Comments (4)
ansibot
commented on June 1, 2024
Files identified in the description:
If these files are incorrect, please update the component name section of the description or use the component bot command.
from ansible.
sivel
commented on June 1, 2024
I cannot reproduce with the information you have provided. When describing actual behavior it is best to actually provide the output. Additionally, a full reproducer is needed, otherwise we have to make assumptions about how to reconstruct something we've never seen, with missing output.
It should be noted that adding tags to an include only tags the include itself, and not the tasks within. So unless there is more information concerning the tagging of the tasks within, this playbook is a noop effectively.
That aside, includes work exactly as you desire. If the tag doesn't match, the include never happens, and nothing within the role is evaluated.
Much more information is required for us to have any clue what is going on in your actual playbooks.
from ansible.
jangel97
commented on June 1, 2024
Hello @sivel,
Thank you for your quick reply and please do not hesitate to let me know if anything else is needed.
I'm finding an issue while executing a playbook designed to configure various system aspects. Here's the playbook in question:
# base_configuration.yml
---
- hosts: all
become: true
become_method: sudo
become_user: root
collections:
- community.hashi_vault
vars:
override_ipaclient_force_join: false
force_clevis_update: false
pre_tasks:
- name: Write to log
community.general.syslogger:
msg: Base configuration
ident: "<<<=== AAP ===>>>"
priority: notice
facility: user
roles:
- role: redhatit.subscriptionmanager_wrap
when: no_sat6_registration is undefined
tags: subscription_manager
- role: redhatit.root_pw
when: no_root_pw is undefined
tags: root_password
- role: redhatit.motd
when: no_motd is undefined
tags: motd
- role: redhatit.bash_prompt
when: no_bash_prompt is undefined
tags: bash_prompt
- role: redhatit.ca-trust
when: no_ca_trust is undefined
tags: ca_trust
- role: redhatit.bluetooth_disable
when: no_bluetooth_disable is undefined
tags: bluetooth_disable
- role: redhatit.auditd
when: no_auditd is undefined
tags: auditd
- role: redhatit.logrotate
when: no_logrotate is undefined
tags: logrotate
- role: redhatit.custom-policy-tune
when: no_custom_policy_tune is undefined
tags: custom_policy_tune
- role: redhatit.common-tooling
when: no_common_tooling is undefined
tags: common_tooling
- role: redhatit.software_update
when: no_software_update is undefined
tags: software_update
- role: redhatit.ipaclient_wrap
when: no_ipaclient_wrap is undefined
tags: ipa_client
- role: redhatit.sshd_wrap
when: no_sshd_wrap is undefined
tags: sshd_wrap
- role: redhatit.splunk_client
vars:
splunk_skip_repo: true
when: no_splunk_client is undefined
tags: splunk_client
- role: redhatit.signalfx_otel_collector_wrap
vars:
signalfx_extraDimensions:
appcode: "{{ inventory_hostname.split('.')[1] | upper }}"
sfx_skip_repo: true
when: no_signalfx_smart_agent_wrap is undefined
tags: signalfx_otel_collector
- role: redhatit.sshd_remedy
when: no_sshd_remedy is undefined
tags: sshd_remedy
- role: redhatit.sudo
when: itiam_sudoers is defined
tags: sudo
- role: redhatit.crypto-policies
when:
- no_crypto_policies is undefined
- ansible_distribution_major_version >= '8'
tags: crypto-policies
- role: qualys-cloud-agent
when:
- no_qualys_agent is undefined
- qualys_activation_id | default('', true)
- qualys_customer_id | default('', true)
tags: qualys-cloud-agent
tasks:
- name: "NTP configuration"
ansible.builtin.include_tasks: tasks/timesync.yml
when: no_ntp is undefined
tags: ntp
- name: "SELinux configuration"
ansible.builtin.include_tasks: tasks/selinux.yml
when: no_selinux is undefined
tags: selinux
- name: "Journald configuration"
ansible.builtin.include_tasks: tasks/journald.yml
when: no_journald is undefined
tags: journald
- name: "Postfix configuration"
ansible.builtin.include_tasks: tasks/postfix.yml
when: no_postfix is undefined
tags: postfix
- name: "Kernel network configuration"
ansible.builtin.include_tasks: tasks/network-kernel.yml
when: no_network_kernel is undefined
tags: network_kernel
