Contents
Ansible ships with a number of modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks. Users can also write their own modules. These modules can control system resources, like services, packages, or files (anything really), or handle executing system commands.
Let’s review how we execute three different modules from the command line:
ansible webservers -m service -a "name=httpd state=running"
ansible webservers -m ping
ansible webservers -m command -a "/sbin/reboot -t now"
Each module supports taking arguments. Nearly all modules take key=value arguments, space delimited. Some modules take no arguments, and the command/shell modules simply take the string of the command you want to run.
From playbooks, Ansible modules are executed in a very similar way:
- name: reboot the servers
action: command /sbin/reboot -t now
All modules technically return JSON format data, though if you are using the command line or playbooks, you don’t really need to know much about that. If you’re writing your own module, you care, and this means you do not have to write modules in any particular language – you get to choose.
Modules are idempotent, meaning they will seek to avoid changes to the system unless a change needs to be made. When using Ansible playbooks, these modules can trigger ‘change events’ in the form of notifying ‘handlers’ to run additional tasks.
Let’s see what’s available in the Ansible module library, out of the box:
New in version 0.7.
Manages apt repositores
| parameter | required | default | comments |
|---|---|---|---|
| repo | yes | The repository name/value | |
| state | no | present | ‘absent’ or ‘present’ |
Example action from Ansible Playbooks:
apt_repository repo=ppa:nginx/stable
apt_repository repo='deb http://archive.canonical.com/ubuntu hardy partner'
Manages apt-packages (such as for Debian/Ubuntu).
| parameter | required | default | comments |
|---|---|---|---|
| name | no | A package name or package specifier with version, like foo or foo=1.0 | |
| state | no | present | ‘absent’, ‘present’, or ‘latest’. |
| update_cache | no | no | Run the equivalent of apt-get update before the operation. Can be run as part of the package installation or a seperate step |
| purge | no | no | Will forge purge of configuration files if state is set to ‘absent’. |
| default_release | no | Corresponds to the -t option for apt and sets pin priorities | |
| install_recommends | no | yes | Corresponds to the –no-install-recommends option for apt, default behavior works as apt’s default behavior, ‘no’ does not install recommended packages. Suggested packages are never installed. |
| force | no | no | If ‘yes’, force installs/removes. |
Example action from Ansible Playbooks:
apt pkg=foo update-cache=yes
apt pkg=foo state=removed
apt pkg=foo state=installed
apt pkg=foo=1.00 state=installed
apt pkg=nginx state=latest default-release=squeeze-backports update-cache=yes
apt pkg=openjdk-6-jdk state=latest install-recommends=no
New in version 0.5.
Assembles a configuration file from fragments. Often a particular program will take a single configuration file and does not support a conf.d style structure where it is easy to build up the configuration from multiple sources. Assemble will take a directory of files that have already been transferred to the system, and concatenate them together to produce a destination file. Files are assembled in string sorting order. Puppet calls this idea “fragments”.
| parameter | required | default | comments |
|---|---|---|---|
| src | yes | An already existing directory full of source files | |
| dest | yes | A file to create using the concatenation of all of the source files | |
| backup | no | no | Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
| OTHERS | All arguments that the file module takes may also be used |
Example action from Ansible Playbooks:
assemble src=/etc/someapp/fragments dest=/etc/someapp/someapp.conf
New in version 0.5.
Adds or removes an authorized key for a user from a remote host.
| parameter | required | default | comments |
|---|---|---|---|
| user | yes | Name of the user who should have access to the remote host | |
| key | yes | the SSH public key, as a string | |
| state | no | present | whether the given key should or should not be in the file |
Example action from Ansible Playbooks:
authorized_key user=charlie key="ssh-dss ASDF1234L+8BTwaRYr/rycsBF1D8e5pTxEsXHQs4iq+mZdyWqlW++L6pMiam1A8yweP+rKtgjK2httVS6GigVsuWWfOd7/sdWippefq74nppVUELHPKkaIOjJNN1zUHFoL/YMwAAAEBALnAsQN10TNGsRDe5arBsW8cTOjqLyYBcIqgPYTZW8zENErFxt7ij3fW3Jh/sCpnmy8rkS7FyK8ULX0PEy/2yDx8/5rXgMIICbRH/XaBy9Ud5bRBFVkEDu/r+rXP33wFPHjWjwvHAtfci1NRBAudQI/98DbcGQw5HmE89CjgZRo5ktkC5yu/8agEPocVjdHyZr7PaHfxZGUDGKtGRL2QzRYukCmWo1cZbMBHcI5FzImvTHS9/8B3SATjXMPgbfBuEeBwuBK5EjL+CtHY5bWs9kmYjmeo0KfUMH8hY4MAXDoKhQ7DhBPIrcjS5jPtoGxIREZjba67r6/P2XKXaCZH6Fc= charlie@example.org 2011-01-17"
The command module takes the command name followed by a list of arguments, space delimited.
