RH294 - ch07s05

Bookmark this page

Deploying Roles from External Content Sources

Objectives

Select and retrieve roles from external sources such as Git repositories or Ansible Galaxy, and use them in your playbooks.

External Content Sources

If you are using roles in your Ansible Playbooks, then you should get those roles from some centrally managed source. This practice ensures that all your projects have the current version of the role and that each project can benefit from bug fixes discovered by other projects with which they share the role.

For example, if the role is private content created and curated by your organization, it might be stored in a Git repository managed by your organization. Alternatively, it might be distributed as a tar archive file from a website or through other means.

In addition, the open source community maintains some roles through the Ansible Galaxy website. These roles are not reviewed or supported officially by Red Hat, but might contain code that your organization finds useful.

Important

It is increasingly common for roles to be packaged as Ansible Content Collections and offered by their authors through various methods:

In Red Hat Certified Ansible Content Collections from the Red Hat hosted automation hub at https://console.redhat.com, or through a private automation hub
As private content packaged from a private automation hub
By the community from Ansible Galaxy at https://galaxy.ansible.com

This section only covers how to get roles that are not packaged into an Ansible Content Collections.

Ideally, you want to be able to download the latest version of the role into the roles directory of your project simply, whenever necessary.

Introducing Ansible Galaxy

 A public library of Ansible content written by a variety of Ansible administrators and users is available at https://galaxy.ansible.com[Ansible Galaxy].
This library contains thousands of Ansible roles, and it has a searchable database that helps you identify roles that might help you accomplish an administrative task.

The ansible-galaxy command that you use to download and manage roles from Ansible Galaxy can also be used to download and manage roles from your own Git repositories.

The Ansible Galaxy Command Line Tool

The ansible-galaxy command-line tool can be used to search for, display information about, install, list, remove, or initialize roles.

Installing Roles Using a Requirements File

If you have a playbook that must have specific roles installed, then you can create a roles/requirements.yml file in the project directory that specifies which roles are needed. This file acts as a dependency manifest for the playbook project that enables playbooks to be developed and tested separately from any supporting roles.

Then, before you run ansible-navigator run, you can use the ansible-galaxy command to install those roles in your project's roles directory.

Note

If you use automation controller, it automatically downloads roles specified in your roles/requirements.yml file when it runs your playbook.

For example, you could have a role in a public repository on a Git server at https://git.example.com/someuser/someuser.myrole. A simple requirements.yml to install someuser.myrole might contain the following content:

- src: https://git.example.com/someuser/someuser.myrole
  scm: git
  version: "1.5.0"

The src attribute specifies the source of the role, in this case the URL for the repository of the role on your Git server. You can also use SSH key-based authentication by specifying something like git@git.example.com:someuser/someuser.myrole as provided by your Git repository.

The scm attribute indicates that this role is from a Git repository.

The version attribute is optional, and specifies the version of the role to install, in this case 1.5.0. In the case of a role stored in Git, the version can be the name of a branch, a tag, or a Git commit hash. If you do not specify a version, the command uses the latest commit on the default branch.

Important

Specify the version of the role in your requirements.yml file, especially for playbooks in production.

If you do not specify a version, you get the latest version of the role.

If the upstream author makes changes to the role that are incompatible with your playbook, it might cause an automation failure or other problems.

To install roles using a role requirements file, run the ansible-galaxy role install command from within your project directory. Include the following options:

-r roles/requirements.yml to specify the location of your requirements file
-p roles to install the role into a subdirectory of the roles directory

[user@host project]$ ansible-galaxy role install -r roles/requirements.yml \
> -p roles
Starting galaxy role install process
- downloading role from https://git.example.com/someuser/someuser.myrole
- extracting myrole to /home/user/project/roles/someuser.myrole
- someuser.myrole (1.5.0) was installed successfully

Important

If you do not specify the -p roles option, then ansible-galaxy uses the first directory in the default roles_path setting to determine where to install the role. This defaults to the user's ~/.ansible/roles directory, which is outside the project directory and unavailable to the execution environment if you use ansible-navigator to run your playbooks.

One way to avoid the need to specify -p roles is to apply the following setting in the defaults section of your project's ansible.cfg file:

roles_path = roles

If you have a tar archive file that contains a role, you can use roles/requirements.yml to install that file from a URL:

# from a role tar ball, given a URL;
#   supports 'http', 'https', or 'file' protocols
- src: file:///opt/local/roles/tarrole.tar
  name: tarrole

- src: https://www.example.com/role-archive/someuser.otherrole.tar
  name: someuser.otherrole

Note

Red Hat recommends that you use version control with roles, storing them in a version control system such as Git. If a recent change to a role causes problems, using version control allows you to roll back to a previous, stable version of the role.

Finding Community-managed Roles in Ansible Galaxy

The open source Ansible community operates a public server, https://galaxy.ansible.com, that contains roles and Ansible Content Collections shared by other Ansible users.

Warning

These roles can be useful, but they are not supported by Red Hat, nor does Red Hat audit or review this code. Volunteers in the Ansible community maintain this site. Use these roles at your own risk.

Browsing Ansible Galaxy for Roles

The Search tab on the left side of the Ansible Galaxy website home page gives you access to information about the roles published on Ansible Galaxy. You can search for an Ansible role by name or by using tags or other role attributes.

