Galaxy User Guide

Ansible Galaxy refers to the Galaxy website, a free site for finding, downloading, and sharing community developed roles.

Use Galaxy to jump-start your automation project with great content from the Ansible community. Galaxy provides pre-packaged units of work such as roles, and new in Galaxy 3.2, collections.You can find roles for provisioning infrastructure, deploying applications, and all of the tasks you do everyday. The collection format provides a comprehensive package of automation that may include multiple playbooks, roles, modules, and plugins.

Finding collections on Galaxy

To find collections on Galaxy:

  • Click the Search icon in the left-hand navigation.
  • Set the filter to collection.
  • Set other filters and press enter.Galaxy presents a list of collections that match your search criteria.

Installing collections

Installing a collection from Galaxy

You can use the ansible-galaxy collection install command to install a collection on your system.

Note

By default, ansible-galaxy uses https://galaxy.ansible.com as the Galaxy server (as listed in the ansible.cfg file under GALAXY_SERVER). You do not need any further configuration. See Configuring the ansible-galaxy client if you are using any other Galaxy server, such as Red Hat Automation Hub).

To install a collection hosted in Galaxy:

  1. ansible-galaxy collection install my_namespace.my_collection

You can also directly use the tarball from your build:

  1. ansible-galaxy collection install my_namespace-my_collection-1.0.0.tar.gz -p ./collections

Note

The install command automatically appends the path ansible_collections to the one specified with the -p option unless theparent directory is already in a folder called ansible_collections.

When using the -p option to specify the install path, use one of the values configured in COLLECTIONS_PATHS, as this iswhere Ansible itself will expect to find collections. If you don’t specify a path, ansible-galaxy collection install installsthe collection to the first path defined in COLLECTIONS_PATHS, which by default is ~/.ansible/collections

You can also keep a collection adjacent to the current playbook, under a collections/ansible_collections/ directory structure.

  1. play.yml
  2. ├── collections/
  3.    └── ansible_collections/
  4.                └── my_namespace/
  5.                    └── my_collection/<collection structure lives here>

See Collection structure for details on the collection directory structure.

Downloading a collection from Automation Hub

To download a collection from Automation Hub with the ansible-galaxy command:

  • Get your Automation Hub API token. Go to https://cloud.redhat.com/ansible/automation-hub/token/ and click Get API token from the version dropdown to copy your API token.
  • Configure Red Hat Automation Hub server in the server_list option under the [galaxy] section in your ansible.cfg file.
  1. [galaxy]server_list = automation_hub[galaxy_server.automation_hub]url=https://cloud.redhat.com/api/automation-hub/auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/tokentoken=my_ah_token
  • Download the collection hosted in Automation Hub.
  1. ansible-galaxy collection install my_namespace.my_collection

See also

Installing an older version of a collection

By default ansible-galaxy installs the latest collection that is available but you can add a version rangeidentifier to install a specific version.

To install the 1.0.0 version of the collection:

  1. ansible-galaxy collection install my_namespace.my_collection:1.0.0

To install the 1.0.0-beta.1 version of the collection:

  1. ansible-galaxy collection install my_namespace.my_collection:==1.0.0-beta.1

To install the collections that are greater than or equal to 1.0.0 or less than 2.0.0:

  1. ansible-galaxy collection install my_namespace.my_collection:>=1.0.0,<2.0.0

You can specify multiple range identifiers which are split by ,. You can use the following range identifiers:

  • *: Any version, this is the default used when no range specified is set.
  • !=: Version is not equal to the one specified.
  • ==: Version must be the one specified.
  • >=: Version is greater than or equal to the one specified.
  • >: Version is greater than the one specified.
  • <=: Version is less than or equal to the one specified.
  • <: Version is less than the one specified.

Note

The ansible-galaxy command ignores any pre-release versions unless the == range identifier is used toexplicitly set to that pre-release version.

Install multiple collections with a requirements file

You can also setup a requirements.yml file to install multiple collections in one command. This file is a YAML file in the format:

  1. ---
  2. collections:
  3. # With just the collection name
  4. - my_namespace.my_collection
  5.  
  6. # With the collection name, version, and source options
  7. - name: my_namespace.my_other_collection
  8.   version: 'version range identifiers (default: ``*``)'
  9.   source: 'The Galaxy URL to pull the collection from (default: ``--api-server`` from cmdline)'

The version key can take in the same range identifier format documented above.

Roles can also be specified and placed under the roles key. The values follow the same format as a requirementsfile used in older Ansible releases.

  1. ---
  2. roles:
  3.   # Install a role from Ansible Galaxy.
  4.   - src: geerlingguy.java
  5.     version: 1.9.6
  6.  
  7. collections:
  8.   # Install a collection from Ansible Galaxy.
  9.   - name: geerlingguy.php_roles
  10.     version: 0.9.3
  11.     source: https://galaxy.ansible.com

Note

While both roles and collections can be specified in one requirements file, they need to be installed separately.The ansible-galaxy role install -r requirements.yml will only install roles andansible-galaxy collection install -r requirements.yml -p ./ will only install collections.

Configuring the ansible-galaxy client

By default, ansible-galaxy uses https://galaxy.ansible.com as the Galaxy server (as listed in the ansible.cfg file under GALAXY_SERVER).

You can configure this to use other servers (such as Red Hat Automation Hub or a custom Galaxy server) as follows:

To configure a Galaxy server list in ansible.cfg:

  • Add the server_list option under the [galaxy] section to one or more server names.
  • Create a new section for each server name.

  • Set the url option for each server name.For Automation Hub, you additionally need to:

  • Set the auth_url option for each server name.

  • Set the API token for each server name. Go to https://cloud.redhat.com/ansible/automation-hub/token/ and click :Get API token from the version dropdown to copy your API token.The following example shows how to configure multiple servers:
  1. [galaxy]
  2. server_list = automation_hub, my_org_hub, release_galaxy, test_galaxy
  3.  
  4. [galaxy_server.automation_hub]
  5. url=https://cloud.redhat.com/api/automation-hub/
  6. auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
  7.  
  8. token=my_ah_token
  9.  
  10. [galaxy_server.my_org_hub]
  11. url=https://automation.my_org/
  12. username=my_user
  13. password=my_pass
  14.  
  15. [galaxy_server.release_galaxy]
  16. url=https://galaxy.ansible.com/
  17. token=my_token
  18.  
  19. [galaxy_server.test_galaxy]
  20. url=https://galaxy-dev.ansible.com/
  21. token=my_test_token

Note

You can use the —server command line argument to select an explicit Galaxy server in the server_list andthe value of this argument should match the name of the server. To use a server not in the server list, set the value to the URL to access that server (all servers in the server list will be ignored). Also the —api-key argument is not applied to any of the predefined servers. It is only appliedif no server list is defined or a URL was specified by —server.

Galaxy server list configuration options

The GALAXY_SERVER_LIST option is a list of server identifiers in a prioritized order. When searching for acollection, the install process will search in that order, e.g. automation_hub first, then my_org_hub, release_galaxy, andfinally test_galaxy until the collection is found. The actual Galaxy instance is then defined under the section[galaxy_server.{{ id }}] where {{ id }} is the server identifier defined in the list. This section can thendefine the following keys:

  • url: The URL of the galaxy instance to connect to, this is required.
  • token: A token key to use for authentication against the Galaxy instance, this is mutually exclusive with username
  • username: The username to use for basic authentication against the Galaxy instance, this is mutually exclusive with token
  • password: The password to use for basic authentication
  • auth_url: The URL of a Keycloak server ‘token_endpoint’ if using SSO auth (Automation Hub for ex). This is mutually exclusive with username. auth_url requires token.