| parameter | required | default | comments |
|---|---|---|---|
| (free form) | N/A | N/A | the command module takes a free form command to run |
| creates | no | a filename, when it already exists, this step will NOT be run | |
| chdir | no | cd into this directory before running the command (0.6 and later) |
The given command will be executed on all selected nodes. It will not be processed through the shell, so variables like “$HOME” and operations like “<”, “>”, “|”, and “&” will not work. As such, all paths to commands must be fully qualified.
Note
If you want to run a command through the shell (say you are using ‘<’, ‘>’, ‘|’, etc), you actually want the ‘shell’ module instead. The ‘command’ module is much more secure as it’s not affected by the user’s environment.
Example action from Ansible Playbooks:
command /sbin/shutdown -t now
creates and chdir can be specified after the command. For instance, if you only want to run a command if a certain file does not exist, you can do the following:
command /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database
The creates= and chdir options will not be passed to the actual executable.
The copy module moves a file on the local box to remote locations. In addition to the options listed below, the arguments available to the file module can also be passed to the copy module.
| parameter | required | default | comments |
|---|---|---|---|
| src | yes | Local path to a file to copy to the remote server, can be absolute or relative. | |
| dest | yes | Remote absolute path where the file should end up | |
| backup | no | no | Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
| OTHERS | All arguments the file module takes are also supported |
Example action from Ansible Playbooks:
copy src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644
Copy a new ntp.conf file into place, backing up the original if it differs from the copied version:
copy src=/srv/myfiles/ntp.conf dest=/etc/ntp.conf owner=root group=root mode=644 backup=yes
New in version 0.7.
The easy_install module installs Python libraries.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | a Python library name | |
| virtualenv | no | an optional virtualenv directory path to install into, if the virtualenv does not exist it is created automatically |
Please note that the easy_install command can only install Python libraries. Thus this module is not able to remove libraries. It is generally recommended to use the pip module which you can first install using easy_install.
Also note that virtualenv must be installed on the remote host if the virtualenv parameter is specified.
Example action from Ansible Playbooks:
easy_install name=pip
easy_install name=flask==0.8
easy_install name=flask virtualenv=/srv/webapps/my_app/venv
Runs the discovery program ‘facter’ on the remote system, returning JSON data that can be useful for inventory purposes.
Requires that ‘facter’ and ‘ruby-json’ be installed on the remote end.
Playbooks do not actually use this module, they use the setup module behind the scenes.
Example from /usr/bin/ansible:
ansible foo.example.org -m facter
This module works like ‘copy’, but in reverse. It is used for fetching files from remote machines and storing them locally in a file tree, organized by hostname.
| parameter | required | default | comments |
|---|---|---|---|
| src | yes | The file on the remote system to fetch. This needs to be a file, not a directory. Recursive fetching may be supported in a later release. | |
| dest | yes | A directory to save the file into. For example, if the ‘dest’ directory is ‘/foo’, a src file named ‘/tmp/bar’ on host ‘host.example.com’, would be saved into ‘/foo/host.example.com/tmp/bar’ |
Example:
fetch src=/var/log/messages dest=/home/logtree
New in version 0.1.
Sets attributes of files, symlinks, and directories, or removes files/symlinks/directories. Many other modules support the same options as the file module - including copy, template, and assmeble.
| parameter | required | default | choices | comments |
| dest | True | [] | defines the file being managed, unless when used with state=link, and then sets the destination to create a symbolic link to using src | |
| state | False | file |
|
If directory, all immediate subdirectories will be created if they do not exist. If file, the file will NOT be created if it does not exist, see the copy or template module if you want that behavior. If link, the symbolic link will be created or changed. If absent, directories will be recursively deleted, and files or symlinks will be unlinked. |
| mode | False | mode the file or directory should be, such as 0644 as would be fed to chmod. English modes like g+x are not yet supported |
Example from Ansible Playbooks
file path=/etc/foo.conf owner=foo group=foo mode=0644
New in version 0.6.
