Ansible: Tags are a code smell

I have referred to this article by Michel Blanc a number of times, primarily because of one thing he says:

Do not overdo tags: most of the time, this is YAGNI (You Ain’t Gonna Need It)

What he says is absolutely the truth. Using Ansible tags creates all sorts of uncertainty in your playbooks and roles at run-time.

Your own code

We can try various invocations of ansible-playbook and observe what happens with each:

That’s quite a truth table, even with just four tags! Using tags to control the flow of your Ansible playbooks gets confusing quickly. It’s easy to make our example even more confusing by creating additional tasks with never and always tags:

- name: demo another always-tagged task
msg: I am another always-tagged task
- always
- another-always

What happens to that truth table, now? Tags in your own code are confusing enough, but let’s consider what happens when you inject dependencies into your playbooks.

Other peoples’ roles

Tags are a smell

It would be great to see Ansible Galaxy evolve to the point where its community just disallows tags in contributed content.

What to use instead of tags?

  • Use when conditionals and consider passing extra variables for conditional evaluation during ansible-playbook invocations using the ‘-e’ flag.
  • Write separate playbooks and invoke those, instead of your main playbook, when doing something simple with Ansible like reloading a service. Note that you can include specific tasks when importing an Ansible using the tasks_from argument to an include_role task.
  • Other ideas? Feel free to hit me up!