Using collections¶
Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. You can install and use collections through Ansible Galaxy.
- For details on how to develop collections see Developing collections.
- For the current development status of Collections and FAQ see Ansible Collections Community Guide.
Installing collections¶
Installing collections with ansible-galaxy
¶
By default, ansible-galaxy collection install
uses https://galaxy.ansible.com as the Galaxy server (as listed in the
ansible.cfg
file under galaxy_server). You do not need any
further configuration.
See Configuring the ansible-galaxy client if you are using any other Galaxy server, such as Red Hat Automation Hub.
To install a collection hosted in Galaxy:
ansible-galaxy collection install my_namespace.my_collection
You can also directly use the tarball from your build:
ansible-galaxy collection install my_namespace-my_collection-1.0.0.tar.gz -p ./collections
注解
The install command automatically appends the path ansible_collections
to the one specified with the -p
option unless the
parent directory is already in a folder called ansible_collections
.
When using the -p
option to specify the install path, use one of the values configured in COLLECTIONS_PATHS, as this is
where Ansible itself will expect to find collections. If you don’t specify a path, ansible-galaxy collection install
installs
the collection to the first path defined in COLLECTIONS_PATHS, which by default is ~/.ansible/collections
You can also keep a collection adjacent to the current playbook, under a collections/ansible_collections/
directory structure.
./
├── play.yml
├── collections/
│ └── ansible_collections/
│ └── my_namespace/
│ └── my_collection/<collection structure lives here>
See Collection structure for details on the collection directory structure.
Installing an older version of a collection¶
You can only have one version of a collection installed at a time. By default ansible-galaxy
installs the latest available version. If you want to install a specific version, you can add a version range identifier. For example, to install the 1.0.0-beta.1 version of the collection:
ansible-galaxy collection install my_namespace.my_collection:==1.0.0-beta.1
You can specify multiple range identifiers separated by ,
. Use single quotes so the shell passes the entire command, including >
, !
, and other operators, along. For example, to install the most recent version that is greater than or equal to 1.0.0 and less than 2.0.0:
ansible-galaxy collection install 'my_namespace.my_collection:>=1.0.0,<2.0.0'
Ansible will always install the most recent version that meets the range identifiers you specify. You can use the following range identifiers:
*
: The most recent version. This is the default.!=
: Not equal to the version specified.==
: Exactly the version specified.>=
: Greater than or equal to the version specified.>
: Greater than the version specified.<=
: Less than or equal to the version specified.<
: Less than the version specified.
注解
By default ansible-galaxy
ignores pre-release versions. To install a pre-release version, you must use the ==
range identifier to require it explicitly.
Install multiple collections with a requirements file¶
You can also setup a requirements.yml
file to install multiple collections in one command. This file is a YAML file in the format:
---
collections:
# With just the collection name
- my_namespace.my_collection
# With the collection name, version, and source options
- name: my_namespace.my_other_collection
version: 'version range identifiers (default: ``*``)'
source: 'The Galaxy URL to pull the collection from (default: ``--api-server`` from cmdline)'
The version
key can take in the same range identifier format documented above.
Roles can also be specified and placed under the roles
key. The values follow the same format as a requirements
file used in older Ansible releases.
---
roles:
# Install a role from Ansible Galaxy.
- name: geerlingguy.java
version: 1.9.6
collections:
# Install a collection from Ansible Galaxy.
- name: geerlingguy.php_roles
version: 0.9.3
source: https://galaxy.ansible.com
注解
While both roles and collections can be specified in one requirements file, they need to be installed separately.
The ansible-galaxy role install -r requirements.yml
will only install roles and
ansible-galaxy collection install -r requirements.yml -p ./
will only install collections.
Downloading a collection for offline use¶
To download the collection tarball from Galaxy for offline use:
- Navigate to the collection page.
- Click on Download tarball.
You may also need to manually download any dependent collections.
Configuring the ansible-galaxy
client¶
By default, ansible-galaxy
uses https://galaxy.ansible.com as the Galaxy server (as listed in the ansible.cfg
file under galaxy_server).
You can use either option below to configure ansible-galaxy collection
to use other servers (such as Red Hat Automation Hub or a custom Galaxy server):
- Set the server list in the galaxy_server_list configuration option in ansible_configuration_settings_locations.
- Use the
--server
command line argument to limit to an individual server.
To configure a Galaxy server list in ansible.cfg
:
- Add the
server_list
option under the[galaxy]
section to one or more server names. - Create a new section for each server name.
- Set the
url
option for each server name. - Optionally, set the API token for each server name. See API token for details.
注解
The url
option for each server name must end with a forward slash /
. If you do not set the API token in your Galaxy server list, use the --api-key
argument to pass in the token to the ansible-galaxy collection publish
command.
For Automation Hub, you additionally need to:
- Set the
auth_url
option for each server name. - Set the API token for each server name. Go to https://cloud.redhat.com/ansible/automation-hub/token/ and click :Get API token from the version dropdown to copy your API token.
The following example shows how to configure multiple servers:
[galaxy]
server_list = automation_hub, my_org_hub, release_galaxy, test_galaxy
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=my_ah_token
[galaxy_server.my_org_hub]
url=https://automation.my_org/
username=my_user
password=my_pass
[galaxy_server.release_galaxy]
url=https://galaxy.ansible.com/
token=my_token
[galaxy_server.test_galaxy]
url=https://galaxy-dev.ansible.com/
token=my_test_token
注解
You can use the --server
command line argument to select an explicit Galaxy server in the server_list
and
the value of this argument should match the name of the server. To use a server not in the server list, set the value to the URL to access that server (all servers in the server list will be ignored). Also you cannot use the --api-key
argument for any of the predefined servers. You can only use the api_key
argument if you did not define a server list or if you specify a URL in the
--server
argument.
Galaxy server list configuration options
The galaxy_server_list option is a list of server identifiers in a prioritized order. When searching for a
collection, the install process will search in that order, for example, automation_hub
first, then my_org_hub
, release_galaxy
, and
finally test_galaxy
until the collection is found. The actual Galaxy instance is then defined under the section
[galaxy_server.{{ id }}]
where {{ id }}
is the server identifier defined in the list. This section can then
define the following keys:
url
: The URL of the Galaxy instance to connect to. Required.token
: An API token key to use for authentication against the Galaxy instance. Mutually exclusive withusername
.username
: The username to use for basic authentication against the Galaxy instance. Mutually exclusive withtoken
.password
: The password to use, in conjunction withusername
, for basic authentication.auth_url
: The URL of a Keycloak server ‘token_endpoint’ if using SSO authentication (for example, Automation Hub). Mutually exclusive withusername
. Requirestoken
.
As well as defining these server options in the ansible.cfg
file, you can also define them as environment variables.
The environment variable is in the form ANSIBLE_GALAXY_SERVER_{{ id }}_{{ key }}
where {{ id }}
is the upper
case form of the server identifier and {{ key }}
is the key to define. For example I can define token
for
release_galaxy
by setting ANSIBLE_GALAXY_SERVER_RELEASE_GALAXY_TOKEN=secret_token
.
For operations that use only one Galaxy server (for example, the publish
, info
, or install
commands). the ansible-galaxy collection
command uses the first entry in the
server_list
, unless you pass in an explicit server with the --server
argument.
注解
Once a collection is found, any of its requirements are only searched within the same Galaxy instance as the parent collection. The install process will not search for a collection requirement in a different Galaxy instance.
Listing collections¶
To list installed collections, run ansible-galaxy collection list
. This shows all of the installed collections found in the configured collections search paths. The path where the collections are located are displayed as well as version information. If no version information is available, a *
is displayed for the version number.
# /home/astark/.ansible/collections/ansible_collections
Collection Version
-------------------------- -------
cisco.aci 0.0.5
cisco.mso 0.0.4
sandwiches.ham *
splunk.enterprise_security 0.0.5
# /usr/share/ansible/collections/ansible_collections
Collection Version
----------------- -------
fortinet.fortios 1.0.6
pureport.pureport 0.0.8
sensu.sensu_go 1.3.0
Run with -vvv
to display more detailed information.
To list a specific collection, pass a valid fully qualified collection name (FQCN) to the command ansible-galaxy collection list
. All instances of the collection will be listed.
> ansible-galaxy collection list fortinet.fortios
# /home/astark/.ansible/collections/ansible_collections
Collection Version
---------------- -------
fortinet.fortios 1.0.1
# /usr/share/ansible/collections/ansible_collections
Collection Version
---------------- -------
fortinet.fortios 1.0.6
To search other paths for collections, use the -p
option. Specify multiple search paths by separating them with a :
. The list of paths specified on the command line will be added to the beginning of the configured collections search paths.
