Ansible: Roles, Role Dependencies, and Variables
I just spent some time banging my head against Ansible, and thought I’d share in case anyone else runs across it:
I have a Firefox role that allows you to define a Firefox profile with various plugins, config settings, and the like. And I have a work-from-home (WFH) role that, among other things, sets up a couple of work profiles in Firefox, with certain proxy settings and plugins. I did this the way the documentation says to:
dependencies:
- name: Profile Work 1
role: firefox
vars:
- profile: work1
addons:
- ublock-origin
- privacy-badger17
- solarize-fox
prefs: >-
network.proxy.http: '"proxy.host.com"'
network.proxy.http_port: 1234
- name: Profile Work 2
role: firefox
vars:
- profile: work2
addons:
- ublock-origin
- privacy-badger17
- solarized-light
prefs: >-
network.proxy.http: '"proxy.host.com"'
network.proxy.http_port: 1234
The WFH stuff worked fine at first, but then I added a new profile.
- name: Roles
hosts: my-host
roles:
- role: wfh
- role: firefox
profile: third
addons:
- bitwarden-password-manager
- some fancy-theme
This one didn’t have any prefs, but Ansible was applying the prefs from the WFH role.
Eventually, I found that the problem lay in the two vars blocks in the wfh role’s dependencies: apparently those get set as variables for the entire task or play, not just for that invocation of the firefox role. The solution turned out to be undocumented: drop the vars blocks and pull the role parameters up a level:
dependencies:
- name: Profile Work 1
role: firefox
profile: work1
addons:
- ublock-origin
- privacy-badger17
- solarize-fox
prefs: >-
network.proxy.http: '"proxy.host.com"'
network.proxy.http_port: 1234
- name: Profile Work 2
role: firefox
profile: work2
addons:
- ublock-origin
- privacy-badger17
- solarized-light
prefs: >-
network.proxy.http: '"proxy.host.com"'
network.proxy.http_port: 1234
I do like Ansible, but it’s full of fiddly stupid crap like this.