Search code examples
ansiblekubespray

Ansible and passing vars to the following include_role from a previous include_role

I'm trying to wrap all the roles of Kubespray in block/rescue blocks so I had to move from the usual roles includes like this:

- hosts: kube-master[0]
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
    - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"]}

to this:

- hosts: kube-master[0]
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  vars:
    roles:
      - name: "kubespray-defaults"
      - name: kubernetes-apps/rotate_tokens
        tags: rotate_tokens
        when: "secret_changed|default(false)"
      - name: win_nodes/kubernetes_patch
        tags: ["master", "win_nodes"]
      - name: "ems-notification"
        msg: kubespray-defaults, kubernetes-apps/rotate_tokens and win_nodes/kubernetes_patch completed

  tasks:
  - include_tasks: roles/a4-roles/tasks/main.yml
    loop: "{{ roles }}"

with a4-roles/tasks/main.yml being:

- name: a4-roles
  when: item.when | default(omit)
  block:
    - include_role:
        name: "{{ item.name }}"
        apply:
          tags: >-
            {%- if item.tags is defined -%}
            "{{ item.tags }}"
            {%- else -%}
            ""
            {%- endif -%}
  rescue:
    - include_role:
        name: "ems-notification"
      vars:
        msg: an error has occurred
        host: "{{ inventory_hostname }}"
        result: "{{ ansible_failed_result.msg | trim | default(omit) }}"
        role: "{{ item.name }}"
        error: "true"

The problem is that the kubespray-defaults as well as other roles are setting some vars and defaults that are being used by the subsequent roles in the roles block. When using include_role those vars and defaults are just lost. Is there any way to retain them and pass them on to the next role?

Solution

  • I found a way to solve this just by using the public directive. Setting it to true shares the defaults and vars with all the following roles.

    All I had to do was change a4-roles/tasks/main.yml and make it like this:

    - name: a4-roles
  when: item.when | default(omit)
  block:
    - include_role:
        name: "{{ item.name }}"
        public: true
        apply:
          tags: >-
            {%- if item.tags is defined -%}
            "{{ item.tags }}"
            {%- else -%}
            ""
            {%- endif -%}
  rescue:
    - include_role:
        name: "ems-notification"
      vars:
        msg: an error has occurred
        host: "{{ inventory_hostname }}"
        result: "{{ ansible_failed_result.msg | trim | default(omit) }}"
        role: "{{ item.name }}"
        error: "true"

    This is still polluting the global stack as those defaults and vars are being shared with all the roles and not just those that are processed by my loop. I don't think there is a better solution at the time I'm writing this.