As well as being defined in the ansible.cfg file, these server options can be defined as an environment variable.The environment variable is in the form ANSIBLEGALAXY_SERVER{{ id }}_{{ key }} where {{ id }} is the uppercase form of the server identifier and {{ key }} is the key to define. For example I can define token forrelease_galaxy by setting ANSIBLE_GALAXY_SERVER_RELEASE_GALAXY_TOKEN=secret_token.

For operations where only one Galaxy server is used, i.e. publish, info, login then the first entry in theserver_list is used unless an explicit server was passed in as a command line argument.

Note

Once a collection is found, any of its requirements are only searched within the same Galaxy instance as the parentcollection. The install process will not search for a collection requirement in a different Galaxy instance.

Finding roles on Galaxy

Search the Galaxy database by tags, platforms, author and multiple keywords. For example:

  1. $ ansible-galaxy search elasticsearch --author geerlingguy

The search command will return a list of the first 1000 results matching your search:

  1. Found 2 roles matching your search:
  2.  
  3. Name                              Description
  4. ----                              -----------
  5. geerlingguy.elasticsearch         Elasticsearch for Linux.
  6. geerlingguy.elasticsearch-curator Elasticsearch curator for Linux.

Get more information about a role

Use the info command to view more detail about a specific role:

  1. $ ansible-galaxy info username.role_name

This returns everything found in Galaxy for the role:

  1. Role: username.role_name
  2.     description: Installs and configures a thing, a distributed, highly available NoSQL thing.
  3.     active: True
  4.     commit: c01947b7bc89ebc0b8a2e298b87ab416aed9dd57
  5.     commit_message: Adding travis
  6.     commit_url: https://github.com/username/repo_name/commit/c01947b7bc89ebc0b8a2e298b87ab
  7.     company: My Company, Inc.
  8.     created: 2015-12-08T14:17:52.773Z
  9.     download_count: 1
  10.     forks_count: 0
  11.     github_branch:
  12.     github_repo: repo_name
  13.     github_user: username
  14.     id: 6381
  15.     is_valid: True
  16.     issue_tracker_url:
  17.     license: Apache
  18.     min_ansible_version: 1.4
  19.     modified: 2015-12-08T18:43:49.085Z
  20.     namespace: username
  21.     open_issues_count: 0
  22.     path: /Users/username/projects/roles
  23.     scm: None
  24.     src: username.repo_name
  25.     stargazers_count: 0
  26.     travis_status_url: https://travis-ci.org/username/repo_name.svg?branch=master
  27.     version:
  28.     watchers_count: 1

Installing roles from Galaxy

The ansible-galaxy command comes bundled with Ansible, and you can use it to install roles from Galaxy or directly from a git based SCM. You canalso use it to create a new role, remove roles, or perform tasks on the Galaxy website.

The command line tool by default communicates with the Galaxy website API using the server address https://galaxy.ansible.com. Since the Galaxy projectis an open source project, you may be running your own internal Galaxy server and wish to override the default server address. You can do this using the –server optionor by setting the Galaxy server value in your ansible.cfg file. For information on setting the value in ansible.cfg see GALAXY_SERVER.

Installing roles

Use the ansible-galaxy command to download roles from the Galaxy website

  1. $ ansible-galaxy install namespace.role_name

Setting where to install roles

By default, Ansible downloads roles to the first writable directory in the default list of paths ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles. This installs roles in the home directory of the user running ansible-galaxy.

You can override this with one of the following options:

  • Set the environment variable ANSIBLE_ROLES_PATH in your session.
  • Define roles_path in an ansible.cfg file.
  • Use the —roles-path option for the ansible-galaxy command.

The following provides an example of using —roles-path to install the role into the current working directory:

  1. $ ansible-galaxy install --roles-path . geerlingguy.apache

See also

Installing a specific version of a role

When the Galaxy server imports a role, it imports any git tags matching the Semantic Version format as versions. In turn, you can download a specific version of a role by specifying one of the imported tags.

