Hi
I currently notice some problems without role structure in Ansible and think that we might not have defined a logical separation of responsibility of the roles. Currently, two scenarios do not work smoothly, indicating a structure-smell.
Our roles are currently separated by their specific functionality. Example, we have “jump-server” and “backup” as roles. These have their own tasks which will setup all dependencies that are needed to get to the result of, for example, a “backup” server.
Now, it can happen that a specific role does overwrite or extend a task that is already defined in the “common” role. For example, the “SSHD” config can be overwritten or the “authorized_keys” can be extended.
In both of these cases, I would have the problem the “common” role always resetting the state of the specialized role. Thus always resulting in “changed”, whereas the summation state (summation of all the roles on the server) is actually already present.
This makes me think that defining modules in multiple places where they have a cross-over, should be avoided.
My question is: did you experience this same issue and what directions would you suggest for this? I hope my question makes sense as it quite hard to explain as it might be a underlying structural problem of how we have set it up.
Something that could fix this, is maybe by hosts specific variables and to only apply it once (so define the module once). As this answer kind of shows https://stackoverflow.com/a/55670416/2491420