Calling the same role from multiple playbooks

Archives Ansible Project
1

Hello All.
I am trying to solve the following issue.

  • I have a SSSD role which configures my target machine via a .j2 template which contains a bunch of stuff, including the ldap_access_filter parameter.

  • I also have playbooks organized hierarchically:

00-base.yml calls only playbooks (01-xxxx, 02-yyy, 03-zzz, etc.)

01-xxxx is called first, and sets up common stuff for all my machines (like basic firewall rules, subscription to satellite, etc.), including the configuration of sssd with the LDAP group that we use to administer our servers.

03-zzzz is a specialized playbook, that only applies to one or few instances. This playbook also needs to push additional LDAP groups so that people in those groups will be able to SSH into the target.

My problem is: if I call the SSSD role twice (playbook 01 and 03), the second configuration will wipe out the “01” one, effectively removing the LDAP group that was added initially.

I would like the 2 configurations to “merge” together so that the final configuration file will contain the LDAP groups defined in 01 and 03.

How would I accomplish this?

Thank you,
Claudio

2

Use the assemble module
https://docs.ansible.com/ansible/latest/modules/assemble_module.html

3

Have you had a look at https://docs.ansible.com/ansible/latest/user_guide/playbooks_advanced_syntax.html#yaml-anchors-and-aliases-sharing-variable-values?

4

I do not see on how either one of those solutions would work.

The assemble module concatenates files. My configuration needs to be merged, not concatenated…

5

I do not see on how either one of those solutions would work.

The assemble module concatenates files. My configuration needs to be merged, not concatenated…

6

Well, you wrote "merge" but you did not specify how you would like it to be "merged".
"Merge" and concatenate share a lot of the same synonyms so concatenation was a valid answer like 10 others would be.

It you would like a more precise answer you should give more precise information about what exactly what you are trying to do.

7

My apologies if I was not clear.

Here is a better description (I hope!).

Let’s say there are 2 playbooks.

Playbook 1 does a bunch of stuff, including calling a role that sets the SSSD.conf with default settings, including the ldap_access_filter settings.

Then, playbook one “calls” playbook 2 to add additional “specialized” settings. However, also playbook 2 will need to change the sssd.conf, adding additional groups to the ldap_access_filter parameter.

If I call again the role that sets up sssd, then the settings that were applied by Playbook1 get overwritten by the ones in Playbook2.

I am stuck. I would like to keep the information in both playbooks and have a final sssd.conf that contains all the ldap groups declared.

I hope this makes sense.

please help! :slight_smile:

Thank you,
Claudio

8

Let's try to minimise the problem. For example,

1) playbook A applies variable LDAP_data_A
2) merge LDAP_data_A and LDAP_data_B into LDAP_data
3) playbook B applies variable LDAP_data

Is this the scenario you're looking for? To proceed with the details post
minimal examples of LDAP_data_A and LDAP_data_B. Post minimal example of the
task (probably ldap_attr ?).

HTH,

  -vlado

9

Hi,

Have you looked at ansible merge vars plugin?? We use this extensively with roles and it works well.

https://pypi.org/project/ansible-merge-vars/

Cheers
Steve

10

Do you have a practical example?

I am new here :blush:

11

Ok so here is what I tried.

4 playbooks.

  • 00.yml just calls 3 other playbooks:

  • import_playbook: ‘/opt/ansible/playbook/test/01.yml’

  • import_playbook: ‘/opt/ansible/playbook/test/02.yml’

  • import_playbook: ‘/opt/ansible/playbook/test/03.yml’

01.yml: