Ansible : Basic Usage2023/08/01 |
|
This is the Basic Usage of Ansible. ⇒ ansible [Target Hosts] [Option] -m [Module] -a [Arguments]
* There are many modules provided by official site and you can refer them on the it.
It's necessary to authenticate with a user on using Ansible because it uses SSH access. |
|
| [1] | For the case which SSH servers on client hosts allow direct root login, (except [PermitRootLogin no]) + key-pair authentication (non-passphrase), it's possible to use Ansible like follows. If passphrase is set in key-pair, it's possible to use it with SSH-Agent. |
|
# run [ping] module to [10.0.0.50] root@dlp:~# ansible 10.0.0.50 -m ping
10.0.0.50 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
|
| [2] |
For the case you connect to client hosts with a common user who can use privilege by [sudo].
For example, [debian] user runs Ansible.
If you'd like to use another method to use privilege except [sudo], specify the option [--become-method=xxx] (su | pbrun | pfexec | runas).Specify [-b (--become)] option to use privilege and also specify [--ask-become-pass] to input password. (if set [NOPASSWD] on [sudo] setting, [--ask-become-pass] is not needed) Also, [-k] option below means it uses SSH password authentication, not key-pair authentication. To use [-k] with password authentication, it needs to install [sshpass] package. |
|
# run command to show [/etc/shadow] to [target_servers] group debian@dlp:~$ ansible target_servers -k -m command -a "cat /etc/shadow" -b --ask-become-pass SSH password: BECOME password[defaults to SSH password]: 10.0.0.52 | CHANGED | rc=0 >> daemon:*:19103:0:99999:7::: bin:*:19103:0:99999:7::: sys:*:19103:0:99999:7::: ..... ..... 10.0.0.51 | CHANGED | rc=0 >> daemon:*:19103:0:99999:7::: bin:*:19103:0:99999:7::: sys:*:19103:0:99999:7::: ..... ..... |
| Sponsored Link |