Master the Power of Ansible Ad Hoc Commands [Tutorial]


Ansible Tutorial

Introduction

Ansible, a powerful automation tool, provides two primary ways to perform tasks on remote machines: playbooks and ad-hoc commands. This article focuses on the latter.

1. Definition and Purpose

Ansible ad-hoc commands are simple, one-liners that allow administrators and developers to perform tasks on remote servers without writing an entire playbook. Think of them as the quick and nimble counterpart to playbooks. Where playbooks are a comprehensive script of automation instructions, ansible ad hoc commands are on-the-fly, direct, and immediate.

2. When and Why to Use Them Over Playbooks

While playbooks are great for structured, repeatable tasks, there are instances where you might need to perform an action only once or infrequently. In such scenarios, writing an entire playbook might be overkill. That's where ansible ad hoc commands come into play. These commands are perfect for tasks like quickly restarting a service, creating a user, or fetching system information from a set of servers.

 

Structure of Ansible Ad Hoc Commands

One of the strengths of ansible ad hoc commands is their simplicity, but understanding their structure is crucial for effective usage. Delving into the architecture of these commands can help users maximize their utility.

1. General Syntax

The general syntax for ansible ad hoc commands follows a clear pattern:

ansible [host-pattern] -m [module] -a "[module arguments]"

Here:

  • host-pattern determines which hosts from your inventory the command will target.
  • -m specifies the module you'd like to use.
  • -a allows you to define arguments for the chosen module.

This pattern remains consistent, making ansible ad hoc commands predictable and straightforward once you get the hang of them.

2. Host Specification

Choosing the right hosts is a cornerstone of executing ansible ad hoc commands. The host-pattern can be a single host, a group from your Ansible inventory, or even a wildcard pattern that matches multiple hosts. This flexibility ensures you can target precisely the servers you need, whether it's one, a subset, or all.

3. Module Selection and Arguments

Ansible modules are like tools in a toolbox, each designed for specific tasks. When using ansible ad hoc commands, the -m option allows you to pick the right tool for the job. Accompanying the module, the -a option lets you provide any necessary arguments to the module, effectively guiding how the task should be performed.

For instance, to copy a file using the copy module, you'd structure the command like:

ansible target-hosts -m copy -a "src=/local/path dest=/remote/path"

 

Essential Options and Arguments

Ansible ad hoc commands supports numerous set of options which offer flexibility and power, allowing users to tailor their commands to various scenarios. Let's explore these essential options, supported with practical examples.

1. Selecting Modules with -m

This option specifies which Ansible module you want to use.

ansible all -m ping

This command uses the ping module to check if all hosts are reachable.

2. Providing Module Arguments using -a

Using the -a option, you can provide arguments to the chosen module.

ansible webservers -m command -a "uptime"

Here, we're asking the webservers group to execute the uptime command.

3. Setting User Context with -u

To run ansible ad hoc commands as a specific user, use the -u option.

ansible all -m ping -u admin

This pings all hosts using the admin user credentials.

4. Gaining Elevated Privileges with -b and --become

For tasks that require elevated privileges, -b or --become come in handy.

ansible all -m apt -a "name=nginx state=present" -b

This installs nginx on all hosts, using elevated permissions.

5. Defining the Battlefield: The -i Inventory Option

By default, Ansible uses the inventory file at /etc/ansible/hosts. The -i option lets you specify a different inventory.

ansible all -i /path/to/custom/inventory -m ping

6. Setting Parallel Task Execution using -f

The -f option determines how many hosts Ansible should manage simultaneously.

ansible all -m ping -f 10

This command pings hosts in batches of 10 at a time.

7. Limiting Host Targets using --limit

To target a subset of hosts in your inventory, use the --limit option.

ansible all -m ping --limit "webservers:&staging"

This pings only the hosts that belong to both webservers and staging groups.

 

Common Ansible Modules Used

One of the primary strengths of ansible ad hoc commands is the vast array of modules available, tailored for specific operations. While playbooks offer structured automation, sometimes you need a swift, one-time action, and that's where these modules shine. Here's a dive into some of the most commonly used modules with ad hoc commands.

1. command and shell modules: Running raw commands

These are the go-to modules for running commands directly on targets.

ansible all -m command -a "df -h"

This returns disk usage across all hosts.

2. copy: Transferring files

The copy module is perfect for pushing files from the control machine to your targets.

ansible webservers -m copy -a "src=/local/file.conf dest=/remote/path/file.conf"

This copies a configuration file to the specified remote path on all webservers.

3. file: File management tasks (creating directories, setting permissions, etc.)

