How to arrange structure for the case multiple projects

According to Ansible Configuration Settings,

Changes can be made and used in a configuration file which will be searched for in the following order:

  • ANSIBLE_CONFIG (environment variable if set)
  • ansible.cfg (in the current directory)
  • ~/.ansible.cfg (in the home directory)
  • /etc/ansible/ansible.cfg

Ansible will process the above list and use the first file found, all others are ignored.


@utoddl I tried but it didn’t apply.

In my project, I need php role, mysql role, and laravel role. I put php role and mysql role in another repository.
In the case the main content of a laravel role (each project is different )as the following

- name: Clone a github repository
     repo: https://.....git
     dest: /var/www/html/name-app
     clone: true
     update: true
 - name: "Copy env file"
     src: ".env"
     dest: "/var/www/html/name-app/php/.env"
 - name: Make sure the remote app root exists and has the right permissions
     path: "/var/www"
     state: directory
     mode: '0777'

 - name: chmod php folder
     path: "/var/www/html/name-app/php"
     state: directory
     mode: '0777'
     recurse: yes

 - name: change permission vendor folder
     path: /var/www/html/name-app/php
     owner: apache
     group: apache
 - name: download composer
     dest: /tmp/installer
 - name: install composer
   shell: cat /tmp/installer | php -- --install-dir=/usr/local/bin
 - name: rename composer.phar to composer
   shell: mv /usr/local/bin/composer.phar /usr/local/bin/composer
 - name: make composer executable
     path: /usr/local/bin/composer
     mode: a+x
     state: file
 - name: composer install
   become: no
   shell: "cd /var/www/html/name-app/php; /usr/local/bin/composer install --ignore-platform-reqs "
 - name: Cache the configuration
   command: php artisan optimize:clear
     chdir: /var/www/html/name-app/php
 - name: Clear the view cache
   command: php artisan view:clear
     chdir: /var/www/html/name-app/php
 - name: run migrate
   command: php artisan migrate
     chdir: /var/www/html/name-app/php
 - name: Run db seed
   command: php artisan db:seed
     chdir: /var/www/html/name-app/php  
 - name: "Copy httpd config file"
     src: "httpd.conf"
     dest: "/etc/httpd/conf/httpd.conf"

 - name: Restart Apache
     name: httpd
     state: restarted

Where should we put this role?

It’s not applying because of:

Ansible is being run in a world writable directory

It means your config file permissions allows for anyone to modify them, thus making it “unsafe”.

It’s more tricky in your case, because you seem to access this file from a Windows filesystem mounted in your WSL VM IIRC, and I don’t quite remember how it works, but filesystems mounted this way are world readable, from my previous experience at least. Here is a documentation I haven’t read you might find useful: File Permissions for WSL | Microsoft Learn.

Multiple ways to address it; you could either change your config file path, avoid having to use one in the first place, clone your repo elsewhere on your filesystem or see if you can “fix” your mountpoint permissions.


First off it can’t be your whole role structure, as you listed only what seems to be the content of tasks/main.yml file. Also, there seems to be an indentation issue, though it might just be a bad paste.

Where should we put this role?

As @utoddl made it clear, there are multiple ways to achieve what you want with Ansible, so I’ll only speak for myself; as stated in a previous message, I usually put each role in its own repo, for reuse value across projects. I’ll direct you again to @chris provided examples, as I do pretty much the same.

Now if you ask specifically ‘where ?’, just pick an appropriate git hosting that fits your needs, is publicly accessible from Internet if you’d like public exposure, and perhaps push your roles to Ansible Galaxy as well, if you’d like them to be listed there.


@chris Why on this your project also has .sh file?

I sometimes write Bash scripts to run Ansible for common tasks, for example a to update the roles:

#!/usr/bin/env bash

if [[ "${1}" ]]; then
  ansible-galaxy install -r requirements.yml --force "${1}"
  ansible-galaxy install -r requirements.yml --force

If you like that sort of script, you may want to look at my update-me script.

$ update-me -h
Usage: update-me [-h] [-q] [-p] [-f] [-d] [-x]

Bring local branches up-to-date with their corresponding remotes.
If there are any roles/requirements.yml or collections/requirements.yml
files in the current branch, then use the ansible-galaxy command
to pull those requirements in as well.

  -h   Help: this text
  -q   Quick: skip processing of requirements.yml files.
  -p   Include "-p ./roles/" or "-p ./collections/" on ansible-galaxy commands.
  -f   Include "--force" on ansible-galaxy commands.
  -d   Debug: enables more diagnostic messages.
  -x   Sets the -x flag; eXtremely verbose messaging

The companion script update-all runs update-me on a set of local repos in parallel. It’s a little too familiar with our work environment, but it shouldn’t take more than a few minutes for someone to get it to work elsewhere.

$ update-all -h
Usage: update-all [-h] [-q] [-p] [-f] [-t THREADS]

This progresses through all the git repos in the current directory and runs
the adjacent "update-me" script on each of them.

  -h   Help: this text
  -q   Quick: skip processing of requirements.yml files by passing
       the '-q' flag to "update-me".
  -p   Pass the '-p' flag to "update-me" to include "-p ./roles/"
       or "-p ./collections/" on ansible-galaxy commands.
  -f   Pass the '-f' flag to "update-me" to include "--force"
       on ansible-galaxy commands.
  -d   Debug: enables additional diagnostic messages
  -t THREADS Max number of projects to update simultaneously (default: 8)

Why in this command has the option --force?
Use use .sh file to run automation in github action?

To ensure that all the roles are updated:

ansible-galaxy install --help | grep -e " --force "
  -f, --force           Force overwriting an existing role or collection