Downloads files from HTTP, HTTPS, or FTP to the remote server. The remote server must have direct access to the remote resource.
| parameter | required | default | choices | comments |
| url | True | None | HTTP, HTTPS, or FTP URL | |
| dest | True | None | absolute path of where to download the file to.If dest is a directory, the basename of the file on the remote server will be used. If a directory, thirsty=yes must also be set. | |
| thirsty | False | no |
|
if yes, will download the file every time and replace the file if the contents change. if no, the file will only be downloaded if the destination does not exist. Generally should be yes only for small local files. prior to 0.6, acts if yes by default. |
| others | False | all arguments accepted by the file module also work here |
Example from Ansible Playbooks
get_url url=http://example.com/path/file.conf dest=/etc/foo.conf mode=0440
Deploys software (or files) from git checkouts.
| parameter | required | default | comments |
|---|---|---|---|
| repo | yes | git, ssh, or http protocol address of the git repo | |
| dest | yes | absolute path of where the repo should be checked out to | |
| version | no | HEAD | what version to check out – either the git SHA, the literal string ‘HEAD’, branch name, or a tag name. |
| remote | no | origin | name of the remote branch |
| force | no | yes | (new in 0.7) If yes, any modified files in the working repository will be discarded. Prior to 0.7, this was always ‘yes’ and could not be disabled. |
Example action from Ansible Playbooks:
git repo=git://foosball.example.org/path/to/repo.git dest=/srv/checkout version=release-0.22
Adds or removes groups.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the group | |
| gid | optional git to set for the group | ||
| state | present | ‘absent’ or ‘present’ | |
| system | no | if ‘yes’, indicates that the group being created is a system group. |
To control members of the group, see the users resource.
Example action from Ansible Playbooks:
group name=somegroup state=present
New in version 0.9.
Manage (add, remove, change) individual settings in an INI-style file without having to manage the file as a whole with, say, template or assemble. Adds missing sections if they don’t exist.
| parameter | required | default | choices | comments |
| option | False | None | if set (required for changing a value), this is the name of the option.May be omitted if adding/removing a whole section. | |
| others | False | all arguments accepted by the file module also work here | ||
| dest | True | None | Path to the INI-style file; this file is created if required | |
| section | True | None | Section name in INI file. This is added if state=present automatically when a single value is being set. |
|
| backup | False | False |
|
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
| value | False | None | the string value to be associated with an option. May be omitted when removing an option. |
New in version 0.7.
This module will search a file for a line, and ensure that it is present or absent. This is primarily useful when you want to change a single line in a file only. For other cases, see the copy or template modules.
| parameter | required | default | choices | comments |
| state | False | present |
|
Whether the line should be there or not. |
| name | True | The file to modify | ||
| insertafter | False | EOF |
|
Used with state=present. If specified, the line will be inserted after the specified regular expression. Two special values are available; BOF for inserting the line at the beginning of the file, and EOF for inserting the line at the end of the file. |
| regexp | True | The regular expression to look for in the file. For state=present, the pattern to replace. For state=absent, the pattern of the line to remove. | ||
| line | False | Required for state=present. The line to insert/replace into the file. Must match the value given to regexp. |
||
| backup | False | False | Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
lineinfile name=/etc/selinux/config regexp=^SELINUX= line=SELINUX=disabled
lineinfile name=/etc/sudoers state=absent regexp="^%wheel"
New in version 0.6.
The mount module controls active and configured mount points (fstab).
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | path to the mountpoint, ex: /mnt/foo | |
| src | yes | device to be mounted | |
| fstype | yes | fstype | |
| opts | no | mount options (see fstab docs) | |
| dump | no | dump (see fstab docs) | |
| passno | no | passno (see fstab docs) | |
| state | yes | ‘present’, ‘absent’, ‘mounted’, or ‘unmounted’. If mounted/unmounted, the device will be actively mounted or unmounted as well as just configured in fstab. ‘absent’, and ‘present’ only deal with fstab. |
New in version 0.6.
Add or remove MySQL databases from a remote host.
Requires the MySQLdb Python package on the remote host. For Ubuntu, this is as easy as apt-get install python-mysqldb.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the database to add or remove | |
| login_user | no | user name used to authenticate with | |
| login_password | no | password used to authenticate with | |
| login_host | no | localhost | host running the database |
| state | no | present | ‘absent’ or ‘present’ |
| collation | no | collation mode | |
| encoding | no | encoding mode |
Both ‘login_password’ and ‘login_username’ are required when you are passing credentials. If none are present, the module will attempt to read the credentials from ~/.my.cnf, and finally fall back to using the MySQL default login of ‘root’ with no password.
Example action from Ansible Playbooks:
- name: Create database
action: mysql_db db=bobdata state=present
New in version 0.6.
Adds or removes a user from a MySQL database.
Requires the MySQLdb Python package on the remote host. For Ubuntu, this is as easy as apt-get install python-mysqldb.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the user (role) to add or remove | |
| password | no | set the user’s password | |
| host | no | localhost | the ‘host’ part of the MySQL username |
| login_user | no | user name used to authenticate with | |
| login_password | no | password used to authenticate with | |
| login_host | no | localhost | host running MySQL. |
| priv | no | MySQL privileges string in the format: db.table:priv1,priv2 | |
| state | no | present | ‘absent’ or ‘present’ |
Both ‘login_password’ and ‘login_username’ are required when you are passing credentials. If none are present, the module will attempt to read the credentials from ~/.my.cnf, and finally fall back to using the MySQL default login of ‘root’ with no password.
Example privileges string format:
mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL
Example action from Ansible Playbooks:
- name: Create database user
action: mysql_user name=bob password=12345 priv=*.*:ALL state=present
- name: Ensure no user named 'sally' exists, also passing in the auth credentials.
action: mysql_user login_user=root login_password=123456 name=sally state=absent
New in version 0.7.
Perform common tasks in Nagios related to downtime and notifications.
The Nagios module has two basic functions: scheduling downtime and toggling alerts for services or hosts.
The following parameters are common to all actions in the nagios module:
| parameter | required | default | comments |
|---|---|---|---|
| action | yes | one of: ‘downtime’, ‘enable_alerts’/’disable_alerts’, or ‘silence’/’unsilence’ | |
| host | yes | host to operate on in nagios | |
| cmdfile | no | auto-detected | path to the nagios command file (FIFO pipe) |
The following parameters may be used with the downtime action:
| parameter | required | default | comments |
|---|---|---|---|
| author | no | Ansible | author to leave downtime comments as |
| minutes | no | 30 | minutes to schedule downtime for |
| services | yes | what to manage downtime/alerts for. separate multiple services with commas. service is an alias for services |
The following parameter must be used with the enable_alerts and disable_alerts actions:
| parameter | required | default | comments |
|---|---|---|---|
| services | yes | what to manage downtime/alerts for. separate multiple services with commas. service is an alias for services |
Note
The silence and unsilence actions have no additional parameters that may be used with them.
All actions require the host parameter to be given explicitly. In playbooks you can use the $inventory_hostname variable to refer to the host the playbook is currently running on.
You can specify multiple services at once by separating them with commas, .e.g., services=httpd,nfs,puppet.
When specifying what service to handle there is a special service value, host, which will handle alerts/downtime for the host itself, e.g., service=host. This keyword may not be given with other services at the same time. Handling alerts/downtime for a host does not affect alerts/downtime for any of the services running on it.
Examples from Playbooks:
---
- hosts: webservers
user: root
tasks:
- name: set 30 minutes of apache downtime
action: nagios action=downtime minutes=30 service=httpd host=$inventory_hostname
delegate_to: nagios.example.com
- name: schedule an hour of HOST downtime
action: nagios action=downtime minutes=60 service=host host=$inventory_hostname
delegate_to: nagios.example.com
# Use the default of 30 minutes
# Schedule downtime for three services at once
- name: schedule downtime for a few services
action: nagios action=downtime services=frob,foobar,qeuz host=$inventory_hostname
delegate_to: nagios.example.com
- name: enable SMART disk alerts
action: nagios action=enable_alerts service=smart host=$inventory_hostname
delegate_to: nagios.example.com
# you can disable multiple at once
- name: disable httpd alerts
action: nagios action=disable_alerts service=httpd,nfs host=$inventory_hostname
delegate_to: nagios.example.com
# host alerts must be disabled as a seperate action
- name: disable HOST alerts
action: nagios action=disable_alerts service=host host=$inventory_hostname
delegate_to: nagios.example.com
- name: silence ALL alerts
action: nagios action=silence host=$inventory_hostname
delegate_to: nagios.example.com
- name: unsilence all alerts
action: nagios action=unsilence host=$inventory_hostname
delegate_to: nagios.example.com
Troubleshooting Tips
The nagios module may not operate for you out of the box. The most likely problem is with your cmdfile permissions/paths. You will receive this error if that is the case:
{"msg": "unable to write to nagios command file", "failed": true, "cmdfile": "/var/spool/nagios/cmd/nagios.cmd"}
Steps to correct this:
Similar to the facter module, this returns JSON inventory data. Ohai data is a bit more verbose and nested than facter.
