Ansible Galaxy

    Galaxy, is a free site for finding, downloading, and sharing community developed roles. Downloading roles from Galaxy isa great way to jumpstart your automation projects.

    You can also use the site to share roles that you create. By authenticating with the site using your GitHub account, you’re able to import roles, makingthem available to the Ansible community. Imported roles become available in the Galaxy search index and visible on the site, allowing users todiscover and download them.

    Learn more by viewing .

    The command line tool

    The command comes bundled with Ansible, and you can use it to install roles from Galaxy or directly from a git based SCM. You canalso use it to create a new role, remove roles, or perform tasks on the Galaxy website.

    The command line tool by default communicates with the Galaxy website API using the server address https://galaxy.ansible.com. Since the is an open source project, you may be running your own internal Galaxy server and wish to override the default server address. You can do this using the –server optionor by setting the Galaxy server value in your ansible.cfg file. For information on setting the value in ansible.cfg visit Galaxy Settings.

    Use the ansible-galaxy command to download roles from the

    roles_path

    By default Ansible downloads roles to the first writable directory in the default list of paths ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles. This will install roles in the home directory of the user running ansible-galaxy.

    You can override this by setting the environment variable ANSIBLE_ROLES_PATH in your session, defining roles_path in an ansible.cfg file, or by using the —roles-path option.

    The following provides an example of using —roles-path to install the role into the current working directory:

    1. $ ansible-galaxy install --roles-path . geerlingguy.apache

    See also

    • All about configuration files

    version

    You can install a specific version of a role from Galaxy by appending a comma and the value of a GitHub release tag. For example:

    1. $ ansible-galaxy install geerlingguy.apache,v1.0.0

    It’s also possible to point directly to the git repository and specify a branch name or commit hash as the version. For example, the following willinstall a specific commit:

    1. $ ansible-galaxy install git+https://github.com/geerlingguy/ansible-role-apache.git,0b7cd353c0250e87a26e0499e59e7fd265cc2f25

    Installing multiple roles from a file

    Beginning with Ansible 1.8 it is possible to install multiple roles by including the roles in a requirements.yml file. The format of the file is YAML, and thefile extension must be either .yml or .yaml.

    Use the following command to install roles included in requirements.yml:

    1. $ ansible-galaxy install -r requirements.yml

    Again, the extension is important. If the .yml extension is left off, the ansible-galaxy CLI assumes the file is in an older, now deprecated,“basic” format.

    Each role in the file will have one or more of the following attributes:

    Use the following example as a guide for specifying roles in requirements.yml:

    1. # from galaxy
    2. - src: yatesr.timezone
    3.  
    4. # from GitHub
    5. - src: https://github.com/bennojoy/nginx
    6.  
    7. # from GitHub, overriding the name and specifying a specific tag
    8. - src: https://github.com/bennojoy/nginx
    9.   version: master
    10.   name: nginx_role
    11.  
    12. # from a webserver, where the role is packaged in a tar.gz
    13. - src: https://some.webserver.example.com/files/master.tar.gz
    14.   name: http-role
    15.  
    16. # from Bitbucket
    17.   version: v1.4
    18.  
    19. # from Bitbucket, alternative syntax and caveats
    20. - src: https://bitbucket.org/willthames/hg-ansible-galaxy
    21.   scm: hg
    22.  
    23. # from GitLab or other git-based scm, using git+ssh
    24. - src: [email protected]:mygroup/ansible-base.git
    25.   scm: git
    26.   version: "0.1"  # quoted, so YAML doesn't parse this as a floating-point value

    Installing multiple roles from multiple files

    At a basic level, including requirements files allows you to break up bits of roles into smaller files. Role includes pull in roles from other files.

