Ansible : Basic Usage2020/03/17 |
This is the Basic Usage of Ansible.
⇒ ansible [Target Hosts] [Option] -m [Module] -a [Arguments]
* There are many modules provided by official site and you can refer them on the it.
⇒ https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
It's necessary to authenticate with a user on using Ansible beasue it uses SSH access.
Also it's possible to use Ansible with a non-proviledged user, though,
but if they would like to use privilege on clients, it's necessary to allow to use privileged commands by sudo and so on.
|
|
[1] | For the case which SSH servers on client hosts allow direct root login, (except [PermitRootLogin no]) + key-pair authentication (non-passphrase), it's possible to use Ansible like follows. If passphrase is set in key-pair, it's possible to use it with SSH-Agent. |
# run [Ping] module to [target_servers] group [root@dlp ~]# ansible target_servers -m ping 10.0.0.52 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 10.0.0.51 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } |
[2] | If you'd like to connect with password authentication, it's possible to do with [-k] option like follows. But it needs that the same password is set on all client hosts and also needs to install SSHPass on Ansible host. (generally SSHPass is installed with Ansible for dependency) |
# run [uptime] command to [target_servers] group [root@dlp ~]# ansible target_servers -k -m command -a "uptime" SSH password: 10.0.0.52 | CHANGED | rc=0 >> 19:09:23 up 25 min, 2 users, load average: 0.00, 0.00, 0.00 10.0.0.51 | CHANGED | rc=0 >> 19:09:23 up 26 min, 2 users, load average: 0.08, 0.02, 0.01 |
[3] |
For the case which you connect to client hosts with a non-privileged user but they can use privilege by [sudo].
For example, [cent] user runs Ansible.
If you'd like to use another method to use privilege except [sudo], specify the option [--become-method=xxx] (su | pbrun | pfexec | runas).
Specify [-b (--become)] option to use privilege and also specify [--ask-become-pass] to input password. (if set [NOPASSWD] on [sudo] setting, [--ask-become-pass] does not need) |
# run command to show [/etc/shadow] to [target_servers] group [cent@dlp ~]$ ansible target_servers -k -m command -a "cat /etc/shadow" -b --ask-become-pass SSH password: BECOME password[defaults to SSH password]: 10.0.0.52 | CHANGED | rc=0 >> bin:*:18078:0:99999:7::: daemon:*:18078:0:99999:7::: adm:*:18078:0:99999:7::: ..... ..... 10.0.0.51 | CHANGED | rc=0 >> bin:*:18078:0:99999:7::: daemon:*:18078:0:99999:7::: adm:*:18078:0:99999:7::: ..... ..... |
Sponsored Link |