Results are presented in descending order of the Best Match score, which is a computed score based on role quality, role popularity, and search criteria. (Content Scoring in the Ansible Galaxy documentation has more information on how roles are scored by Ansible Galaxy.)

Figure 7.1: Ansible Galaxy search screen

Ansible Galaxy reports the number of times each role has been downloaded from Ansible Galaxy. In addition, Ansible Galaxy also reports the number of watchers, forks, and stars the role's GitHub repository has. You can use this information to help determine how active development is for a role and how popular it is in the community.

The following figure shows the search results that Ansible Galaxy displayed after a keyword search for redis was performed.

Figure 7.2: Ansible Galaxy search results example

The Filters menu to the right of the search box allows searches by type, contributor type, contributor, cloud platform, deprecated, platform, and tags.

Possible platform values include EL for Red Hat Enterprise Linux (and closely related distributions such as CentOS) and Fedora, among others.

Tags are arbitrary single-word strings set by the role author that describe and categorize the role. You can use tags to find relevant roles. Possible tag values include system, development, web, monitoring, and others. In Ansible Galaxy, a role can have up to 20 tags.

Important

In the Ansible Galaxy search interface, keyword searches match words or phrases in the README file, content name, or content description. Tag searches, by contrast, specifically match tag values that the author set for the role.

Searching for Roles from the Command Line

The ansible-galaxy search subcommand searches Ansible Galaxy for roles.

If you specify a string as an argument, it is used to search Ansible Galaxy for roles by keyword. You can use the --author, --platforms, and --galaxy-tags options to narrow the search results. You can also use those options as the main search key.

For example, the command ansible-galaxy search --author geerlingguy displays all roles submitted by the user geerlingguy. Results are displayed in alphabetical order, not by descending Best Match score.

The following example displays the names of roles that include redis, and are available for the Enterprise Linux (EL) platform.

[user@host ~]$ ansible-galaxy search 'redis' --platforms EL

Found 251 roles matching your search:

 Name                                            Description
 ----                                            -----------
 0x0i.consul                                     Consul - a service discovery, mesh and confi>
 0x0i.grafana                                    Grafana - an analytics and monitoring observ>
 0x5a17ed.ansible_role_netbox                    Installs and configures NetBox, a DCIM suite>
 1it.sudo                                        Ansible role for managing sudoers
 adfinis-sygroup.redis                           Ansible role for Redis
 AerisCloud.librato                              Install and configure the Librato Agent
 AerisCloud.redis                                Installs redis on a server
 AlbanAndrieu.java                               Manage Java installation
 alikins.php_pecl                                PHP PECL extension installation.
 ...output omitted...

The ansible-galaxy info subcommand displays more detailed information about a role. Ansible Galaxy gets this information from a number of places, including the role's meta/main.yml file and its GitHub repository.

The following command displays information about the geerlingguy.redis role, available from Ansible Galaxy.

[user@host ~]$ ansible-galaxy info geerlingguy.redis

Role: geerlingguy.redis
        description: Redis for Linux
        active: True
...output omitted...
        download_count: 825486
        forks_count: 137
        github_branch: master
        github_repo: ansible-role-redis
        github_user: geerlingguy
...output omitted...
        license: license (BSD, MIT)
        min_ansible_version: 2.4
        modified: 2020-11-17T19:20:46.649130Z
        open_issues_count: 5
        path: ('/home/student/.ansible/roles', '/usr/share/ansible/roles', '/etc/ansible/role>
        role_type: ANS
        stargazers_count: 170
...output omitted...

Downloading Roles from Ansible Galaxy

The following example shows how to configure a requirements file that uses a variety of remote sources.

[user@host project]$ cat roles/requirements.yml
# from Ansible Galaxy, using the latest version
- src: geerlingguy.redis 

# from Ansible Galaxy, overriding the name and using a specific version
- src: geerlingguy.redis
  version: "1.5.0" 
  name: redis_prod

# from any Git based repository, using HTTPS
- src: https://github.com/geerlingguy/ansible-role-nginx.git
  scm: git 
  version: master
  name: nginx

# from a role tar ball, given a URL;
#   supports 'http', 'https', or 'file' protocols
- src: file:///opt/local/roles/myrole.tar 
  name: myrole

	The `src` keyword specifies the Ansible Galaxy role name. If the role is not hosted on Ansible Galaxy, the `src` keyword indicates the role's URL.
	The `version` keyword is used to specify a role's version. The `version` keyword can be any value that corresponds to a branch, tag, or commit hash from the role's software repository.
	If the role is hosted in a source control repository, the `scm` attribute is required.
	If the role is hosted on Ansible Galaxy or as a tar archive, the `scm` keyword is omitted.
	The `name` keyword is used to override the local name of the role.

Managing Downloaded Roles

The ansible-galaxy command can also manage local roles, such as those roles found in the roles directory of a playbook project. The ansible-galaxy list subcommand lists the local roles.

[user@host project]$ ansible-galaxy list
# /home/user/project/roles
- geerlingguy.redis, 1.7.0
- redis_prod, 1.5.0
- nginx, master
- myrole, (unknown version)
...output omitted...

You can remove a role with the ansible-galaxy remove subcommand.

[user@host ~]$ ansible-galaxy remove nginx
- successfully removed nginx

References

ansible-galaxy — Ansible Documentation

Red Hat Hybrid Cloud Console | Ansible Automation Platform Dashboard

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-9.0-c95c7de