Debian 12 bookworm
Sponsored Link

Ansible : Basic Usage2023/08/01

 

This is the Basic Usage of Ansible.

⇒ ansible [Target Hosts] [Option] -m [Module] -a [Arguments]

* There are many modules provided by official site and you can refer them on the it.
⇒ https://docs.ansible.com/ansible/latest/modules/modules_by_category.html

It's necessary to authenticate with a user on using Ansible because it uses SSH access.
Also it's possible to use Ansible with a non-privileged user, though, but if they would like to use privilege on clients, it's necessary to allow to use privileged commands by sudo and so on.

[1] For the case which SSH servers on client hosts allow direct root login, (except [PermitRootLogin no]) + key-pair authentication (non-passphrase),
it's possible to use Ansible like follows. If passphrase is set in key-pair, it's possible to use it with SSH-Agent.
# run [ping] module to [10.0.0.50]

root@dlp:~#
ansible 10.0.0.50 -m ping

10.0.0.50 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
[2]
For the case you connect to client hosts with a common user who can use privilege by [sudo].
For example, [debian] user runs Ansible.
Specify [-b (--become)] option to use privilege and also specify [--ask-become-pass] to input password.
(if set [NOPASSWD] on [sudo] setting, [--ask-become-pass] is not needed)
If you'd like to use another method to use privilege except [sudo], specify the option [--become-method=xxx] (su | pbrun | pfexec | runas).
Also, [-k] option below means it uses SSH password authentication, not key-pair authentication.
To use [-k] with password authentication, it needs to install [sshpass] package.
# run command to show [/etc/shadow] to [target_servers] group

debian@dlp:~$
ansible target_servers -k -m command -a "cat /etc/shadow" -b --ask-become-pass

SSH password:
BECOME password[defaults to SSH password]:
10.0.0.52 | CHANGED | rc=0 >>
daemon:*:19103:0:99999:7:::
bin:*:19103:0:99999:7:::
sys:*:19103:0:99999:7:::
.....
.....
10.0.0.51 | CHANGED | rc=0 >>
daemon:*:19103:0:99999:7:::
bin:*:19103:0:99999:7:::
sys:*:19103:0:99999:7:::
.....
.....
Matched Content