Ansible : Basic Usage
2015/04/15 |
This is the Basic Usage of Ansible.
⇒ ansible [Target Hosts] [Option] -m [Module] -a [Arguments]
* There are many modules provided by official site of Ansible and you can refer them on the site below.
⇒ http://docs.ansible.com/modules_by_category.html
It's necessary to authenticate with a user on using Ansible beasue it uses SSH access.
Also it's possible to use Ansible with a non-proviledged user, though, but if they would like to use priviledge on clients,
it's necessary to allow to use priviledged commands by sudo and so on.
|
|
[1] | For the case which SSH servers on clients allow direct root login, (except "PermitRootLogin no") + key-pair authentication (non-passphrase), it's possible to use Ansible like follows. If passphrase is set in key-pair, it's possible to use it after starting SSH-Agent. |
# execute Ping to "target_servers" group [root@dlp ~]# ansible target_servers -m ping 10.0.0.52 | success >> { "changed": false, "ping": "pong" } 10.0.0.51 | success >> { "changed": false, "ping": "pong" } |
[2] | If you'd like to connect with password authentication, it's possible to do with "k" option like follows. But it needs that the same password is set on all clients and also needs to install SSHPass. |
# execute uptime command to "target_servers" group [root@dlp ~]# ansible target_servers -k -m command -a "uptime" SSH password: 10.0.0.51 | success | rc=0 >> 16:18:54 up 52 min, 1 user, load average: 0.08, 0.02, 0.01 10.0.0.52 | success | rc=0 >> 16:18:54 up 51 min, 1 user, load average: 0.00, 0.00, 0.00 |
[3] |
For the case which you connect to clients with a non-priviledged user
but they can use priviledge by sudo.
If you'd like to use another user's priviledge except root, specify the option "--become-user=xxx".If you'd like to use another way to use priviledge except sudo (su | pbrun | pfexec | runas), specify the option "--become-method=xxx". |
# execute "cat /etc/shadow" to "target_servers" group [cent@dlp ~]$ ansible target_servers -k -m command -a "cat /etc/shadow" -b --ask-become-pass SSH password: SUDO password[defaults to SSH password]: 10.0.0.51 | success | rc=0 >> root:$6$xxxxxxxxxx:15441:0:99999:7::: bin:*:15240:0:99999:7::: daemon:*:15240:0:99999:7::: ..... ..... 10.0.0.52 | success | rc=0 >> root:$6$xxxxxxxxxx:15441:0:99999:7::: bin:*:15240:0:99999:7::: daemon:*:15240:0:99999:7::: ..... ..... |