is there a way to exit an included file but continue the play?

Archives Ansible Project
1

I’ve developed a style where I use a lot of includes of small snippets to assemble bigger plays.
I’d like to be able to do a test a condition at the top of an include, and skip the rest of the include if the condition is not met.
I know I can do this with blocks, but a “return” or “continue” style function is quicker (and probably slightly more readable).

2

I’d tend to say that your approach isn’t the best use of Ansible, as, whichever solution you’ll find, you’ll end with a lot of skipped tasks in your output, making it difficult to understand what is happening.

This said, you could split each snippet in two snippets, where the first one is included by your big playbook and includes the 2nd one only “when” it fits.

But again, re-think your approach, it doesn’t sound like a good idea:

  • roles have been invented for a reason…

  • I always try to replace the typical include/when: somevariable has somevalue pattern with include {{somevariable}}.yml to avoid all those skips.

KR, Eric

3

But again, re-think your approach, it doesn’t sound like a good idea:

  • roles have been invented for a reason…

  • I always try to replace the typical include/when: somevariable has somevalue pattern with include {{somevariable}}.yml to avoid all those skips

Roles are not a good fit for me.
Ansible, on the other hand is a good fit for me.
Biggest mismatch, from what I see ansible is being geared at cloud infrastructure at scale, being able to mint new servers at will, where the needs are tightly defined and narrowly focused.
But my needs are corralling an existing infrastructure. Some details:

  • smallish mid-size infrastructure (currently just over 100 servers in inventory)
  • many of the servers are pre-built, and cannot easily be rebuilt (much disruption that I do not have the authority to impose).
  • Platforms are (assuming homogeneous linux) pretty heterogeneous. There are 4 distributions, and several major releases for each distro. Plus the quirks of several different admin styles.

Ansible is great for this:

  • Is very well suited for incremental improvements
  • “Lightweight” (AKA only ssh requirement) means it works on older servers.
    It allows me to progressively coral this, and at the same time have new builds in a more structured fashion
  • We have to support a variety of vendor requirements. This works against cookie cutter standards
  • We run almost no load balanced, cookie cutter servers.

Roles are well suited to cookie cutter needs. But they have real problems:

  • It’s almost impossible to completely abstract away platform details. “Apache Web Server” means something quite different in a Debian/Ubuntu world then in a Redhat/Centos/Suse world. Most Galaxy roles have this problem, either a) not supporting needed platforms, b) or too much complexity in setup.
  • Roles tend to be “God Objects”. I want a lighter weight role, a “snippet” approach. I can much more easily debug and apply shorter bits of setup. To extend the above, “Base Apache Install” is much easier to incorporate into a complete setup. This is basically “Composition over inheritance” to which I can add “Base SSL”, “Certbot SSL”, “Varnish proxied” etc.
  • I’ve an additional issue (more minor) in that our shop is mostly Suse, and ansible (and indeed all the major player in config management/orchestration) focus on Ubuntu and Redhat/Centos.
    I’ve had much better luck with re-using smaller snippets of shorter code then roles.

This is probably falling on deaf ears (for which I’m sorry) but I thought it might be worthwhile to let you good folks know :slight_smile: