Have you considered the following?
- hosts: all
roles:
- name: nftables
forward_policy: drop
- name: router
forward_policy: allow
Or is there anything in the nftables logic which would define the
forward_policy for the router role? Note, within a playbook, the variable
scope is global. There is no such thing as a role scope for variables, you
can override the same variable, role level or even at task level.
You can use set_fact to alter the variable for the scope of the playbook as
much as you want. But older version (pre 2.10) I had issues with roles
three layers down, but not in the later versions.
Cheers,
*Kosala*
On Mon, Oct 9, 2023 at 12:20 AM Vladimir Botka <[email protected]> wrote:
> On Sun, 8 Oct 2023 23:36:47 +1300
> Kosala Atapattu <[email protected]> wrote:
>
> > I did not fully understand the problem, but might worth having a look at
> > variable precedence
>
> The problem is as follows: You have two roles and want to override
> defaults in the first role by the variables from the second role.
>
> The precedence of variables is a substantial part of the solution. It
> is not sufficient though. There might be more solutions depending on
> the use-case's details. An option might be creating the below task in
> the second role
>
> shell> cat roles/role2/tasks/instantiate_vars.yml
> - set_fact:
> var1_common: "{{ var1_common }}"
> when: var1_common is defined
>
> and "instantiate" the variable(s) before you run the first role. This
> way *set_fact* (precedence 19.) overrides the roles' defaults
> (precedence 2.)
>
> shell> cat pb.yml
> - hosts: all
> pre_tasks:
> - include_role:
> name: role2
> tasks_from: instantiate_vars
> run_once: true
> roles:
> - role1
>
> Notes:
>
> * You don't have to include or import *instantiate_vars.yml* in role2.
> * You can "instantiate* more variables.
> * You have to keep in mind the limitation of this solution. Only
> precedence 20.-22. are left to override such "instantiated"
> variables.
>
> --
> Vladimir Botka
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAP7S5Haix9aA6TK11zJYRkZ3AVBOvW7eQhwb5oA6n205q2NQvg%40mail.gmail.com.
