Ansible Roles Overview
Ansible Roles
Ansible roles provide a method for loading certain vars_files, tasks, and handlers based on a known file structure. Grouping content by roles also allows easy sharing of roles with other users. In this way roles behave like libraries, modular components that are configurable and reusable in a variety of ways.
What are Ansible Roles?
Roles are predefined sets of automated plays driven by variables, which automatically load certain vars_files, tasks, and handlers based on a known file structure. Roles can be dropped into Ansible PlayBooks and immediately put to work.
Supported roles are defined in the ansible_playbooks repository using the roles/requirements.yml file.
Requirements file
the requirements.yml file is used to install roles from git repositories, published public collections, and Ansible Galaxy and is supported natively by the command-line tools, the ansible-galaxy command, and the ansible-playbook command, as well as through AWX.
Example:
---
roles:
- src: https://github.com/optum-omnichannel/ansible_role_dns.git # Can be a git repository URL, local path, or galaxy name
scm: git # Can be git, hg, or svn
name: sre_dns # Name of the role to be used in the playbook
version: stable # Version of the role to be used - we use a "stable" tag for all roles release versions and "latest" for development versions. This ensures that we don't accidentally pull in a development version of a role when we don't want to.
Role Directory Structure
An Ansible role has a predefined directory structure. A role directory structure contains directories: defaults, vars, tasks, files, templates, meta, handlers, etc. Each directory must contain a main.yml file which contains relevant content. All roles are built from `ansible_role_template`` and follow the same directory structure.
Using Roles
Roles can be used in three ways:
-
Role can be called in a playbook.
--- - hosts: all roles: - sre_dns -
A role's specific tasks can be called in a playbook if only a subset of the role's tasks are needed.
--- - hosts: all tasks: - include_role: name: sre_dns tasks_from: create_alias.yml -
Role can be assigned to a host. This is useful when you want to assign a role to a specific host or group of hosts.
---
- hosts: all
roles:
- { role: sre_dns, when: "'dns' in group_names" } # This will only run the role on hosts in the "dns" group
Role Dependencies
Roles can also be dependent on other roles. The role dependencies are defined in the meta/main.yml file in the role directory. This is useful when you want to run a role that depends on another role. For example, if you want to run a role that installs a package, you can define a dependency on the role that installs the package. This ensures that the package is installed before the role that depends on it is run.
Sharing Roles
Ansible roles can be shared via git repositories, or bundled into a collection and published to a repository. Roles can also be consumed from Ansible Galaxy, a site for the community to share roles. You can also use a shared playbooks repository to share and reuse Ansible roles.
Conclusion
Ansible roles are a powerful feature that enable reusability, segregation of duties, and organization of playbook content. They are a fundamental part of Ansible, and understanding them is essential to mastering it. For more information on Ansible roles, see the Ansible documentation.