The file module is versatile for various file system tasks.

ansible all -m file -a "path=/path/to/directory state=directory mode=0755"

This creates a directory with the given permissions.

4. yum or apt: Package management

Depending on your OS, yum (RedHat/CentOS) or apt (Debian/Ubuntu) modules are essential for package operations.

ansible all -m apt -a "name=nginx state=present"

This ensures nginx is installed on all Debian/Ubuntu hosts.

5. service: Managing services

The service module lets you control system services.

ansible all -m service -a "name=nginx state=restarted"

This restarts the nginx service across all hosts.

6. user and group: User and group management

For user and group operations, these modules come in handy.

ansible all -m user -a "name=john state=present"

This ensures the user "john" exists on all hosts.

 

Practical Examples

Let's explore some of the common real-world scenarios where these commands come to the rescue.

1. Gathering Information (using setup module)

Before making changes to your hosts, it's often useful to gather data about them. The setup module in ansible ad hoc commands does precisely that, fetching system information.

ansible all -m setup

This provides detailed facts about all hosts, from network interfaces to OS details. It's an essential command for auditing and understanding your infrastructure.

2. File and Directory Operations

Whether it's creating directories, modifying permissions, or transferring files, ansible ad hoc commands simplify these operations.

ansible webserver -m file -a "path=/var/www/html state=directory mode=0755"

This ensures that the specified directory exists with the right permissions on the 'webserver' host group.

3. System Administration Tasks (restarting services, installing packages, etc.)

Every sysadmin knows the routine tasks - restarting services, updating packages, and more. With ansible ad hoc commands, these tasks become straightforward.

ansible all -m service -a "name=nginx state=restarted"

Example for installing a package:

ansible all -m apt -a "name=git state=present"

These commands ensure that the nginx service is restarted and the git package is installed on all applicable hosts, respectively.

4. User Management Operations

Managing users – from adding to setting permissions – can be a breeze with ansible ad hoc commands.

ansible all -m user -a "name=john password={{ 'mypassword' | password_hash('sha512') }} state=present"

This command ensures that the user 'john' exists on all hosts with the specified password.

 

Tips and Tricks

As with any tool, the depth of your knowledge and your skill in wielding it directly affects the results you achieve. Ansible ad hoc commands are no different. Here are some advanced tips and tricks to refine your Ansible game.

1. Using Patterns in Host Selection

Instead of specifying individual hosts or broad groups, you can use patterns to select a subset of hosts dynamically. This is particularly useful when working with large inventories.

ansible 'webserver*'-m ping

This pings all hosts with names starting with 'webserver'. It showcases the flexibility of ansible ad hoc commands in targeting hosts.

2. Combining Modules in One Command

While ad hoc commands typically execute a single action, in some cases, you might need to combine multiple modules. One way to achieve this is by chaining commands using shell logic.

ansible all -m shell -a 'apt update && apt upgrade -y'

Here, we're using the shell module to first update the repository information and then upgrade packages. It demonstrates the versatility of ansible ad hoc commands.

3. Getting Detailed Command Output with -v, -vv, or -vvv

By default, Ansible provides minimal feedback. However, when troubleshooting or when you need more detailed information about what's happening, the verbosity options can be invaluable.

  • -v: Provides a bit more information
  • -vv: Gives detailed output
  • -vvv: Offers even more granular details, including SSH debugging info
ansible all -m ping -vv

This will return a detailed output of the ping module execution across all hosts, making it easier to understand the under-the-hood workings of ansible ad hoc commands.

 

Limitations of Ad-Hoc Commands

Every tool has its strengths and limitations. While ansible ad hoc commands are incredibly powerful for on-the-fly tasks and quick automations, they have their boundaries. Understanding these helps in determining when it's more appropriate to opt for structured playbooks.

What They Are Not Designed To Do:

  • Complex Workflows: Ansible ad hoc commands are primarily designed for singular tasks. When you have a series of interdependent tasks or complex workflows, ad hoc commands might not be the best choice.
  • State Persistence: One of the core strengths of Ansible playbooks is maintaining desired states. Ansible ad hoc commands, being more transient, are not optimized for maintaining long-term desired states.
  • Reuse and Sharing: While you can reuse an ad hoc command by rerunning it, they aren't structured for sharing like playbooks. If you find yourself repeatedly using the same ad hoc command or needing to share it with a team, it might be time to encapsulate it in a playbook.
  • Detailed Error Handling: Playbooks allow for complex error handling and recovery strategies. With ansible ad hoc commands, while you do get error feedback, creating layered error handling strategies isn't feasible.