Requires that ‘ohai’ be installed on the remote end.
Playbooks should not call the ohai module, playbooks call the setup module behind the scenes instead.
Example:
ansible foo.example.org -m ohai
A trivial test module, this module always returns ‘pong’ on successful contact. It does not make sense in playbooks, but is useful from /usr/bin/ansible:
ansible webservers -m ping
New in version 0.7.
Manages Python library dependencies.
| parameter | required | default | comments |
|---|---|---|---|
| name | no | The name of a Python library to install | |
| version | no | The version number to install of the Python library specified in the ‘name’ parameter | |
| requirements | no | The path to a pip requirements file | |
| virtualenv | no | An optional path to a virtualenv directory to install into | |
| state | no | present | ‘present’, ‘absent’ or ‘latest’ |
Please note that virtualenv must be installed on the remote host if the virtualenv parameter is specified.
Examples:
pip name=flask
pip name=flask version=0.8
pip name=flask virtualenv=/srv/webapps/my_app/venv
pip requirements=/srv/webapps/my_app/src/requirements.txt
pip requirements=/srv/webapps/my_app/src/requirements.txt virtualenv=/srv/webapps/my_app/venv
New in version 0.6.
Add or remove PostgreSQL databases from a remote host.
The default authentication assumes that you are either logging in as or sudo’ing to the postgres account on the host.
This module uses psycopg2, a Python PostgreSQL database adapter. You must ensure that psycopg2 is installed on the host before using this module. If the remote host is the PostgreSQL server (which is the default case), then PostgreSQL must also be installed on the remote host. For Ubuntu-based systems, install the postgresql, libpq-dev, and python-psycopg2 packages on the remote host before using this module.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the database to add or remove | |
| login_user | no | postgres | user (role) used to authenticate with PostgreSQL |
| login_password | no | password used to authenticate with PostgreSQL | |
| login_host | no | host running PostgreSQL. Default (blank) implies localhost | |
| owner | no | name of the role to set as owner of the database | |
| state | present | ‘absent’ or ‘present’ |
Example action from Ansible Playbooks:
postgresql_db db=acme
New in version 0.6.
Add or remove PostgreSQL users (roles) from a remote host and, optionally, grant the users access to an existing database or tables.
The default authentication assumes that you are either logging in as or sudo’ing to the postgres account on the host.
This module uses psycopg2, a Python PostgreSQL database adapter. You must ensure that psycopg2 is installed on the host before using this module. If the remote host is the PostgreSQL server (which is the default case), then PostgreSQL must also be installed on the remote host. For Ubuntu-based systems, install the postgresql, libpq-dev, and python-psycopg2 packages on the remote host before using this module.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the user (role) to add or remove | |
| password | yes | set the user’s password | |
| db | no | name of database where permissions will be granted | |
| priv | no | PostgreSQL privileges string in the format: table:priv1,priv2 | |
| fail_on_user | no | yes | if yes, fail when user can’t be removed. Otherwise just log and continue |
| login_user | no | postgres | user (role) used to authenticate with PostgreSQL |
| login_password | no | password used to authenticate with PostgreSQL | |
| login_host | no | host running PostgreSQL. Default (blank) implies localhost | |
| state | present | ‘absent’ or ‘present’ |
The fundamental function of the module is to create, or delete, roles from a PostgreSQL cluster. Privilege assignment, or removal, is an optional step, which works on one database at a time. This allows for the module to be called several times in the same module to modify the permissions on different databases, or to grant permissions to already existing users.
A user cannot be removed untill all the privileges have been stripped from the user. In such situation, if the module tries to remove the user it will fail. To avoid this from happening the fail_on_user option signals the module to try to remove the user, but if not possible keep going; the module will report if changes happened and separately if the user was removed or not.
Example privileges string format:
INSERT,UPDATE/table:SELECT/anothertable:ALL
Example action from Ansible Playbooks:
- name: Create django user and grant access to database and products table
postgresql_user db=acme user=django password=ceec4eif7ya priv=CONNECT/products:ALL
- name: Remove test user privileges from acme
postgresql_user db=acme user=test priv=ALL/products:ALL state=absent fail_on_user=no
- name: Remove test user from test database and the cluster
postgresql_user db=test user=test priv=ALL state=absent
Executes a low-down and dirty SSH command, not going through the module subsystem. This is useful and should only be done in two cases. The first case is installing python-simplejson on older (Python 2.4 and before) hosts that need it as a dependency to run modules, since nearly all core modules require it. Another is speaking to any devices such as routers that do not have any Python installed. In any other case, using the shell or command module is much more appropriate. Arguments given to raw are run directly through the configured remote shell and only output is returned. There is no error detection or change handler support for this module
Example from /usr/bin/ansible to bootstrap a legacy python 2.4 host
ansible newhost.example.com -m raw -a "yum -y install python-simplejson"
Controls services on remote machines.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the service | |
| state | no | started | ‘started’, ‘stopped’, ‘reloaded’, or ‘restarted’. Started/stopped are idempotent actions that will not run commands unless neccessary. ‘restarted’ will always bounce the service, ‘reloaded’ will always reload. |
| pattern | no | (new in 0.7) if the service does not respond to the status command, name a substring to look for as would be found in the output of the ‘ps’ command as a stand-in for a status result. If the string is found, the service will be assumed to be running. | |
| enabled | no | Whether the service should start on boot. Either ‘yes’ or ‘no’. |
Example actions from Ansible Playbooks:
service name=httpd state=started
service name=httpd state=stopped
service name=httpd state=restarted
service name=httpd state=reloaded
service name=foo pattern=/usr/bin/foo state=started
New in version 0.7.
Toggles SELinux booleans.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the boolean to configure | |
| persistent | no | no | set to ‘yes’ if the boolean setting should survive a reboot |
| state | yes | desired boolean value. ‘true’ or ‘false’. |
Example from Ansible Playbooks:
seboolean name=httpd_can_network_connect state=true persistent=yes
New in version 0.7.
Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
| parameter | required | default | comments |
|---|---|---|---|
| policy | yes | name of the SELinux policy to use (example: ‘targeted’) | |
| state | yes | the SELinux mode. ‘enforcing’, ‘permissive’, or ‘disabled’ | |
| conf | no | /etc/selinux/config | path to the SELinux configuration file, if non-standard |
Example from Ansible Playbooks:
selinux policy=targeted state=enforcing
selinux policy=targeted state=disabled
This module is automatically called by playbooks to gather useful variables about remote hosts that can be used in playbooks. It can also be executed directly by /usr/bin/ansible to check what variables are available to a host. Ansible provides many facts about the system, automatically.
Obtain facts from all hosts and store them indexed by hostname at /tmp/facts.
ansible all -m setup -tree /tmp/facts
The shell module takes the command name followed by a list of arguments, space delimited. It is almost exactly like the command module but runs the command through the user’s configured shell on the remote node.
| parameter | required | default | comments |
|---|---|---|---|
| (free form) | N/A | N/A | the command module takes a free form command to run |
| creates | no | a filename, when it already exists, this step will NOT be run | |
| chdir | no | cd into this directory before running the command (0.6 and later) |
The given command will be executed on all selected nodes.
Note
If you want to execute a command securely and predicably, it may be better to use the ‘command’ module instead. Best practices when writing playbooks will follow the trend of using ‘command’ unless ‘shell’ is explicitly required. When running ad-hoc commands, use your best judgement.
Example action from a playbook:
shell somescript.sh >> somelog.txt
New in version 0.7.
Deploys a subversion repository.
| parameter | required | default | comments |
|---|---|---|---|
| repo | yes | The subversion URL to the repository. | |
| dest | yes | Absolute path where the repository should be deployed. | |
| force | no | yes | If yes, any modified files in the working repository will be discarded. If no, this module will fail if it encounters modified files. |
Example action from Ansible Playbooks:
subversion repo=svn+ssh://an.example.org/path/to/repo dest=/src/checkout
New in version 0.7.
Manage the state of a program or group of programs running via Supervisord
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | The name of the supervisord program/process to manage | |
| state | yes | ‘started’, ‘stopped’ or ‘restarted’ |
Example action from a playbook:
supervisorctl name=my_app state=started
Templates a file out to a remote server.
Templates are processed by the Jinja2 templating language - documentation on the template formatting can be found in the Template Designer Documentation
| parameter | required | default | comments |
|---|---|---|---|
| src | yes | Path of a Jinja2 formatted template on the local server. This can be a relative or absolute path. | |
| dest | yes | Location to render the template on the remote server | |
| backup | no | no | Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
| OTHERS | This module also supports all of the arguments to the file module |
Example action from a playbook:
template src=/srv/mytemplates/foo.j2 dest=/etc/foo.conf owner=foo group=foo mode=0644
Creates user accounts, manipulates existing user accounts, and removes user accounts.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the user to create, remove, or edit | |
| comment | optionally sets the description of the user | ||
| uid | optionally sets the uid of the user | ||
| group | optionally sets the user’s primary group (takes a group name) | ||
| groups | puts the user in this comma-delimited list of groups | ||
| append | no | if ‘yes’, will only add groups, not set them to just the list in ‘groups’ | |
| shell | optionally set the user’s shell | ||
| createhome | yes | unless ‘no’, a home directory will be made for the user | |
| home | sets where the user’s homedir should be, if not the default | ||
| password | optionally set the user’s password to this crypted value. See the user’s example in the github examples directory for what this looks like in a playbook | ||
| state | present | when ‘absent’, removes the user. | |
| system | no | only when initially creating, setting this to ‘yes’ makes the user a system account. This setting cannot be changed on existing users. | |
| force | no | when used with state=absent, behavior is as with userdel –force | |
| remove | no | when used with state=absent, behavior is as with userdel –remove |
Example action from Ansible Playbooks:
user name=mdehaan comment=awesome password=awWxVV.JvmdHw createhome=yes
user name=mdehaan groups=wheel,skynet
user name=mdehaan state=absent force=yes
New in version 0.7.
Waits for a given port to become accessible (or inaccessible) on a local or remote server.
This is useful for when services are not immediately available after their init scripts return – which is true of certain Java application servers. It is also useful when starting guests with the virt module and needing to pause until they are ready.
| parameter | required | default | comments |
|---|---|---|---|
| host | no | 127.0.0.1 | hostname or IP to wait for |
| timeout | no | 300 | maximum number of seconds to wait |
| delay | no | 0 | number of seconds to wait before starting to poll |
| port | yes | port to poll for openness or closedness | |
| state | no | started | either ‘started’, or ‘stopped’ depending on whether the module should poll for the port being open or closed. |
Example from Ansible Playbooks:
wait_for port=8080 delay=10
Manages virtual machines supported by libvirt. Requires that libvirt be installed on the managed machine.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | name of the guest VM being managed | |
| state | ‘running’, ‘shutdown’, ‘destroyed’, or ‘undefined’. Note that there may be some lag for state requests like ‘shutdown’ since these refer only to VM states. After starting a guest, it may not be immediately accessible. | ||
| command | in addition to state management, various non-idempotent commands are available. See examples below. |
Example action from Ansible Playbooks:
virt guest=alpha state=running
virt guest=alpha state=shutdown
virt guest=alpha state=destroyed
virt guest=alpha state=undefined
Example guest management commands from /usr/bin/ansible:
ansible host -m virt -a "guest=foo command=status"
ansible host -m virt -a "guest=foo command=pause"
ansible host -m virt -a "guest=foo command=unpause"
ansible host -m virt -a "guest=foo command=get_xml"
ansible host -m virt -a "guest=foo command=autostart"
Example host (hypervisor) management commands from /usr/bin/ansible:
ansible host -m virt -a "command=freemem"
ansible host -m virt -a "command=list_vms"
ansible host -m virt -a "command=info"
ansible host -m virt -a "command=nodeinfo"
ansible host -m virt -a "command=virttype"
Will install, upgrade, remove, and list packages with the yum package manager.
| parameter | required | default | comments |
|---|---|---|---|
| name | yes | package name, or package specifier with version, like ‘name-1.0’ | |
| state | present | ‘present’, ‘latest’, or ‘absent’. | |
| list | various non-idempotent commands for usage with /usr/bin/ansible and not playbooks. See examples below. |
Example action from Ansible Playbooks:
yum name=httpd state=latest
yum name=httpd state=removed
yum name=httpd state=installed
In addition to the following built-in modules, community modules are available at Ansible Resources.
See Module Development.
See also