To see the available versions for a role:

  • Locate the role on the Galaxy search page.
  • Click on the name to view more details, including the available versions.You can also navigate directly to the role using the /<namespace>/<role name>. For example, to view the role geerlingguy.apache, go to https://galaxy.ansible.com/geerlingguy/apache.

To install a specific version of a role from Galaxy, append a comma and the value of a GitHub release tag. For example:

  1. $ ansible-galaxy install geerlingguy.apache,v1.0.0

It is also possible to point directly to the git repository and specify a branch name or commit hash as the version. For example, the following willinstall a specific commit:

  1. $ ansible-galaxy install git+https://github.com/geerlingguy/ansible-role-apache.git,0b7cd353c0250e87a26e0499e59e7fd265cc2f25

Installing multiple roles from a file

You can install multiple roles by including the roles in a requirements.yml file. The format of the file is YAML, and thefile extension must be either .yml or .yaml.

Use the following command to install roles included in requirements.yml:

  1. $ ansible-galaxy install -r requirements.yml

Again, the extension is important. If the .yml extension is left off, the ansible-galaxy CLI assumes the file is in an older, now deprecated,“basic” format.

Each role in the file will have one or more of the following attributes:

src
The source of the role. Use the format namespace.role_name, if downloading from Galaxy; otherwise, provide a URL pointingto a repository within a git based SCM. See the examples below. This is a required attribute.
scm
Specify the SCM. As of this writing only git or hg are allowed. See the examples below. Defaults to git.
version:
The version of the role to download. Provide a release tag value, commit hash, or branch name. Defaults to the branch set as a default in the repository, otherwise defaults to the master.
name:
Download the role to a specific name. Defaults to the Galaxy name when downloading from Galaxy, otherwise it defaultsto the name of the repository.

Use the following example as a guide for specifying roles in requirements.yml:

  1. # from galaxy
  2. - src: yatesr.timezone
  3.  
  4. # from GitHub
  5. - src: https://github.com/bennojoy/nginx
  6.  
  7. # from GitHub, overriding the name and specifying a specific tag
  8. - src: https://github.com/bennojoy/nginx
  9.   version: master
  10.   name: nginx_role
  11.  
  12. # from a webserver, where the role is packaged in a tar.gz
  13. - src: https://some.webserver.example.com/files/master.tar.gz
  14.   name: http-role-gz
  15.  
  16. # from a webserver, where the role is packaged in a tar.bz2
  17. - src: https://some.webserver.example.com/files/master.tar.bz2
  18.   name: http-role-bz2
  19.  
  20. # from a webserver, where the role is packaged in a tar.xz (Python 3.x only)
  21. - src: https://some.webserver.example.com/files/master.tar.xz
  22.   name: http-role-xz
  23.  
  24. # from Bitbucket
  25. - src: git+https://bitbucket.org/willthames/git-ansible-galaxy
  26.   version: v1.4
  27.  
  28. # from Bitbucket, alternative syntax and caveats
  29. - src: https://bitbucket.org/willthames/hg-ansible-galaxy
  30.   scm: hg
  31.  
  32. # from GitLab or other git-based scm, using git+ssh
  33. - src: [email protected]:mygroup/ansible-base.git
  34.   scm: git
  35.   version: "0.1"  # quoted, so YAML doesn't parse this as a floating-point value

Installing roles and collections from the same requirements.yml file

You can install roles and collections from the same requirements files, with some caveats.

  1. ---
  2. roles:
  3.   # Install a role from Ansible Galaxy.
  4.   - src: geerlingguy.java
  5.     version: 1.9.6
  6.  
  7. collections:
  8.   # Install a collection from Ansible Galaxy.
  9.   - name: geerlingguy.php_roles
  10.     version: 0.9.3
  11.     source: https://galaxy.ansible.com

Note

While both roles and collections can be specified in one requirements file, they need to be installed separately.The ansible-galaxy role install -r requirements.yml will only install roles and ansible-galaxy collection install -r requirements.yml -p ./ will only install collections.