- name: "Grub configuration"
ansible.builtin.include_tasks: tasks/grub.yml
when: no_grub_config is undefined
tags: grub
- name: "Firewalld configuration"
ansible.builtin.include_tasks: tasks/firewalld.yml
when: no_firewalld is undefined
tags: firewalld
- name: "SSH Client"
ansible.builtin.include_tasks: tasks/ssh_client.yml
when: no_ssh_client is undefined
tags: ssh_client
- name: Run clevis role
ansible.builtin.include_role:
name: redhatit.clevis
when: no_clevis is undefined
tags: clevisI attempted to run this playbook specifically targeting the sshd_remedy tag using the command:
ansible-playbook base_configuration.yml -i localhost --tags "sshd_remedy"
However, I received the following error message:
ERROR! the role 'redhatit.subscriptionmanager_wrap' was not found in community.hashi_vault:ansible.legacy:/home/cloud-user/roles:/root/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/cloud-user
This error suggests that Ansible is attempting to validate or load roles not relevant to the specific tags requested for execution, in this case, sshd_remedy. Based on my understanding, roles and tasks not included in the specified tags should be ignored, including their dependencies or prerequisites.
Is my interpretation correct, or am I missing something? I anticipated that only tasks and roles tagged with sshd_remedy would be considered for execution, thus bypassing the need for the redhatit.subscriptionmanager_wrap role in this instance.
from ansible.
s-hertel
commented on June 1, 2024
Hi!
Thanks very much for your interest in Ansible. It means a lot to us.
This is working as expected since you are using static imports (which are processed up front, before any tasks are executed), rather than includes. The roles: keyword is equivalent to import_role. There are some tips here about the differences https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse.html#comparing-includes-and-imports-dynamic-and-static-reuse. If you rewrite the playbook to use include_role tasks, roles will be included on-demand only and work as you expect with tags.
If you have further questions, we'd like to direct these kinds of things to the forum, mailing list, or the IRC channel.
- Forum: https://forum.ansible.com/
- IRC: #ansible on irc.libera.chat
- mailing list: https://groups.google.com/forum/#!forum/ansible-project
See this page for a complete and up to date list of communication channels and their purposes:
Because this project is very active, we're unlikely to see comments made on closed tickets and we lock them after some time.
If don't you think this particular issue is resolved, you should still stop by there first, we'd appreciate it.
This allows us to keep the issue tracker for bugs, pull requests, RFEs and the like.
Thank you once again and we look forward to seeing you on the list or IRC. Thanks!
from ansible.
Related Issues (20)
- Drop support for Python 3.10 on the controller HOT 1
- Drop support for Python 3.7 on the target HOT 2
- Replace Ubuntu 20.04 with 24.04 in ansible-test HOT 2
- Replace Fedora 39 with 40 in ansible-test HOT 1
- Replace FreeBSD 14.0 with 14.1 in ansible-test HOT 2
- Replace Alpine 3.19 with 3.20 in ansible-test HOT 1
- Replace RHEL 9.3 with 9.4 in ansible-test HOT 1
- Update sanity test requirements HOT 1
- Update PowerShell and .NET in the base container HOT 1
- Create stable branches for default container repos HOT 1
- wait_for_connection not working properly with Juniper QFX HOT 2
- mysql_role fails to parse show grant response from mysql HOT 1
- Having subroles in a role HOT 7
- Handlers not executed of roles referenced by dependency in combination with conditional role in playbook HOT 10
- handlers are skipped on conditional role include HOT 3
- DNF/YUM module - nbackground requirements-install ignore disablerepo/enablerepo options HOT 3
- diff mode + assemble + remote_src=false raises fatal error HOT 3
- package_facts module does not update packages host facts with apk when cache is empty or network unreacheable HOT 1
- Server not found in Kerberos database HOT 2
- Changes to linux.py for setup module to return more relevant information for s390 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible.