How to Use Tags in Ansible Playbooks

At its core, Ansible relies on playbooks to define automation steps. However, when these playbooks become large, managing specific tasks efficiently can be a challenge.

This is where tags in Ansible come into play. Tags allow you to run or skip particular tasks in a playbook, making your automation more flexible and efficient.

In this guide, we'll explore how to use tags in Ansible Playbooks, and their benefits with real world examples.

What are Tags in Ansible?

Tags in Ansible provide a way to target specific tasks within a playbook for execution or exclusion. When dealing with complex playbooks containing dozens or hundreds of tasks, rerunning the entire playbook for a minor change is not efficient. Tags allow you to focus on only the parts of the playbook that are relevant.

Tags are especially useful when:

  • You need to rerun specific tasks in large playbooks.
  • You want to selectively execute certain tasks without running the entire playbook.
  • You want to divide large playbooks into logical sections for more control.

Basic Syntax of Ansible Tags

Tags are added to a task using the tags keyword in a task definition. Here’s a simple example that demonstrates how to add a tag to a task:

- name: Install Apache
  apt:
    name: apache2
    state: present
  tags:
    - webserver

In this example, the task installs the Apache webserver using the apt module, and it is tagged with webserver.

How to Run Playbooks with Specific Tags

Once you’ve added tags to your tasks, running the playbook with specific tags is simple. Use the --tags flag followed by the tag name when executing the playbook.

ansible-playbook playbook.yml --tags "webserver"

Output.

PLAY [Run specific tasks] ****************************************************************

TASK [Install Apache] ********************************************************************
changed: [localhost]

PLAY RECAP ******************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

In this example, only the tasks tagged with webserver will be executed.

You can also run multiple tasks by specifying more than one tag:

ansible-playbook playbook.yml --tags "webserver,database"

Output.

PLAY [Run multiple tagged tasks] *********************************************************

TASK [Install Apache] ********************************************************************
changed: [localhost]

TASK [Install MySQL] *********************************************************************
changed: [localhost]

PLAY RECAP ******************************************************************************
localhost                  : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

In this example, both tasks tagged with webserver and database are executed.

Excluding Tags

Sometimes you may want to skip certain tasks while running the playbook. This can be achieved using the --skip-tags option.

ansible-playbook playbook.yml --skip-tags "database"

Output.

PLAY [Run tasks except those tagged with 'database'] *************************************

TASK [Install Apache] ********************************************************************
changed: [localhost]

TASK [Install MySQL] *********************************************************************
skipping: [localhost]

PLAY RECAP ******************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

Here, the Install MySQL task (tagged with database) is skipped, while other tasks are executed as usual.

Listing Tags in Ansible Playbook

You may want to know what tags are available in a playbook before running it. You can list all tags in a playbook using the --list-tags flag.

This command will display all the tags used in the playbook, allowing you to decide which ones to run or skip.

ansible-playbook playbook.yml --list-tags

Output.

playbook: playbook.yml

  play #1 (all): Example Playbook TAGS: 
      TASK TAGS: [database, webserver, critical, security]

This output lists all the tags (database, webserver, critical, security) available in the playbook, so you can choose which ones to run or skip in subsequent executions.

The Always and Never Tags

In Ansible, there are two special tags, always and `never, that control whether certain tasks should always or never be executed.

1. always Tag

Tasks marked with the always tag will run regardless of which tags are specified during playbook execution. This is useful for critical tasks such as gathering facts or ensuring certain prerequisites are met.

- name: Ensure prerequisites are installed
  apt:
    name: git
    state: present
  tags:
    - always

Even if no specific tags are provided when running the playbook, tasks with the always tag will still be executed.

ansible-playbook playbook.yml --tags "webserver"

Here, the task with the always tag (Ensure prerequisites are installed) is executed even though only the webserver tag was specified.

2. never Tag

Tasks marked with the never tag are explicitly prevented from running. This tag can be helpful if you want to disable certain tasks temporarily without deleting or commenting them out.

- name: Remove temporary files
  file:
    path: /tmp/testfile
    state: absent
  tags:
    - never

Even if you specify the never tag explicitly, the task will not be executed.

ansible-playbook playbook.yml --tags "never"

In this case, the task was skipped because it was tagged with never.

Courses by Linux Handbook
Making learning accessible for everyone with lifetime access to courses at affordable prices. Courses are available on Linux, Docker, Ansible and more.

Conclusion

Tags are a powerful feature in Ansible playbooks that enable you to selectively run specific tasks, making your playbooks more modular and efficient.

By following this guide, you can optimize your workflow, save time, and avoid unnecessary playbook execution. Let's start applying tags to your tasks, and streamline your automation process today!

On a similar note, you may want to learn about the dry run mode in Ansible.

Ansible Dry Run: Running Playbook in Check Mode
Not sure of things with your playbook? Here’s how you can test your Ansible playbook by using the dry run feature.
✍️
Author: Hitesh Jethwa has more than 15+ years of experience with Linux system administration and DevOps. He likes to explain complicated topics in easy to understand way.