    Use the following command to install roles includes in requirements.yml + webserver.yml

    1. ansible-galaxy install -r requirements.yml

    Content of the requirements.yml file:

    1. # from galaxy
    2. - src: yatesr.timezone
    3.  
    4. - include: <path_to_requirements>/webserver.yml

    Content of the webserver.yml file:

    1. # from github
    2. - src: https://github.com/bennojoy/nginx
    3.  
    4. # from Bitbucket
    5. - src: git+https://bitbucket.org/willthames/git-ansible-galaxy
    6.   version: v1.4

    Dependencies

    You specify role dependencies in the meta/main.yml file by providing a list of roles. If the source of a role is Galaxy, you can simply specify the role inthe format username.role_name. The more complex format used in requirements.yml is also supported, allowing you to provide , scm, version, and name.

    Tags are inherited down the dependency chain. In order for tags to be applied to a role and all its dependencies, the tag should be applied to the role, not to all the tasks within a role.

    Roles listed as dependencies are subject to conditionals and tag filtering, and may not execute fully depending onwhat tags and conditionals are applied.

    Dependencies found in Galaxy can be specified as follows:

    The complex form can also be used as follows:

    1. dependencies:
    2.   - src: geerlingguy.ansible
    3.   - src: git+https://github.com/geerlingguy/ansible-role-composer.git
    4.     version: 775396299f2da1f519f0d8885022ca2d6ee80ee8
    5.     name: composer

    When dependencies are encountered by ansible-galaxy, it will automatically install each dependency to the roles_path. To understand how dependencies are handled during play execution, see .

    Note

    At the time of this writing, the Galaxy website expects all role dependencies to exist in Galaxy, and therefore dependencies to be specified in theusername.role_name format. If you import a role with a dependency where the src value is a URL, the import process will fail.

    Create roles

    Use the init command to initialize the base structure of a new role, saving time on creating the various directories and main.yml files a role requires

    1. $ ansible-galaxy init role_name

    The above will create the following directory structure in the current working directory:

    1. README.md
    2. .travis.yml
    3. defaults/
    4.     main.yml
    5. files/
    6. handlers/
    7.     main.yml
    8. meta/
    9.     main.yml
    10. templates/
    11. tests/
    12.     inventory
    13.     test.yml
    14. vars/
    15.     main.yml

    Force

    If a directory matching the name of the role already exists in the current working directory, the init command will result in an error. To ignore the erroruse the –force option. Force will create the above subdirectories and files, replacing anything that matches.

    Container Enabled

    If you are creating a Container Enabled role, pass —type container to ansible-galaxy init. This will create the same directory structure as above, but populate itwith default files appropriate for a Container Enabled role. For instance, the README.md has a slightly different structure, the .travis.yml file teststhe role using Ansible Container, and the meta directory includes a container.yml file.

    Using a Custom Role Skeleton

    A custom role skeleton directory can be supplied as follows:

    1. $ ansible-galaxy init --role-skeleton=/path/to/skeleton role_name

    When a skeleton is provided, init will:

    • copy all files and directories from the skeleton to the new role
    • any .j2 files found outside of a templates folder will be rendered as templates. The only useful variable at the moment is role_name
    • The .git folder and any .git_keep files will not be copied

    Alternatively, the role_skeleton and ignoring of files can be configured via ansible.cfg

    1. [galaxy]
    2. role_skeleton = /path/to/skeleton

    Search for Roles

    Search the Galaxy database by tags, platforms, author and multiple keywords. For example:

    1. $ ansible-galaxy search elasticsearch --author geerlingguy

    The search command will return a list of the first 1000 results matching your search:

    1. Found 2 roles matching your search:
    2.  
    3. Name                              Description
    4. ----                              -----------
    5. geerlingguy.elasticsearch         Elasticsearch for Linux.
    6. geerlingguy.elasticsearch-curator Elasticsearch curator for Linux.

    Use the info command to view more detail about a specific role:

    1. $ ansible-galaxy info username.role_name

    This returns everything found in Galaxy for the role:

    List installed roles

    Use list to show the name and version of each role installed in the roles_path.

    1. $ ansible-galaxy list
    2.  
    3. - chouseknecht.role-install_mongod, master
    4. - chouseknecht.test-role-1, v1.0.2
    5. - chrismeyersfsu.role-iptables, master
    6. - chrismeyersfsu.role-required_vars, master

    Remove an installed role

    Use to delete a role from roles_path:

    1. $ ansible-galaxy remove username.role_name

    The login command requires using your GitHub credentials. You can use your username and password, or you can create a . If you choose to create a token, grant minimal access to the token, as it is used just to verify identify.