Installing multiple roles from multiple files

For large projects, the include directive in a requirements.yml file provides the ability to split a large file into multiple smaller files.

For example, a project may have a requirements.yml file, and a webserver.yml file.

Below are the contents of the webserver.yml file:

  1. # from github
  2. - src: https://github.com/bennojoy/nginx
  3.  
  4. # from Bitbucket
  5. - src: git+http://bitbucket.org/willthames/git-ansible-galaxy
  6.   version: v1.4

The following shows the contents of the requirements.yml file that now includes the webserver.yml file:

  1. # from galaxy
  2. - src: yatesr.timezone
  3. - include: <path_to_requirements>/webserver.yml

To install all the roles from both files, pass the root file, in this case requirements.yml on thecommand line, as follows:

  1. $ ansible-galaxy install -r requirements.yml

Dependencies

Roles can also be dependent on other roles, and when you install a role that has dependencies, those dependencies will automatically be installed.

You specify role dependencies in the meta/main.yml file by providing a list of roles. If the source of a role is Galaxy, you can simply specify the role inthe format namespace.role_name. You can also use the more complex format in requirements.yml, allowing you to provide src, scm, version, and name.

The following shows an example meta/main.yml file with dependent roles:

  1. ---
  2. dependencies:
  3.   - geerlingguy.java
  4.  
  5. galaxy_info:
  6.   author: geerlingguy
  7.   description: Elasticsearch for Linux.
  8.   company: "Midwestern Mac, LLC"
  9.   license: "license (BSD, MIT)"
  10.   min_ansible_version: 2.4
  11.   platforms:
  12.   - name: EL
  13.     versions:
  14.     - all
  15.   - name: Debian
  16.     versions:
  17.     - all
  18.   - name: Ubuntu
  19.     versions:
  20.     - all
  21.   galaxy_tags:
  22.     - web
  23.     - system
  24.     - monitoring
  25.     - logging
  26.     - lucene
  27.     - elk
  28.     - elasticsearch

Tags are inherited down the dependency chain. In order for tags to be applied to a role and all its dependencies, the tag should be applied to the role, not to all the tasks within a role.

Roles listed as dependencies are subject to conditionals and tag filtering, and may not execute fully depending onwhat tags and conditionals are applied.

If the source of a role is Galaxy, specify the role in the format namespace.role_name:

  1. dependencies:
  2.   - geerlingguy.apache
  3.   - geerlingguy.ansible

Alternately, you can specify the role dependencies in the complex form used in requirements.yml as follows:

  1. dependencies:
  2.   - src: geerlingguy.ansible
  3.   - src: git+https://github.com/geerlingguy/ansible-role-composer.git
  4.     version: 775396299f2da1f519f0d8885022ca2d6ee80ee8
  5.     name: composer

When dependencies are encountered by ansible-galaxy, it will automatically install each dependency to the roles_path. To understand how dependencies are handled during play execution, see Roles.

Note

Galaxy expects all role dependencies to exist in Galaxy, and therefore dependencies to be specified in thenamespace.role_name format. If you import a role with a dependency where the src value is a URL, the import process will fail.

List installed roles

Use list to show the name and version of each role installed in the roles_path.

  1. $ ansible-galaxy list
  2.   - ansible-network.network-engine, v2.7.2
  3.   - ansible-network.config_manager, v2.6.2
  4.   - ansible-network.cisco_nxos, v2.7.1
  5.   - ansible-network.vyos, v2.7.3
  6. - ansible-network.cisco_ios, v2.7.0

Remove an installed role

Use remove to delete a role from roles_path:

  1. $ ansible-galaxy remove namespace.role_name

See also

  • Using collections
  • Sharable collections of modules, playbooks and roles
  • Roles
  • Reusable tasks, handlers, and other files in a known directory structure