It’s great that I can easily pull in different roles into my playbooks. By default, anything under tasks/main will get run (usually as an installation process). I was wondering if there were any best practices for packaging a list of uninstall tasks within the role as well to undo any changes that were done in the installation process.
One thought was to have my main task file in my role to have something like:
Generally uninstalls aren’t frequent.
The reason for this is you don’t know what software someone manually installed that you don’t want present.
One method might be to have a list of packages in something like group_vars/ called “uninstall_packages”
and then just:
Which would be a reasonable solution.
We do somewhat similar things in our Tower install playbooks when we no longer use a particular subcomponent.
Ok, thanks for the suggestion. I’ve gone through a few different iterations of ideas and I think I’m just going to punt on the problem and assume we’re going to be using phoenix servers most of the time. It would have helped to be able to include a role and be able to pass the tagged tasks to run or to skip. For example:
roles:
That way, you can just run the playbook as is, but don’t have to pass a whole lot of flags in from the command line which may conflict across roles anyways.
Thanks,
Trevor
Roles do not have a “run_tags” or a “skip_tags” – the “tags” on a role will apply the tag to anything in the role, as it should.
–tags and --skip-tags are arguments to ansible-playbook.
I wouldn’t teach a role to uninstall itself in most cases.
In most cases, you want to be able to rebuild that system from scratch, so if you had to undo something of that severity, you would use ansible to rebuild the box.
For simpler things, just maintain a list of packages to remove, that should be sufficient. And maybe users.
Yeah, I agree. I’m finding the use case for uninstalling software to be rare and much harder than just building a new machine from scratch.
I am finding, though, that it would be helpful to be able to choose what tags to be run or skipped for a role, though, by specifying it when writing a playbook, rather than via the command line.
For instance, I could write a role for a piece of software that allows it to be installed for apache or nginx. The different configs should be with the role, but at playbook writing time, it would be very useful to be able to choose what tagged tasks to run for that group of hosts. For instance:
— inventory.ini —
[groupA]
apache01
apache02
[groupN]
nginx01
nginx02
— deploy_mysoftware.yml —
hosts: groupA
roles:
{ role: mysoftware, run_tasks: install,config_apache }
{ role: apache, run_tasks: restart_service }
hosts: groupN
roles:
{ role: mysoftware, run_tasks: install,config_nginx }
{ role: nginx, run_tasks: restart_service }
With this playbook, I could easy write ansible-playbook deploy_mysoftware.yml -i myinventory to deploy my software and restart the appropriate services depending on the server group. This is nice and compact. In addition, if something gets changed in the software’s interaction with the webserver software, I can just update the mysoftware role config templates and everything is good. This allows roles to be more rich in the set of tasks they need to accomplish, yet gives the flexibility to run only a portion of those tasks.
I think one solution would be probably to create a mysoftware role, plus a mysoftware_nginx and mysoftware_apache role, which then begins to disassociate code and configs that should probably be more closely coupled together. Also the restarting of the service task could not be singled out from the installation of it. I think one would probably have to create a separate role for just restarting the service, or would have to duplicate those tasks across playbooks.
An alternate solution would be to pass --tags and --skip-tags via the command line, but then I have to make sure I don’t accidentally mistype something, or I write a two liner script that just calls ansible-playbook with the right arguments (requiring yet another file). That wouldn’t solve the problem, though, if two roles end up using the same tags, such as ‘install’, which is very common. The playbook without run_tasks would be:
— deploy_mysoftware.yml —
hosts: groupA
roles:
{ role: mysoftware }
{ role: apache }
hosts: groupN
roles:
{ role: mysoftware }
{ role: nginx }
In the above example, I wouldn’t be able to write ansible-playbook deploy_mysoftware.yml -i myinventory --tags=install,config_apache,config_nginx,restart_service because the config_apache,config_nginx would end up getting applied to both groupA and groupN and install would get applied to apache and nginx, which is not the desired outcome of that particular playbook.
Thanks,
Trevor