After some more playing, I found that if I move my roles/ directory into the folder with the playbooks, things work like they used to work. However, if I move to roles/ directory anywhere higher in the hierarchy than the playbook, it seems that the path can not be resolved inside the template.
I have decided to again reorganize my code/configs so that I can put the roles/ directory parallel to all the playbooks. It's slightly less ideal as the number of playbooks grow, but it maintains all needed functionality. If there's a better suggestion, I would be all for it. On Tuesday, October 28, 2014 11:23:28 AM UTC-4, Brian Coca wrote: > > hmm, I've only tested this by invoking the templates through the modules > (in that case ../../common/templates/iptables.j2 should work). > > I need to check env when calling template to see the base path (probably > playbook relative) for doing the includes from inside the template engine. > > On Tue, Oct 28, 2014 at 8:09 AM, Joe Adams <[email protected] > <javascript:>> wrote: > >> I've tried that but I can't seem to get it to work. Here are the paths >> I've tried so far: >> common/templates/iptables.j2 >> ../common/templates/iptables.j2 >> ../../common/templates/iptables.j2 >> ../../../common/templates/iptables.j2 >> /absolute/path/to/common/templates/iptables.j2 >> >> I get the same error message for all of them. >> >> On Tuesday, October 28, 2014 10:13:37 AM UTC-4, Brian Coca wrote: >>> >>> assuming all roles are in the same directory, you could do relative >>> paths to other roles' template directory. >>> >>> On Tue, Oct 28, 2014 at 6:34 AM, Joe Adams <[email protected]> wrote: >>> >>>> So is there no way of including or extending templates from other >>>> roles? It would seem that this is a really powerful feature of the >>>> templating language that would make many configurations more versatile and >>>> powerful. Is what I'm trying to do not possible with Ansible? >>>> >>>> On Monday, October 27, 2014 4:25:33 PM UTC-4, Brian Coca wrote: >>>>> >>>>> It looks for the file in the "base" directory or in the templates/ >>>>> subdirectory. The "base" directory is the directory of the current play >>>>> or >>>>> role. >>>>> >>>>> On Mon, Oct 27, 2014 at 6:31 AM, Joe Adams <[email protected]> wrote: >>>>> >>>>>> Is there somewhere that documents what paths are searched when inside >>>>>> a template or in include calls from within a template? I can't find much >>>>>> information about this at all. >>>>>> >>>>>> On Wednesday, October 22, 2014 9:22:05 AM UTC-4, Joe Adams wrote: >>>>>>> >>>>>>> I originally though it might be permissions, but both templates are >>>>>>> 0664 with my account being owner. >>>>>>> >>>>>>> I'm using ansible version 1.7.2 >>>>>>> >>>>>>> On Tuesday, October 21, 2014 11:51:08 PM UTC-4, Michael DeHaan wrote: >>>>>>>> >>>>>>>> For starters, what ansible version are you using? >>>>>>>> >>>>>>>> On Tue, Oct 21, 2014 at 6:02 PM, John Favorite <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> permissions issue? >>>>>>>>> >>>>>>>>> On Tue, Oct 21, 2014 at 5:35 PM, Joe Adams <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> I tried asking the IRC channel but I didn't get any responses so >>>>>>>>>> I figure that the mailing list might be better suited to this >>>>>>>>>> question. I'm >>>>>>>>>> trying to build an extensible iptables template. All of my hosts >>>>>>>>>> will need >>>>>>>>>> some amount of custom rules to be added so I feel that extending a >>>>>>>>>> template >>>>>>>>>> would be a great way to achieve this. My base template looks like >>>>>>>>>> this: >>>>>>>>>> >>>>>>>>>> #roles/common/templates/iptables.j2 >>>>>>>>>> {% block nat %} >>>>>>>>>> {% endblock nat %} >>>>>>>>>> *filter >>>>>>>>>> :INPUT ACCEPT [0:0] >>>>>>>>>> :FORWARD ACCEPT [0:0] >>>>>>>>>> :OUTPUT ACCEPT [0:0] >>>>>>>>>> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>>>>>>>>> -A INPUT -p icmp -j ACCEPT >>>>>>>>>> -A INPUT -i lo -j ACCEPT >>>>>>>>>> # SSH >>>>>>>>>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT >>>>>>>>>> {% block role_rules %} >>>>>>>>>> {% endblock role_rules %} >>>>>>>>>> # Drop All >>>>>>>>>> -A INPUT -j REJECT --reject-with icmp-host-prohibited >>>>>>>>>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >>>>>>>>>> COMMIT >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> So then I created a template for another host to add it's role >>>>>>>>>> specific information in. This template looks like this: >>>>>>>>>> >>>>>>>>>> {% extends "roles/common/templates/iptables.j2" %} >>>>>>>>>> {% block role_rules %} >>>>>>>>>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT >>>>>>>>>> {% endblock role_rules %} >>>>>>>>>> >>>>>>>>>> This was working until I moved my playbooks into a folder to >>>>>>>>>> organize them. Now I can't seem to fix the path to make the template >>>>>>>>>> extends >>>>>>>>>> tag work. I even tried an absolute path. >>>>>>>>>> Here's my directory structure: >>>>>>>>>> >>>>>>>>>> ansible/ >>>>>>>>>> ansible.cfg >>>>>>>>>> hosts/ >>>>>>>>>> dev >>>>>>>>>> qa >>>>>>>>>> groupvars/ >>>>>>>>>> dev >>>>>>>>>> qa >>>>>>>>>> playbooks/ >>>>>>>>>> roles/ >>>>>>>>>> common.yml >>>>>>>>>> roleA.yml >>>>>>>>>> roleB.yml >>>>>>>>>> roles/ >>>>>>>>>> common/ >>>>>>>>>> templates/ >>>>>>>>>> iptables.j2 >>>>>>>>>> tasks/ >>>>>>>>>> main.yml >>>>>>>>>> roleA/ >>>>>>>>>> templates/ >>>>>>>>>> iptables.j2 >>>>>>>>>> tasks/ >>>>>>>>>> main.yml >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I keep getting this error when I get to the play that templates >>>>>>>>>> the iptables file: >>>>>>>>>> {'msg': 'AnsibleError: file: /path/to/ansible/roles/vickyva >>>>>>>>>> le/templates/iptables.j2, error: Cannot find/not allowed to load >>>>>>>>>> (include) template >>>>>>>>>> /path/to/ansible/roles/common/templates/iptables.j2', >>>>>>>>>> 'failed': True} >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "Ansible Project" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/77a802c6-b >>>>>>>>>> 3a5-4895-8430-700f99daf0f1%40googlegroups.com >>>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/77a802c6-b3a5-4895-8430-700f99daf0f1%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/CAKsMCEToh >>>>>>>>> hhtbr79k8cgqm%2B%3DqxM-Fjytc-Kz_jbnimxQ456cJg%40mail.gmail.com >>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/CAKsMCETohhhtbr79k8cgqm%2B%3DqxM-Fjytc-Kz_jbnimxQ456cJg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/c2534bbb-8eaa-4875-9168-d1d6df1d57f1% >>>>>> 40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/c2534bbb-8eaa-4875-9168-d1d6df1d57f1%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Brian Coca >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/a1db82ee-fd0d-4fb4-8bc8- >>>> 6c488df27a7a%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/a1db82ee-fd0d-4fb4-8bc8-6c488df27a7a%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Brian Coca >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/d835065f-7aba-4299-9477-b080ac5fa749%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/d835065f-7aba-4299-9477-b080ac5fa749%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4c5805ed-3ad2-408c-8f7c-a521a70dd7ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