> ansible-galaxy collection list -p '/opt/ansible/collections:/etc/ansible/collections'
# /opt/ansible/collections/ansible_collections
Collection Version
--------------- -------
sandwiches.club 1.7.2
# /etc/ansible/collections/ansible_collections
Collection Version
-------------- -------
sandwiches.pbj 1.2.0
# /home/astark/.ansible/collections/ansible_collections
Collection Version
-------------------------- -------
cisco.aci 0.0.5
cisco.mso 0.0.4
fortinet.fortios 1.0.1
sandwiches.ham *
splunk.enterprise_security 0.0.5
# /usr/share/ansible/collections/ansible_collections
Collection Version
----------------- -------
fortinet.fortios 1.0.6
pureport.pureport 0.0.8
sensu.sensu_go 1.3.0
Verifying collections¶
Verifying collections with ansible-galaxy
¶
Once installed, you can verify that the content of the installed collection matches the content of the collection on the server. This feature expects that the collection is installed in one of the configured collection paths and that the collection exists on one of the configured galaxy servers.
ansible-galaxy collection verify my_namespace.my_collection
The output of the ansible-galaxy collection verify
command is quiet if it is successful. If a collection has been modified, the altered files are listed under the collection name.
ansible-galaxy collection verify my_namespace.my_collection
Collection my_namespace.my_collection contains modified content in the following files:
my_namespace.my_collection
plugins/inventory/my_inventory.py
plugins/modules/my_module.py
You can use the -vvv
flag to display additional information, such as the version and path of the installed collection, the URL of the remote collection used for validation, and successful verification output.
ansible-galaxy collection verify my_namespace.my_collection -vvv
...
Verifying 'my_namespace.my_collection:1.0.0'.
Installed collection found at '/path/to/ansible_collections/my_namespace/my_collection/'
Remote collection found at 'https://galaxy.ansible.com/download/my_namespace-my_collection-1.0.0.tar.gz'
Successfully verified that checksums for 'my_namespace.my_collection:1.0.0' match the remote collection
If you have a pre-release or non-latest version of a collection installed you should include the specific version to verify. If the version is omitted, the installed collection is verified against the latest version available on the server.
ansible-galaxy collection verify my_namespace.my_collection:1.0.0
In addition to the namespace.collection_name:version
format, you can provide the collections to verify in a requirements.yml
file. Dependencies listed in requirements.yml
are not included in the verify process and should be verified separately.
ansible-galaxy collection verify -r requirements.yml
Verifying against tar.gz
files is not supported. If your requirements.yml
contains paths to tar files or URLs for installation, you can use the --ignore-errors
flag to ensure that all collections using the namespace.name
format in the file are processed.
Using collections in a Playbook¶
Once installed, you can reference a collection content by its fully qualified collection name (FQCN):
- hosts: all
tasks:
- my_namespace.my_collection.mymodule:
option1: value
This works for roles or any type of plugin distributed within the collection:
- hosts: all
tasks:
- import_role:
name: my_namespace.my_collection.role1
- my_namespace.mycollection.mymodule:
option1: value
- debug:
msg: '{{ lookup("my_namespace.my_collection.lookup1", 'param1')| my_namespace.my_collection.filter1 }}'
Simplifying module names with the collections
keyword¶
The collections
keyword lets you define a list of collections that your role or playbook should search for unqualified module and action names. So you can use the collections
keyword, then simply refer to modules and action plugins by their short-form names throughout that role or playbook.
警告
If your playbook uses both the collections
keyword and one or more roles, the roles do not inherit the collections set by the playbook. See below for details.
Using collections
in roles¶
Within a role, you can control which collections Ansible searches for the tasks inside the role using the collections
keyword in the role’s meta/main.yml
. Ansible will use the collections list defined inside the role even if the playbook that calls the role defines different collections in a separate collections
keyword entry. Roles defined inside a collection always implicitly search their own collection first, so you don’t need to use the collections
keyword to access modules, actions, or other roles contained in the same collection.
# myrole/meta/main.yml
collections:
- my_namespace.first_collection
- my_namespace.second_collection
- other_namespace.other_collection
Using collections
in playbooks¶
In a playbook, you can control the collections Ansible searches for modules and action plugins to execute. However, any roles you call in your playbook define their own collections search order; they do not inherit the calling playbook’s settings. This is true even if the role does not define its own collections
keyword.
- hosts: all
collections:
- my_namespace.my_collection
tasks:
- import_role:
name: role1
- mymodule:
option1: value
- debug:
msg: '{{ lookup("my_namespace.my_collection.lookup1", 'param1')| my_namespace.my_collection.filter1 }}'
The collections
keyword merely creates an ordered ‘search path’ for non-namespaced plugin and role references. It does not install content or otherwise change Ansible’s behavior around the loading of plugins or roles. Note that an FQCN is still required for non-action or module plugins (e.g., lookups, filters, tests).
参见
- Developing collections
- Develop or modify a collection.
- collections_galaxy_meta
- Understand the collections metadata structure.
- Mailing List
- The development mailing list
- irc.freenode.net
- #ansible IRC chat channel