In this post, we will learn how to run a single Ansible automation task using an ad hoc command and explain some use cases for ad hoc commands.
Running ad hoc Commands with Ansible
An ad hoc command is a way of executing a single Ansible task quickly, one that you do not need to save to run again later. They are simple, online operations that can be run without writing a playbook. Ad hoc commands are useful for quick tests and changes. For example, you can use an ad hoc command to make sure that a certain line exists in the /etc/hosts file on a group of servers. You could use another ad hoc command to efficiently restart a service on many different machines or to ensure that a particular software package is up-to-date.
Ad hoc commands are very useful for quickly performing simple tasks with Ansible. They do have their limits, and in general, you will want to use Ansible Playbooks to realize the full power of Ansible. In many situations, however, ad hoc commands are exactly the tool you need to perform simple tasks quickly.
Running Ad Hoc Commands
Use the ansible command to run ad hoc commands:
# ansible host-pattern -m module [-a 'module arguments'] [-i inventory]
The host-pattern argument is used to specify the managed hosts on which the ad hoc command should be run. It could be a specific managed host or host group in the inventory. You have already seen this used in conjunction with the –list-hosts option, which shows you which hosts are matched by a particular host pattern. You have also already seen that you can use the -i option to specify a different inventory location to use than the default in the current Ansible configuration file.
The -m option takes as an argument the name of the module that Ansible should run on the targeted hosts. Modules are small programs that are executed to implement your task. Some modules need no additional information, but others need additional arguments to specify the details of their operation. The -a option takes a list of those arguments as a quoted string.
One of the simplest ad hoc commands uses the ping module. This module does not do an ICMP ping, but checks to see if you can run Python-based modules on managed hosts. For example, the following ad hoc command determines whether all managed hosts in the inventory can run standard modules:
[user@controlnode ~]$ ansible all -m ping servera.lab.example.com | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
Performing Tasks with Modules Using Ad Hoc Commands
Modules are the tools that ad hoc commands use to accomplish tasks. Ansible provides hundreds of modules that do different things. You can usually find a tested, special-purpose module that does what you need as part of the standard installation. The ansible-doc -l command lists all modules installed on a system. You can use ansible- doc to view the documentation of particular modules by name, and find information about what arguments the modules take as options. For example, the following command displays documentation for the ping module:
[user@controlnode ~]$ ansible-doc ping > PING (/usr/lib/python3.6/site-packages/ansible/modules/system/ping.py) A trivial test module, this module always returns `pong' on successful contact. It does not make sense in playbooks, but it is useful from `/usr/bin/ ansible' to verify the ability to login and that a usable Python is configured. This is NOT ICMP ping, this is just a trivial test module that requires Python on the remote-node. For Windows targets, use the [win_ping] module instead. For Network targets, use the [net_ping] module instead. * This module is maintained by The Ansible Core Team OPTIONS (= is mandatory): - data Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception. [Default: pong] type: str SEE ALSO: * Module net_ping The official documentation on the net_ping module. https://docs.ansible.com/ansible/latest/modules/net_ping_module.html * Module win_ping The official documentation on the win_ping module. https://docs.ansible.com/ansible/latest/modules/win_ping_module.html AUTHOR: Ansible Core Team, Michael DeHaan METADATA: status: - stableinterface supported_by: core EXAMPLES: # Test we can logon to 'webservers' and execute python with json lib. # ansible webservers -m ping # Example from an Ansible Playbook - ping: # Induce an exception to see what happens - ping: data: crash RETURN VALUES: ping: description: value provided with the data parameter returned: success type: str sample: pong
The following is a list of useful modules as examples. Many others exist.
Files modules
- copy: Copy a local file to the managed host.
- file: Set permissions and other properties of files.
- lineinfile: Ensure a particular line is or is not in a file.
- synchronize: Synchronize content using rsync.
Software package modules
- package: Manage packages using autodetected package manager native to the operating system.
- yum: Manage packages using the YUM package manager.
- apt: Manage packages using the APT package manager.
- dnf: Manage packages using the DNF package manager.
- gem: Manage Ruby gems.
- pip: Manage Python packages from PyPI.
System modules
- firewalld: Manage arbitrary ports and services using firewalld.
- reboot: Reboot a machine.
- service: Manage services.
- user: Add, remove, and manage user accounts.
Net Tools modules
nmcli: Manage networking.
