How to Use Tags in Ansible Playbooks
At its core, Ansible relies on playbooks to define automation steps. However, when these playbooks become large, managing specific tasks efficiently can be a challenge.
This is where tags in Ansible come into play. Tags allow you to run or skip particular tasks in a playbook, making your automation more flexible and efficient.
In this guide, we'll explore how to use tags in Ansible Playbooks, and their benefits with real world examples.
What are Tags in Ansible?
Tags in Ansible provide a way to target specific tasks within a playbook for execution or exclusion. When dealing with complex playbooks containing dozens or hundreds of tasks, rerunning the entire playbook for a minor change is not efficient. Tags allow you to focus on only the parts of the playbook that are relevant.
Tags are especially useful when:
- You need to rerun specific tasks in large playbooks.
- You want to selectively execute certain tasks without running the entire playbook.
- You want to divide large playbooks into logical sections for more control.
Basic Syntax of Ansible Tags
Tags are added to a task using the tags keyword in a task definition. Here’s a simple example that demonstrates how to add a tag to a task:
- name: Install Apache
apt:
name: apache2
state: present
tags:
- webserver
In this example, the task installs the Apache webserver using the apt module, and it is tagged with webserver
.
How to Run Playbooks with Specific Tags
Once you’ve added tags to your tasks, running the playbook with specific tags is simple. Use the --tags
flag followed by the tag name when executing the playbook.
ansible-playbook playbook.yml --tags "webserver"
Output.
PLAY [Run specific tasks] ****************************************************************
TASK [Install Apache] ********************************************************************
changed: [localhost]
PLAY RECAP ******************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
In this example, only the tasks tagged with webserver will be executed.
You can also run multiple tasks by specifying more than one tag:
ansible-playbook playbook.yml --tags "webserver,database"
Output.
PLAY [Run multiple tagged tasks] *********************************************************
TASK [Install Apache] ********************************************************************
changed: [localhost]
TASK [Install MySQL] *********************************************************************
changed: [localhost]
PLAY RECAP ******************************************************************************
localhost : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
In this example, both tasks tagged with webserver
and database
are executed.
Excluding Tags
Sometimes you may want to skip certain tasks while running the playbook. This can be achieved using the --skip-tags
option.
ansible-playbook playbook.yml --skip-tags "database"
Output.
PLAY [Run tasks except those tagged with 'database'] *************************************
TASK [Install Apache] ********************************************************************
changed: [localhost]
TASK [Install MySQL] *********************************************************************
skipping: [localhost]
PLAY RECAP ******************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
Here, the Install MySQL task (tagged with database) is skipped, while other tasks are executed as usual.
Listing Tags in Ansible Playbook
You may want to know what tags are available in a playbook before running it. You can list all tags in a playbook using the --list-tags
flag.
This command will display all the tags used in the playbook, allowing you to decide which ones to run or skip.
ansible-playbook playbook.yml --list-tags
Output.
playbook: playbook.yml
play #1 (all): Example Playbook TAGS:
TASK TAGS: [database, webserver, critical, security]
This output lists all the tags (database, webserver, critical, security) available in the playbook, so you can choose which ones to run or skip in subsequent executions.
The Always and Never Tags
In Ansible, there are two special tags, always
and `never, that control whether certain tasks should always or never be executed.
1. always Tag
Tasks marked with the always tag will run regardless of which tags are specified during playbook execution. This is useful for critical tasks such as gathering facts or ensuring certain prerequisites are met.
- name: Ensure prerequisites are installed
apt:
name: git
state: present
tags:
- always
Even if no specific tags are provided when running the playbook, tasks with the always tag will still be executed.
ansible-playbook playbook.yml --tags "webserver"
Here, the task with the always
tag (Ensure prerequisites are installed) is executed even though only the webserver tag was specified.
2. never Tag
Tasks marked with the never
tag are explicitly prevented from running. This tag can be helpful if you want to disable certain tasks temporarily without deleting or commenting them out.
- name: Remove temporary files
file:
path: /tmp/testfile
state: absent
tags:
- never
Even if you specify the never tag explicitly, the task will not be executed.
ansible-playbook playbook.yml --tags "never"
In this case, the task was skipped because it was tagged with never.
Conclusion
Tags are a powerful feature in Ansible playbooks that enable you to selectively run specific tasks, making your playbooks more modular and efficient.
By following this guide, you can optimize your workflow, save time, and avoid unnecessary playbook execution. Let's start applying tags to your tasks, and streamline your automation process today!
On a similar note, you may want to learn about the dry run mode in Ansible.