Ansible 2.5 change – troubleshooting include_tasks and tags

If you’re upgrading to Ansible 2.5 (released Mar 23), make sure you read this.

Specifically, until now,  if you had tagged an include_tasks item, all the tasks in the file you were including would inherit the tag (or any other attributes). But now:

“attributes applied to an include_* task will not be inherited by the tasks within.”

Symptom: when running a playbook with –tags=bar, you will see a series of lines like this, one for each item in your loop…

included: /Users/wt/Dropbox/ansible/foo/bar.yml for myserver
included: /Users/wt/Dropbox/ansible/foo/bar.yml for myserver
included: /Users/wt/Dropbox/ansible/foo/bar.yml for myserver

…but none of the tasks in bar.yml actually execute.

To fix, either you manually tag everything within (ugly) OR you can use a block (elegant).

Ansible troubleshooting tips

Last updated Wed 20 Dec 2017

Setting file/directory permissions

When using the File module, the documentation warnings about missing off the leading zero for mode, but if you’re using setuid or setgid, you also need to surround the octal number with quotes, otherwise you’ll get unpredictable results.  Write it like this:

- name: Create docroot ({{ docroot }})
  file:
    path: "{{ docroot }}"
    state: directory
    owner: www-data
    group: www-data
    # the leading 2 means set group ID
    mode: "2775"
  become: true

Debugging failing Git connections

When using the Git module, if the command hangs without an error, use the --verbosecommand line switch when running the playbook, and set a low timeout for the task using async so it finishes quickly.  It might be you are connecting the wrong way (e.g. via https when you should be using SSH) or that the server’s SSL certificate needs to be approved.

More about async and poll settings

Variable expansion syntax

You have a variable called {{ current_site }}, which matches a key in {{ websites }}.  How do you write that? i.e. what’s the YML/Ansible equivalent of PHP’s {$foo}?  AnswerL use square brackets, not extra {{ }}

 

{{ websites[current_site].git_branch }}

Passwords

Note there’s a difference between --ask-pass (for standard SSH) and --ask-become-pass(for sudo) and also that --ask-sudo-pass is deprecated.

SSH passwords in the user module need to be supplied as a hash.  MySQL DB passwords are plaintext.

Nested loops

Having everything called {{ item }} gets ambiguous/messy and you’ll get a warning.  Use loop_control and loop_var to give one list of with_items another name.  Ansible docs

Deprecation warnings

(These aren’t always very well documented.)

[defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths . This feature will
be removed in version 2.8.

Fix is to edit ansible.cfg and change the following (ie. hostfile -> inventory):

[default]
#hostfile = ./inventory/common/allhosts
inventory = ./inventory/common/allhosts

Then the error will go away.

See also: https://github.com/geerlingguy/drupal-vm/issues/1553

Find where you ansible.cfg file is

run "ansible --version"

ansible 2.4.2.0
 config file = /Users/foo/.ansible.cfg
 [...]

Note how on a Mac it may begin with a period (.)

AWS (Amazon Web Services) modules

Limitations:

  • note that although there is now an s3_sync module, it currently (Ansible v 2.4.2.0) only supports push mode (i.e. uploading files TO amazon, not downloading from it to a local device).   However, you can easily use the AWS CLI command in either direction – and because it’s a sync command, it’s idempotent.
aws s3 sync [--delete] s3://mybucket/path/ /path/on/local/server/