Ansible : Basic Usage2022/09/27 |
This is the Basic Usage of Ansible.
⇒ ansible [Target Hosts] [Option] -m [Module] -a [Arguments]
* There are many modules provided by official site and you can refer them on the it.
⇒ https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
It's necessary to authenticate with a user on using Ansible because it uses SSH access.
Also it's possible to use Ansible with a non-privileged user, though, but if they would like to use privilege on clients, it's necessary to allow to use privileged commands by sudo and so on. |
|
[1] | For the case which SSH servers on client hosts allow direct root login, (except [PermitRootLogin no]) + key-pair authentication (non-passphrase), it's possible to use Ansible like follows. If passphrase is set in key-pair, it's possible to use it with SSH-Agent. |
# run [ping] module to [10.0.0.50] root@dlp:~# ansible 10.0.0.50 -m ping 10.0.0.50 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } |
[2] |
For the case you connect to client hosts with a common user who can use privilege by [sudo].
For example, [ubuntu] user runs Ansible.
If you'd like to use another method to use privilege except [sudo], specify the option [--become-method=xxx] (su | pbrun | pfexec | runas).Specify [-b (--become)] option to use privilege and also specify [--ask-become-pass] to input password. (if set [NOPASSWD] on [sudo] setting, [--ask-become-pass] is not needed) Also, [-k] option below means it uses SSH password authentication, not key-pair authentication. To use [-k] with password authentication, it needs to install [sshpass] package. |
# run command to show [/etc/shadow] to [target_servers] group ubuntu@dlp:~$ ansible target_servers -k -m command -a "cat /etc/shadow" -b --ask-become-pass SSH password: BECOME password[defaults to SSH password]: 10.0.0.52 | CHANGED | rc=0 >> daemon:*:19103:0:99999:7::: bin:*:19103:0:99999:7::: sys:*:19103:0:99999:7::: ..... ..... 10.0.0.51 | CHANGED | rc=0 >> daemon:*:19103:0:99999:7::: bin:*:19103:0:99999:7::: sys:*:19103:0:99999:7::: ..... ..... |
Sponsored Link |