Listing a host's roles

Hi.

Is there any way to obtain the list of roles a Host will be playing ?
Something in the same idea as --list-tasks.

In the same way, being able to list the groups of a host, from outside a play (i.e… at the command line) would be nice (parsing the host file can become messy real quick).

Thanks.
raphael.

Yes, the variable “role_names” contains a list of all role names, as of a 3/11 addition by Brian Coca.

You’ll need the development branch.

However in most cases (but not always), it’s not needed — plays are intended to map groups to roles, so it’s intended that tests are applied against group membership most of the time.

  • hosts: webservers
    roles:
  • base
  • webserver
  • monitored

Thus if you were doing an iptables template:

{% if inventory_hostname in groups.webservers %}

Is equivalent to:

{% if ‘webserver’ in role_names %}

If all machines were to be monitored, it might be nice to even say this:

  • host: all
    roles:

  • base

  • host: webservers
    roles:

  • webserver

  • host: all
    roles:

  • monitored

Thanks Michael

Nice addition, fresh out of the press.
Is there a way ti access it from outside the run of the playbook, like
we do --list-tasks.

My use case is testing the play books with spec and serverspec.
I'd like my test suit to be automated:
"for a given host, here is the list of roles that have been applied,
test each of them".

Or, as you said, a list of groups per host, roles per play, and I can
do the mapping myself.

(that being said, the role_names will come handy too).

raphael.

Thanks Michael

Nice addition, fresh out of the press.
Is there a way ti access it from outside the run of the playbook, like
we do --list-tasks.

There's not.

My use case is testing the play books with spec and serverspec.
I'd like my test suit to be automated:
"for a given host, here is the list of roles that have been applied,
test each of them".

Nope. Though you could --list-tasks and parse out the role names, I
guess, or even write a playbook that walked the list of things and
generated a config file.

I am generally of the opinion that a need for server-spec to verify that
Ansible set basic things like file permissions correctly is a sign that
Ansible *does not work* (which it does) and that it's easier to just call a
test script as the last per-host action in your playbook, so that the
playbook returns a proper failure code and fails the host. What should
be tested is whether the application is running, not that there are 1:1
tests for every step in the playbook -- which is a crazy large amount of
extra work for not much more value add. But that's me giving a public
service announcement and everyone is welcome to do what they want :slight_smile:

Is there a way to access it from outside the run of the playbook, like
we do --list-tasks.

There's not.

Well, at least I can stop searching :slight_smile:

My use case is testing the play books with spec and serverspec.
I'd like my test suit to be automated:
"for a given host, here is the list of roles that have been applied,
test each of them".

Nope. Though you could --list-tasks and parse out the role names, I
guess, or even write a playbook that walked the list of things and generated
a config file.

IIRC, list-tasks doesn't output the role names, only the targeted group.
This would be a simple solution to this need, though.
Calling a play to generate it might work. I'll try.

I am generally of the opinion that a need for server-spec to verify that
Ansible set basic things like file permissions correctly is a sign that
Ansible *does not work* (which it does) and that it's easier to just call a
test script as the last per-host action in your playbook, so that the
playbook returns a proper failure code and fails the host. What should be
tested is whether the application is running, not that there are 1:1 tests
for every step in the playbook -- which is a crazy large amount of extra
work for not much more value add. But that's me giving a public service
announcement and everyone is welcome to do what they want :slight_smile:

I completely agree.
We look for other things in our test:
- good integration of all the pieces: more service level than app
- no regression: there are 5 of us committing regularly, on several
different configs for very different client setups
- human error
It also brings a better overall understanding and forces to ask
questions differently.

But we are not testing Ansible itself, as you said, it knows how to
set permissions on a file :slight_smile:

Thanks again.
raphael.

>> Is there a way to access it from outside the run of the playbook, like
>> we do --list-tasks.
> There's not.
IIRC, list-tasks doesn't output the role names, only the targeted group.
This would be a simple solution to this need, though.
Calling a play to generate it might work. I'll try.

Oh yeah, this is a thing. The role is added before the task, but not in
--list-tasks yet. There's an open ticket, if I recall correctly.

> I am generally of the opinion that a need for server-spec to verify that
> Ansible set basic things like file permissions correctly is a sign that
> Ansible *does not work* (which it does) and that it's easier to just
call a
> test script as the last per-host action in your playbook, so that the
> playbook returns a proper failure code and fails the host. What
should be
> tested is whether the application is running, not that there are 1:1
tests
> for every step in the playbook -- which is a crazy large amount of extra
> work for not much more value add. But that's me giving a public
service
> announcement and everyone is welcome to do what they want :slight_smile:

I completely agree.
We look for other things in our test:
- good integration of all the pieces: more service level than app
- no regression: there are 5 of us committing regularly, on several
different configs for very different client setups
- human error
It also brings a better overall understanding and forces to ask
questions differently.

But we are not testing Ansible itself, as you said, it knows how to
set permissions on a file :slight_smile:

Excellent. I see so many painful-looking Server Spec posts on the internet
it's good to be seeing it used to do more useful testing than that -- but I
should know that's just part of the internet :slight_smile:

I would hate to feel if people thought they had to write 2x the
instructions for every task in Ansible land.

Good deal!