I have a monolithic Ansible playbook that contains dozens of different roles, all bundled into the same Git repository. Some of the roles are more generically useful than others, so I thought I would do some refactoring.<\/p>\n
I decided to move the role that installs and configures fail2ban to its own repository, and then call that new\/refactored role as a dependency in my now-slightly-less-monolithic role.<\/p>\n
Of course, I had no idea what I was doing.
\n<\/p>\n
The first thing I tried was creating a simple ansible-test playbook with a single test role. Just to make sure it did something, I had it copy a file to the \/tmp directory on the target host. In Then I tried running the playbook:<\/p>\n Which produced the following error:<\/p>\n That’s a long and, as it turns out, misleading error. There is no issue with unbalanced quotes. The real error is on the first line:<\/p>\n Isn’t is supposed to automatically install? Isn’t that the magic of dependencies?<\/p>\n Apparently not. The convention, as far as I can tell, is to use a Then you use It worked! I now had a new role in It turned out that I had left out an important piece of the I tried re-installing the repository using the Wait, what? What is Before:<\/strong><\/p>\n After:<\/strong><\/p>\n I ran the install again:<\/p>\nroles\/test\/meta\/main.yml<\/code> I added a dependency:<\/p>\n--- \r\ndependencies:\r\n - { role: \"git+https:\/\/git.osric.net\/chris\/ansible-fail2ban.git\" }\r\n...<\/code><\/pre>\n$ ansible-playbook -i hosts site.yml<\/code><\/pre>\nERROR! the role 'git+https:\/\/git.osric.net\/chris\/ansible-fail2ban.git' was not found in \/home\/chris\/ansible-test\/roles:\/usr\/local\/etc\/ansible\/roles:\/home\/chris\/ansible-test\/roles:\/home\/chris\/ansible-test\r\n\r\nThe error appears to have been in '\/home\/chris\/ansible-test\/roles\/test\/meta\/main.yml': line 4, column 3, but may\r\nbe elsewhere in the file depending on the exact syntax problem.\r\n\r\nThe offending line appears to be:\r\n\r\ndependencies:\r\n- { role: \"git+https:\/\/git.osric.net\/chris\/ansible-fail2ban.git\" }\r\n ^ here\r\nThis one looks easy to fix. It seems that there is a value started\r\nwith a quote, and the YAML parser is expecting to see the line ended\r\nwith the same kind of quote. For instance:\r\n\r\n when: \"ok\" in result.stdout\r\n\r\nCould be written as:\r\n\r\n when: '\"ok\" in result.stdout'\r\n\r\nOr equivalently:\r\n\r\n when: \"'ok' in result.stdout\"<\/code><\/pre>\nERROR! the role 'git+https:\/\/git.osric.net\/chris\/ansible-fail2ban.git' was not found<\/code><\/pre>\nrequirements.yml<\/code> file that describes where to find the dependencies, e.g.:<\/p>\n---\r\nsrc: git+https:\/\/git.osric.net\/chris\/ansible-fail2ban.git\r\n...<\/code><\/pre>\nansible-galaxy<\/code> to install the dependencies:<\/p>\n$ ansible-galaxy install -r requirements.yml -p roles\/<\/code><\/pre>\nroles\/ansible-fail2ban<\/code> with the expected content.<\/p>\nansible-fail2ban<\/code> role (I forgot to add<\/code>, commit<\/code>, and push<\/code> the defaults\/main.yml<\/code> into the remote origin).<\/p>\n--force<\/code> option:<\/p>\n$ ansible-galaxy install --force -r requirements.yml -p roles\/\r\n- ansible-fail2ban is already installed, skipping.<\/code><\/pre>\n--force<\/code> actually supposed to do? It turned out, this was a bug in my version of ansible<\/code> (and ansible-galaxy<\/code>), as described in this bug: https:\/\/github.com\/ansible\/galaxy-issues\/issues\/249<\/a><\/p>\n$ ansible-galaxy --version\r\nansible-galaxy 2.3.1.0<\/code><\/pre>\n$ ansible-galaxy --version\r\nansible-galaxy 2.4.3.0<\/code><\/pre>\n$ ansible-galaxy install --force -r requirements.yml -p roles\/\r\n- changing role ansible-fail2ban from to unspecified\r\n- extracting ansible-fail2ban to \/home\/chris\/ansible-test\/roles\/ansible-fail2ban\r\n- ansible-fail2ban was installed successfully<\/code><\/pre>\n