How to skip role when host is unreachable?

Question

I have disable_root role, which creates admin user and disables root user from connecting to server via ssh. When I rerun playbook with this role for second time I get unreachable error (which is ok, as I just disabled it).

I'd like to skip this role in such case and continue with other roles (which would run as a admin user). How can I do this?

This is my playbook (disbale_root uses ansible_user: root var)

- hosts: webservers
  roles:
    - disable_root
    - common
    - nginx

Answer 1

One playbook shall connect to the remote host as root, if necessary, or as admin if this user has already been created. This can be done with remote_user (see Ansible remote_user vs ansible_user ).

Let's create the playbook to disable root and enable admin

> cat play-disable-root.yml
- hosts: webservers
  remote_user: 'root'
  tasks:
    - include_role:
        name: disable_root
      when: play_disable_root|default(false)

In the first play import this playbook if admin can't connect to the remote host

- hosts: webservers
  remote_user: 'admin'
  tasks:
    - delegate_to: localhost
      command: ping -c1 "{{ inventory_hostname }}"
      register: result
      ignore_errors: true
    - set_fact:
        play_disable_root: true
      when: result.rc != 0

- import_playbook: play-disable-root.yml

in the second play proceed with remaining roles

- hosts: webservers
  remote_user: 'admin'
  roles:
    - common
    - nginx

Both first and second play may be put into one playbook.

(code not tested)

Updates:

• it's not possible to conditionally import playbooks