1.1.7)
f83ce85f73116c3661f8242f0691a6bfab5fa692 roles/vagrant (v1.1.12)
2e9b2f936203ac0d671cb58e4b1bb4c92d1e90ef roles/vim (v2.0.9)
85921c61682c3421c0d25ed4131501f700289eb6 roles/virtualbox (v1.0.12)
2590cddfa5a636ef6c9ba718acf79c20c7f2e753 roles/virtualenv (v1.0.11)
81e2b8110134ec2d1cf56e0dd949c5f082dc91a4 roles/wordpress (v4.5.10)
b6a2420dd4024d439a13d2dbb9f274771c5c8bc4 roles/wordpress-dev-sync-client (v1.0.6)
c569453a1c102aaf1b0d6e16f15979c434ca68df roles/wordpress-dev-sync-server (v1.0.6)
5cef00efb202380e6a3680f82f0a82af9985dc0c roles/xxhash (v1.0.11)
65b7736cf0b8678fd1f23909109ed54bd181f8c7 roles/yarn (v1.0.9)
b8fd34bb01cd7e7d755575a72cf1067e6782148a roles/zend-opcache-dashboards (v1.0.8)

git submodule foreach git remote -v

Entering ‘roles/adminer’
origin git@github.com:Oefenweb/ansible-adminer.git (fetch)
origin git@github.com:Oefenweb/ansible-adminer.git (push)
Entering ‘roles/ansible’
origin git@github.com:Oefenweb/ansible-ansible.git (fetch)
origin git@github.com:Oefenweb/ansible-ansible.git (push)

I hope this gives some insight