Saturday, 13 December 2025

Ansible 25. Block more example - usage of tag etc

 A block can exist alone to simply group multiple tasks together for readability, common attributes, or conditional execution.

Key Points:

  1. Blocks are logical groupings, not separate tasks

  2. Use rescue for error handling

  3. Use always for logging, notifications, or cleanup

  4. You can apply become, when, tags, and other attributes at the block level

  5. Blocks make playbooks cleaner and more maintainable, especially for complex automation

Also It’s not mandatory to use rescue or always when you define a block. 

A block can exist alone to simply group multiple tasks together for readability, common attributes, or conditional execution.

1️⃣ Block without rescue/always (just grouping)

- block:
    - name: Task 1
      command: echo "Step 1"

    - name: Task 2
      command: echo "Step 2"
  become: true
  tags:
    - setup

  • All tasks in the block inherit become: true and tags: setup

  • No error handling is defined

  • Tasks will fail normally if something goes wrong


Why put become: true inside a block instead of at play level?

Normally, yes — people write:

- hosts: all
  become: true

But sometimes you don’t want ALL tasks to run with sudo, only specific tasks.

That is when you put:

block:
  ...
become: true
become_user: root

In Ansible, tags are used to mark tasks (or blocks/roles) so you can selectively run or skip them when executing a playbook. They make playbooks more flexible and efficient, especially for large projects.

✅ Why use tags

  1. Selective execution:
    Run only what’s needed without executing the entire playbook. Example:

    • --tags setup → run only setup tasks

    • --tags maintenance → run only DBA maintenance tasks

  2. Faster testing and debugging:
    When developing playbooks, you can test one section at a time.

  3. Reusable playbooks:
    A single playbook can contain tasks for different purposes (setup, maintenance, monitoring), and tags let you run only a subset.

  4. Block-level inheritance:
    If you assign a tag to a block, all tasks inside inherit that tag automatically — no need to tag each task individually.

✅ How tags work

  1. Assign a tag to a task or block:

- block:
    - name: Check listener status
      shell: lsnrctl status

    - name: Backup alert log
      shell: cp /path/to/alert.log /tmp/

  tags:
    - maintenance

Here, both tasks in the block are tagged with maintenance.

  1. Run only tagged tasks:

ansible-playbook playbook.yml -i inventory/hosts --tags maintenance

  • Only tasks (or blocks) with maintenance will run

  • All other tasks are skipped

  1. Skip certain tags:

ansible-playbook playbook.yml -i inventory/hosts --skip-tags maintenance

  • Runs the playbook normally but skips all tasks with the maintenance tag


Real time example

[oracle@oel01db ansible-project]$ cat ./playbooks/tag-example.yml
- name: Oracle DBA maintenance with separate task tags and environment
  hosts: db_servers
  gather_facts: no
  vars:
    oracle_base: /u01/app/oracle
    oracle_home: /u01/app/oracle/product/19.0.0/dbhome_1
    oracle_bin: /u01/app/oracle/product/19.0.0/dbhome_1/bin

  tasks:

    - name: Gather minimal environment facts
      setup:
        gather_subset:
          - env

    - block:
        - name: Stop Oracle listener
          shell: lsnrctl stop
          register: listener_status
          environment:
            ORACLE_HOME: "{{ oracle_home }}"
            PATH: "{{ oracle_bin }}:{{ ansible_env.PATH }}"
          tags:
            - listener_maintenance
          changed_when: false
          failed_when: false

        - name: Ensure backup directory exists with permissions
          file:
            path: /tmp/alert_backup
            state: directory
            mode: '0755'
          tags:
            - backup

        - name: Backup Oracle alert logs
          shell: cp {{ oracle_base }}/diag/rdbms/*/*/trace/alert_*.log /tmp/alert_backup/
          register: backup_result
          tags:
            - backup

    - name: Display listener stop output
      debug:
        msg: "{{ listener_status.stdout_lines }}"

    - name: Display backup result
      debug:
        msg:
          - "RC={{ backup_result.rc }}"
          - "Changed={{ backup_result.changed }}"
[oracle@oel01db ansible-project]$

Run the playbook without any tag argument

ansible-playbook -i ./inventory/hosts ./playbooks/tag-example.yml


























Let's run only the backup task.

ansible-playbook -i ./inventory/hosts ./playbooks/tag-example.yml --tags backup











If we assign a tag to a block, all tasks inside inherit that tag automatically — no need to tag each task individually. In our example we have assigned tag at task level. 

🔹 Key points

  • A playbook can have as many blocks as you want

  • Each block can have its own tag and error handling

  • Tasks inside a block can inherit the block’s tag automatically

  • Blocks do not interfere with each other unless they share variables or files




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Building a Safer PostgreSQL CI/CD Pipeline with GitHub Actions: Dev → PR Review → Test Promotion

In my previous post, we explored a simple push-to-main deployment strategy . While functional, that model is not considered an industry best...