When It's Better to Switch to a Playbook:

  • Multiple Tasks in Sequence: If you're running several ansible ad hoc commands in a particular order, it's a clear sign that a playbook might serve you better.
  • Repeat Operations: For tasks you find yourself running frequently, creating a playbook ensures consistency and is easier for scheduling and automation.
  • Collaborative Work: Playbooks, being more descriptive and structured, are easier to share, version control, and collaborate on with a team, compared to ansible ad hoc commands.
  • In-depth Reporting: For tasks that require detailed reporting, logging, or audit trails, playbooks offer a more structured approach.

 

Advanced Usage

The basic tenets of ansible ad hoc commands are straightforward, but for those who wish to delve deeper, there's a world of advanced features awaiting. Exploring these facets can vastly enhance the efficiency and capabilities of your Ansible operations.

Executing Commands Based on Conditional Facts

With ansible ad hoc commands, you can execute actions based on specific conditions or facts about the target system. This is especially useful when handling diverse infrastructures with varying configurations.

ansible all -m setup -a 'filter=ansible_distribution' --limit 'all:!ubuntu'

This gathers distribution facts but excludes hosts identified as Ubuntu.

Using Variables in Ad-Hoc Commands

Variables can be used within ansible ad hoc commands to make them more dynamic and adaptable.

ansible all -m command -a "echo {{ ansible_hostname }}"

Here, we're echoing the hostname of each system, utilizing the ansible_hostname variable.

Dealing with Errors and Failures

It's crucial to handle errors gracefully, especially when making critical changes. ansible ad hoc commands can be structured to deal with potential failures more elegantly.

ansible all -m command -a "reboot" --become --forks=10 || echo "Failed hosts: $?"

This command attempts to reboot hosts (using privilege escalation), and if there's a failure, it echoes the hosts where the reboot failed.

 

Considering Security

In the realm of automation, especially in an infrastructure context, security is paramount. When using ansible ad hoc commands, it's essential to be aware of how to execute tasks securely and understand the implications of various actions.

Using --ask-pass or --ask-become-pass for Prompting Passwords

Instead of embedding passwords or relying solely on SSH keys, you can prompt the user for passwords, ensuring that sensitive credentials aren't stored in command histories or scripts.

ansible all -m ping --ask-pass

This prompts the user for the SSH password before executing the ping command. Similarly, for privilege escalation:

ansible all -m command -a "reboot" --become --ask-become-pass

Here, ansible ad hoc commands prompt for the escalation password before attempting to reboot the hosts.

When commands are run as different users, it can sometimes be challenging to trace back actions to the originating user. It's vital to have logging mechanisms in place for accountability.

ansible all -m command -a "touch /etc/testfile" --become -u root

In this ansible ad hoc command, the action is executed as the root user on all hosts, creating a file in /etc/. Such actions, while powerful, should be used judiciously due to the potential system-wide implications.

 

Wrapping Up

As we journey through the intricacies of Ansible's capabilities, the fundamental takeaway is the sheer power and adaptability that ansible ad hoc commands bring to the table. These commands are not just tools; they are conduits that bridge human intent with machine execution in real-time, offering a level of immediacy rarely found in other automation frameworks.

Key takeaways

  • Swift Actions: In situations where time is of the essence, ansible ad hoc commands provide a rapid response mechanism. Whether it's troubleshooting a system or quickly deploying a fix, their immediacy is unmatched.
  • Learning Platform: For beginners in Ansible, ad-hoc commands are a fantastic entry point. They provide a hands-on approach to understanding modules, interactions, and results without the overhead of playbook structures.
  • Bridging Gaps: While playbooks are the backbone of structured automation in Ansible, ad-hoc commands fill the gaps for one-off tasks, quick checks, and exploratory operations.

 

Further Reading

While this article offers a comprehensive overview, the world of Ansible is vast and ever-evolving. For those eager to delve deeper, official documentation and resources are invaluable. Here are some official links to set you on your path:

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

9 thoughts on “Master the Power of Ansible Ad Hoc Commands [Tutorial]”

  1. I am sending you again where the problem occurred

    ansible all -m copy -a "src ~/cp_file1.txt dest=/home/ansible"

    ERROR! this task ‘copy’ has extra params, which is only allowed in the following modules: add_host, win_shell, include_vars, set_fact, include_tasks, include, shell, group_by, command, raw, script, import_role, win_command, import_tasks, include_role, meta

    Reply
    • There was a single comment for moderation, I am afraid I still can’t find any example with copy module where “=” (equal to) sign is missing.

      Reply

Leave a Comment