Most modules take arguments. You can find the list of arguments available for a module in the module’s documentation. Ad hoc commands pass arguments to modules using the -a option. When no argument is needed, omit the -a option from the ad hoc command. If multiple arguments need to be specified, supply them as a quoted space-separated list. For example, the following ad hoc command uses the user module to ensure that the newbie user exists and has UID 4000 on servera.lab.example.com:
[user@controlnode ~]$ ansible -m user -a 'name=newbie uid=4000 state=present' servera.lab.example.com servera.lab.example.com | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "comment": "", "createhome": true, "group": 4000, "home": "/home/newbie", "name": "newbie", "shell": "/bin/bash", "state": "present", "system": false, "uid": 4000 }
Most modules are idempotent, which means that they can be run safely multiple times, and if the system is already in the correct state, they do nothing. For example, if you run the previous ad hoc command again, it should report no change:
[user@controlnode ~]$ ansible -m user -a 'name=newbie uid=4000 state=present' servera.lab.example.com servera.lab.example.com | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "append": false, "changed": false "comment": "", "group": 4000, "home": "/home/newbie", "move_home": false, "name": "newbie", "shell": "/bin/bash", "state": "present", "uid": 4000 }
Running Arbitrary Commands on Managed Hosts
The command module allows administrators to run arbitrary commands on the command line of managed hosts. The command to be run is specified as an argument to the module using the -a option. For example, the following command runs the hostname command on the managed hosts referenced by the mymanagedhosts host pattern.
[user@controlnode ~]$ ansible mymanagedhosts -m command -a /usr/bin/hostname host1.lab.example.com | CHANGED | rc=0 >> host1.lab.example.com host2.lab.example.com | CHANGED | rc=0 >> host2.lab.example.com
The previous ad hoc command example returned two lines of output for each managed host. The first line is a status report, showing the name of the managed host that the ad hoc operation ran on, as well as the outcome of the operation. The second line is the output of the command executed remotely using the Ansible command module.
For better readability and parsing of ad hoc command output, administrators might find it useful to have a single line of output for each operation performed on a managed host. Use the -o option to display the output of Ansible ad hoc commands in a single line format.
[user@controlnode ~]$ ansible mymanagedhosts -m command -a /usr/bin/hostname -o host1.lab.example.com | CHANGED | rc=0 >> (stdout) host1.lab.example.com host2.lab.example.com | CHANGED | rc=0 >> (stdout) host2.lab.example.com
The command module allows administrators to quickly execute remote commands on managed hosts. These commands are not processed by the shell on the managed hosts. As such, they cannot access shell environment variables or perform shell operations, such as redirection and piping.
For situations where commands require shell processing, administrators can use the shell module. Like the command module, you pass the commands to be executed as arguments to the module in an ad hoc command. Ansible then executes the command remotely on the managed hosts. Unlike the command module, the commands are processed through a shell on the managed hosts. Therefore, shell environment variables are accessible and shell operations such as redirection and piping are also available for use.
The following example illustrates the difference between the command and shell modules. If you try to execute the built-in Bash command set with these two modules, it only succeeds with the shell module.
[user@controlnode ~]$ ansible localhost -m command -a set localhost | FAILED | rc=2 >> [Errno 2] No such file or directory [user@controlnode ~]$ ansible localhost -m shell -a set localhost | CHANGED | rc=0 >> BASH=/bin/sh BASHOPTS=cmdhist:extquote:force_fignore:hostcomplete:interact ive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=()
Both command and shell modules require a working Python installation on the managed host. A third module, raw, can run commands directly using the remote shell, bypassing the module subsystem. This is useful when managing systems that cannot have Python installed (for example, a network router). It can also be used to install Python on a host.
Configuring Connections for Ad Hoc Commands
The directives for managed host connections and privilege escalation can be configured in the Ansible configuration file, and they can also be defined using options in ad hoc commands. When defined using options in ad hoc commands, they take precedence over the directive configured in the Ansible configuration file. The following table shows the analogous command-line options for each configuration file directive.
CONFIGURATION FILE DIRECTIVES | COMMAND-LINE OPTION |
---|---|
inventory | -i |
remote_user | -u |
become | –become, -b |
become_method | –become-method |
become_user | –become-user |
become_ask_pass | –ask-become-pass, -K |
Before configuring these directives using command-line options, their currently defined values can be determined by consulting the output of ansible –help.
[user@controlnode ~]$ ansible --help ...output omitted... -b, --become run operations with become (nopasswd implied) --become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | runas | doas ] --become-user=BECOME_USER ...output omitted... -u REMOTE_USER, --user=REMOTE_USER connect as this user (default=None)