    The following shows authenticating with the Galaxy website using a GitHub username and password:

    1. $ ansible-galaxy login
    2.  
    3. We need your GitHub login to identify you.
    4. This information will not be sent to Galaxy, only to api.github.com.
    5. The password will not be displayed.
    6.  
    7. Use --github-token if you do not want to enter your password.
    8.  
    9. Github Username: dsmith
    10. Password for dsmith:
    11. Successfully logged into Galaxy as dsmith

    When you choose to use your username and password, your password is not sent to Galaxy. It is used to authenticates with GitHub and create a personal access token.It then sends the token to Galaxy, which in turn verifies that your identity and returns a Galaxy access token. After authentication completes the GitHub token isdestroyed.

    If you do not wish to use your GitHub password, or if you have two-factor authentication enabled with GitHub, use the –github-token option to pass a personal access tokenthat you create.

    Import a role

    The import command requires that you first authenticate using the login command. Once authenticated you can import any GitHub repository that you own or havebeen granted access.

    Use the following to import to role:

    1. $ ansible-galaxy import github_user github_repo

    By default the command will wait for Galaxy to complete the import process, displaying the results as the import progresses:

    1. Successfully submitted import request 41
    2. Starting import 41: role_name=myrole repo=githubuser/ansible-role-repo ref=
    3. Retrieving GitHub repo githubuser/ansible-role-repo
    4. Accessing branch: master
    5. Parsing and validating meta/main.yml
    6. Parsing galaxy_tags
    7. Parsing platforms
    8. Adding dependencies
    9. Parsing and validating README.md
    10. Adding repo tags as role versions
    11. Import completed
    12. Status SUCCESS : warnings=0 errors=0

    Branch

    Use the –branch option to import a specific branch. If not specified, the default branch for the repo will be used.

    Role name

    By default the name given to the role will be derived from the GitHub repository name. However, you can use the –role-name option to override this and set the name.

    No wait

    If the –no-wait option is present, the command will not wait for results. Results of the most recent import for any of your roles is available on the Galaxy web siteby visiting My Imports.

    Delete a role

    The delete command requires that you first authenticate using the login command. Once authenticated you can remove a role from the Galaxy web site. You are only allowedto remove roles where you have access to the repository in GitHub.

    Use the following to delete a role:

    1. $ ansible-galaxy delete github_user github_repo

    This only removes the role from Galaxy. It does not remove or alter the actual GitHub repository.

    You can create an integration or connection between a role in Galaxy and Travis. Once the connection is established, a build in Travis willautomatically trigger an import in Galaxy, updating the search index with the latest information about the role.

    You create the integration using the setup command, but before an integration can be created, you must first authenticate using the login command; you willalso need an account in Travis, and your Travis token. Once you’re ready, use the following command to create the integration:

    1. $ ansible-galaxy setup travis github_user github_repo xxx-travis-token-xxx

    The setup command requires your Travis token, however the token is not stored in Galaxy. It is used along with the GitHub username and repo to create a hash as describedin . The hash is stored in Galaxy and used to verify notifications received from Travis.

    The setup command enables Galaxy to respond to notifications. To configure Travis to run a build on your repository and send a notification, follow theTravis getting started guide.

    To instruct Travis to notify Galaxy when a build completes, add the following to your .travis.yml file:

    1. notifications:
    2.     webhooks: https://galaxy.ansible.com/api/v1/notifications/

    List Travis integrations

    Use the –list option to display your Travis integrations:

    Remove Travis integrations

    Use the –remove option to disable and remove a Travis integration:

    1. $ ansible-galaxy setup --remove ID

    Provide the ID of the integration to be disabled. You can find the ID by using the –list option.

    • All about ansible roles
    • Mailing List
    • Questions? Help? Ideas? Stop by the list on Google Groups

    • ansible IRC chat channel