Ansible : Ad Hoc Commands
This article demonstrates how to run ad hoc commands using Ansible.
oracle miscconfigurationintermediate
by OracleDba
14 views
📋Steps in this guide1/6
1
Packages
We install the "nginx" package on all the hosts in the "appservers" group using the "dnf" module. On a previous release we would use the "yum" module. In the arguments we include the name of the package and the state we want. For an install the state is "present" or "latest". Notice we have used the flag, which tells Ansible it needs to run the command as the root user. On these VMs our user can without a password, but if it required a password we could include the flag, and we would be prompted for the password for the privilege escalation.
We update an existing package using the state "latest". As mentioned before, this will install the package if it is not already installed.
We remove a package using the state "absent".
We update all the packages on the server using a wildcard name and the state of "latest".
Code/Command (click line numbers to comment):
1234567
$ ansible appservers -m dnf -a "name=nginx state=present" --become
$ ansible appservers -m dnf -a "name=nginx state=latest" --become
$ ansible appservers -m dnf -a "name=nginx state=absent" --become
$ ansible appservers -m dnf -a "name=* state=latest" --become2
Files
We create a file on the local server.
We copy the file to all the hosts in the "appservers" group. This is like using SCP to copy the file.
We change the permissions and ownership on the remote files. Notice we use , to elevate the privileges.
We remove the file from the remote servers. Since the file is now owned by root, we need to use elevated privileges.
Code/Command (click line numbers to comment):
1234567
$ touch /tmp/my-file.txt
$ ansible appservers -m copy -a "src=/tmp/my-file.txt dest=/tmp/my-file.txt"
$ ansible appservers -m file -a "dest=/tmp/my-file.txt mode=777 owner=root group=root" --become
$ ansible appservers -m file -a "dest=/tmp/my-file.txt state=absent" --become3
Users and Groups
All the actions require elevated privileges, so the commands include the flag.
Create some groups on all database hosts using the "group" module.
Create a user, who is part of those groups on all database hosts, using the "user" module. Using the password of "*" means it's a disabled account.
Remove the user.
Remove the groups.
Code/Command (click line numbers to comment):
1234567891011
$ ansible databases -m group -a "name=oinstall gid=54321" --become
$ ansible databases -m group -a "name=dba gid=54322" --become
$ ansible databases -m group -a "name=oper gid=54323" --become
$ ansible databases -m user -a "name=oracle password='*' uid=54321 groups='oinstall,dba,oper'" --become
$ ansible databases -m user -a "name=oracle state=absent" --become
$ ansible databases -m group -a "name=oinstall state=absent" --become
$ ansible databases -m group -a "name=dba state=absent" --become
$ ansible databases -m group -a "name=oper state=absent" --become4
Services
We install NGINX on all hosts in the "appservers" group using the "dnf" module.
We start, restart and stop NGINX on all hosts in the "appservers" group using the "service" module.
We remove NGINX from hosts in the "appservers" group.
Code/Command (click line numbers to comment):
1234567
$ ansible appservers -m dnf -a "name=nginx state=present" --become
$ ansible appservers -m service -a "name=nginx state=started" --become
$ ansible appservers -m service -a "name=nginx state=restarted" --become
$ ansible appservers -m service -a "name=nginx state=stopped" --become
$ ansible appservers -m dnf -a "name=nginx state=absent" --become5
Reboot Servers
Servers can be rebooted using using the "reboot" command with the default command module. This will typically return an error, as the host is no longer available for SSH, but the servers are rebooted as requested.
When these commands are run as part of a playbook they can be made to tolerate the outage.
Code/Command (click line numbers to comment):
1234
$ ansible databases -a "/sbin/reboot" --become
database1.localdomain | FAILED | rc=-1 >>
Failed to connect to the host via ssh: ssh: connect to host database1.localdomain port 22: Connection refused
$6
What Next
There are lots of modules, and we can use the default command module to run any Linux command, so we are really not limited by what operations we can perform. There is an index of modules here.
- Index of all Modules
In many cases we should avoid ad hoc commands and write playbooks to hold the configuration of servers, which can be checked into version control.
For more information see:
- Introduction to ad hoc commands
- Index of all Modules
- Ansible : First Steps
- Ansible : All Articles
Hope this helps. Regards Tim...
Comments (0)
Please to add comments
No comments yet. Be the first to comment!