DEV Community

Query Filter
Query Filter

Posted on

docker73

If your privileged-playbook.yaml (or site.yaml) lists rpm_deployment under a top-level roles: section, you have found the reason.

In Ansible, roles defined at the top level of a playbook are Static Roles. They are processed before any tasks: are executed, regardless of what you write in your tasks section.

The Source of the Confusion

You are looking at your tasks and seeing a when condition on the artifacts_download_v1 role, and you expect that to act as a gatekeeper for the entire workflow. However, Ansible treats the Static Role list and the Tasks list as two separate phases.

Feature Static Role (roles: at top) Dynamic Task (include_role in tasks)
Execution Order Runs before any tasks. Runs sequentially with tasks.
Conditionals Cannot use when easily (applies to the whole role). Can use when on specific tasks/roles.
Logic "Always run this role." "Run this role if criteria are met."

Why it runs even when the Download role is skipped

  1. Phase 1 (Static): Ansible loads rpm_deployment because it is in your roles: list. It executes it immediately.
  2. Phase 2 (Dynamic): Ansible reaches your tasks: section.
  3. Conditionals: Ansible evaluates the when: run_standard condition for artifacts_download_v1. If that is false, it skips the download role.

Because the deployment role was already handled in Phase 1, it has already finished executing by the time Ansible decides to skip the download role in Phase 2.

How to Fix It

If you want rpm_deployment to be dependent on the logic (the when condition) of your other tasks, you must remove it from the top-level roles: section.

1. Update your playbook:
Remove rpm_deployment from the top of the file:

# privileged-playbook.yaml
- hosts: all
  gather_facts: yes
  # REMOVE rpm_deployment FROM HERE
  roles:
    - discovery
    - artifacts_download_v1
  tasks:
    # ... your current tasks ...
Enter fullscreen mode Exit fullscreen mode

2. Include it in your task flow:
Now that it is gone from the top, you can control it with your when condition in the tasks: section:

tasks:
  - name: "STEP 1: DISCOVERY"
    ansible.builtin.include_role:
      name: discovery

  - name: "STEP 2: ARTIFACT DOWNLOAD"
    ansible.builtin.include_role:
      name: artifacts_download_v1
    when: run_standard | default(false)

  - name: "STEP 3: RPM DEPLOYMENT"
    ansible.builtin.include_role:
      name: rpm_deployment
    # Now this will only run if you want it to, or if you chain it
    when: run_standard | default(false)
Enter fullscreen mode Exit fullscreen mode

Does this align with how your privileged-playbook.yaml is structured at the top? If you remove it from the roles: list and move the include_role to your tasks: section, you will regain full control over the execution flow.

Top comments (0)