I have a problem that I want to execute only tasks with certain tags from a playbook, but this does not work.

My playbook looks as follows:

playbook.yml

• hosts: appservers
  remote_user: myuser
  roles:
• { role: tmp, tags: update }

The tmp role task file looks as follows:

roles/tmp/tasks/main.yml

• name: Test 1
  debug: msg=“Test 1”
  tags: anothertag

• name: Test 2
  debug: msg=“Test 2”
  tags: update

If I execute the playbook with

ansible-playbook -i inventory/test playbook.yml

or

ansible-playbook -i inventory/test playbook.yml --tags=update

all two tasks are executed both times.
I do not want task “Test 1” to be executed.

I can achieve this by running ansible-playbook with the option --skip-tags=anothertag, but this not what I want.
Do you know how I can get that to work or where my scripts are erroneous?

Thanks,
Michael

I think I found the problem in my code:

If I include the role tmp in my playbook using

• { role: tmp, tags: update }

it seems like all tasks of the role are executed, and the tags are not respected.

If I put the role in the playbook without denoting a tag, the tags are respected if specified in the ansible-playbook command, e.g. using --tags “update”

Is this intended behaviour or a bug?

When you use tags you are selecting what to execute. There are no “negative tags”.

Both tags above have been applied with “update”, and you’ve requested all things with update to run.

Hi,

Thanks for pointing that out. I understood the concept now (specifying a tag to a role means flagging all role’s tasks with the tag).
The reason why I wanted to do it differently is because of the following scenario:

Assume you have tasks in two different roles. First, you want to execute a subset of tasks in the roles (e.g. Checks before an update), then you want to execute another subset (e.g. The actual update).

If roles belong to different entities of the infrastructure, and all tasks of one role are located in its main.yml task file, I wanted to execute tasks this way: first all tasks tagged with checkupdate, then all tasks with update. The first update task should only be executed if all checkupdate tasks suceeded.

While I can concatenate playbooks (one for checkupdate, one for update), I haven’t found a way to execute the tasks from a single playbook.

However (if you dont correct me on this), I came to the conclusion, that my role setup was wrong from the start. Or putting it in another way, I wanted an execution order of tasks in the way RoleA: T1a, RoleA: T2a, RoleB: T1b, RoleA: T3a, …
I guess I should refactor my roles so that the checkupdate tasks are be tagged as update instead and executed first, and it should not matter if role A is completely executed before role B…?

Anyway, thanks again for your clarification.

Not sure what you are getting at with all the T1a stuff.

Generally speaking your playbooks should be written if extra steps are done, nothing changes, and things don’t matter.

For instance, a step that ensures a service is running, if it has nothing to do, does nothing.

The same should be true of steps that use shell and command modules, they should be guarded with conditionals or the creates= or remotes= parameters to allow for repeated runs of extra steps at any time.