New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issues with debops --skip-tags #444

Closed
evilham opened this Issue Sep 13, 2018 · 5 comments

Comments

Projects
None yet
2 participants
@evilham
Contributor

evilham commented Sep 13, 2018

Hello there,

I've noticed today that if I run debops --limit host, everything runs fine.

However, if I run debops --limit host --skip-tags role::ferm, it fails in role::kmod (output below).

Furthermore, if I run debops --limit host --skip-tags role::ferm,role::kmod, it fails in role::tinc (output below)

It happens to me with ansible version: 2.6.3 under python 2.7.13.

Can anyone reproduce this?

This worked before and I don't see any recent changes that would have changed that.

--skip-tags role::ferm output

TASK [debops.kmod : Check if modprobe is available] ***********************************************
ok: [host]

TASK [debops.kmod : Install required packages] ****************************************************
ok: [host] => (item=python-kmodpy)

TASK [debops.kmod : Make sure that Ansible local facts directory exists] **************************
ok: [host]

TASK [debops.kmod : Save kmod local facts] ********************************************************
ok: [host]

TASK [debops.kmod : Update Ansible facts if they were modified] ***********************************

TASK [debops.kmod : Configure kernel modules] *****************************************************
included: /path_to_debops/debops/ansible/roles/debops.kmod/tasks/modprobe.yml for host

TASK [debops.kmod : Remove module configuration] **************************************************

TASK [debops.kmod : Generate module configuration] ************************************************
ok: [host]

TASK [debops.kmod : Unload kernel module if configuration changed] ********************************

TASK [debops.kmod : Load kernel module if configuration changed] **********************************

TASK [debops.kmod : Update Ansible facts if the list of loaded kernel modules might have changed] *

TASK [debops.kmod : Remove module load configuration] *********************************************
fatal: [host]: FAILED! => {"msg": "'ifupdown__env_kmod__dependent_load' is undefined"}

--skip-tags role::ferm,role::kmod output

PLAY [Configure Tinc VPN] *************************************************************************

TASK [Gathering Facts] ****************************************************************************
ok: [host]

TASK [debops.secret : Create secret directories on Ansible Controller] ****************************
fatal: [host]: FAILED! => {"msg": "'tinc__env_secret__directories' is undefined"}
@drybjed

This comment has been minimized.

Member

drybjed commented Sep 13, 2018

The debops.kmod role is used in the debops.ifupdown playbook. The ifupdown role has a debops.ifupdown/env "sub-role" that prepares the environment for both debops.kmod and debops.ferm roles. When you skip the role::ferm tag, it also skips the invocation of debops.ifupdown/env "sub-role", the environment is not prepared for debops.kmod and it fails.

Solution, solution... I guess the current naming scheme for tags is not conductive for Ansible --skip-tags parameter, works fine with --tags. Fixing the roles that depend on the environment defined by other roles might break idempotency, so I would avoid doing that for now. Perhaps adding a new tag, say skip::<role_name> just with the main roles could be a solution. Then you could use this tag to skip debops.ferm execution with debops.ifupdown/env role working as expected. Want to test it out?

@evilham

This comment has been minimized.

Contributor

evilham commented Sep 13, 2018

Wow :-D. That's sneaky, thank you!

I agree, having skip::<role_name> sounds like a decent compromise and also sounds like it should work. Will give it a go and if it works add a patch for the ones I skip the most often :-).

@evilham

This comment has been minimized.

Contributor

evilham commented Sep 13, 2018

@drybjed question: the nfs_server playbook tags debops.etc_services as role::etc_services,role::ferm, is that correct?

@drybjed

This comment has been minimized.

Member

drybjed commented Sep 13, 2018

@evilham Yes. It's not obvious, but debops.nfs_server configures various TCP/UDP ports for NFS access in the firewall using names instead of the port numbers. The ports are registered in /etc/services by debops.etc_services, and are then used in the firewall configuration defined by debops.ferm. Without debops.etc_services running at least once, these port names would be non-existent and thus invalid.

So, it's not really needed every time, but it's tagged just in case.

evilham added a commit to evilham/debops that referenced this issue Sep 13, 2018

Added skip::ferm tag for --skip-tags.
Fixes debops#444 by having a way to skip any `debops.ferm` related tasks,
without also skipping those that set up environment variables for
multiple roles.

TODO: Add this to FAQ in case someone wants to add tags to skip other
roles.

@drybjed drybjed closed this in #446 Sep 13, 2018

@evilham

This comment has been minimized.

Contributor

evilham commented Sep 13, 2018

Since this issue is linked from the documentation, I write this here for future reference and for anyone who lands here:

Adding a skip::<role_name> tag is not as simple as search and replace in the repository. It does require manual checking, because otherwise the tags would be equivalent and adding a new one would not solve anything.
Rule of thumb: anything under <role>/env should not have skip::<role_name> tags.

Also: skipping debops.ferm does save quite a bit of time when running everything, but it shouldn't be used too often :-) only if it's really clear that it's not needed, up to you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment