ansible-pull − pulls playbooks from a VCS repo and executes them on target host
usage:
ansible−pull [−h] [−−version]
[−v] [−−private−key
PRIVATE_KEY_FILE]
[−u REMOTE_USER] [−c CONNECTION] [−T TIMEOUT] [−−ssh−common−args SSH_COMMON_ARGS] [−−sftp−extra−args SFTP_EXTRA_ARGS] [−−scp−extra−args SCP_EXTRA_ARGS] [−−ssh−extra−args SSH_EXTRA_ARGS] [−k | −−connection−password−file CONNECTION_PASSWORD_FILE] [−−vault−id VAULT_IDS] [−J | −−vault−password−file VAULT_PASSWORD_FILES] [−e EXTRA_VARS] [−t TAGS] [−−skip−tags SKIP_TAGS] [−i INVENTORY] [−−list−hosts] [−l SUBSET] [−M MODULE_PATH] [−K | −−become−password−file BECOME_PASSWORD_FILE] [−−purge] [−o] [−s SLEEP] [−f] [−d DEST] [−U URL] [−−full] [−C CHECKOUT] [−−accept−host−key] [−m MODULE_NAME] [−−verify−commit] [−−clean] [−−track−subs] [−−check] [−−diff] [playbook.yml ...]
Used to pull a remote copy of ansible on each managed node, each set to run via cron and update playbook source via a source repository. This inverts the default push architecture of ansible into a pull architecture, which has near−limitless scaling potential.
None of the CLI tools are designed to run concurrently with themselves, you should use an external scheduler and/or locking to ensure there are no clashing operations.
The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible−pull. This is useful both for extreme scale−out as well as periodic remediation. Usage of the 'fetch' module to retrieve logs from ansible−pull runs would be an excellent way to gather and analyze remote logs from ansible−pull.
Playbook(s)
−−accept−host−key
adds the hostkey for the repo url if not already added
−−become−password−file 'BECOME_PASSWORD_FILE', −−become−pass−file 'BECOME_PASSWORD_FILE'
Become password file
−−check
don't make any changes; instead, try to predict some of the changes that may occur
−−clean
modified files in the working repository will be discarded
−−connection−password−file 'CONNECTION_PASSWORD_FILE', −−conn−pass−file 'CONNECTION_PASSWORD_FILE'
Connection password file
−−diff
when changing (small) files and templates, show the differences in those files; works great with −−check
−−full
Do a full clone, instead of a shallow one.
−−list−hosts
outputs a list of matching hosts; does not execute anything else
−−private−key 'PRIVATE_KEY_FILE', −−key−file 'PRIVATE_KEY_FILE'
use this file to authenticate the connection
−−purge
purge checkout after playbook run
−−scp−extra−args 'SCP_EXTRA_ARGS'
specify extra arguments to pass to scp only (e.g. −l)
−−sftp−extra−args 'SFTP_EXTRA_ARGS'
specify extra arguments to pass to sftp only (e.g. −f, −l)
−−skip−tags
only run plays and tasks whose tags do not match these values. This argument may be specified multiple times.
−−ssh−common−args 'SSH_COMMON_ARGS'
specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)
−−ssh−extra−args 'SSH_EXTRA_ARGS'
specify extra arguments to pass to ssh only (e.g. −R)
−−track−subs
submodules will track the latest changes. This is equivalent to specifying the −−remote flag to git submodule update
−−vault−id
the vault identity to use. This argument may be specified multiple times.
−−vault−password−file, −−vault−pass−file
vault password file
−−verify−commit
verify GPG signature of checked out commit, if it fails abort running the playbook. This needs the corresponding VCS module to support such an operation
−−version
show program's version number, config file location, configured module search path, module location, executable location and exit
−C 'CHECKOUT', −−checkout 'CHECKOUT'
branch/tag/commit to checkout. Defaults to behavior of repository module.
−J, −−ask−vault−password, −−ask−vault−pass
ask for vault password
−K, −−ask−become−pass
ask for privilege escalation password
−M, −−module−path
prepend colon−separated path(s) to module library (default={{ ANSIBLE_HOME ˜ "/plugins/modules:/usr/share/ansible/plugins/modules" }}). This argument may be specified multiple times.
−T 'TIMEOUT', −−timeout 'TIMEOUT'
override the connection timeout in seconds (default depends on connection)
−U 'URL', −−url 'URL'
URL of the playbook repository
−c 'CONNECTION', −−connection 'CONNECTION'
connection type to use (default=ssh)
−d 'DEST', −−directory 'DEST'
path to the directory to which Ansible will checkout the repository.
−e, −−extra−vars
set additional variables as key=value or YAML/JSON, if filename prepend with @. This argument may be specified multiple times.
−f, −−force
run the playbook even if the repository could not be updated
−h, −−help
show this help message and exit
−i, −−inventory, −−inventory−file
specify inventory host path or comma separated host list. −−inventory−file is deprecated. This argument may be specified multiple times.
−k, −−ask−pass
ask for connection password
−l 'SUBSET', −−limit 'SUBSET'
further limit selected hosts to an additional pattern
−m 'MODULE_NAME', −−module−name 'MODULE_NAME'
Repository module name, which ansible will use to check out the repo. Choices are ('git', 'subversion', 'hg', 'bzr'). Default is git.
−o, −−only−if−changed
only run the playbook if the repository has been updated
−s 'SLEEP', −−sleep 'SLEEP'
sleep for random interval (between 0 and n number of seconds) before starting. This is a useful way to disperse git requests
−t, −−tags
only run plays and tasks tagged with these values. This argument may be specified multiple times.
−u 'REMOTE_USER', −−user 'REMOTE_USER'
connect as this user (default=None)
−v, −−verbose
Causes Ansible to print more debug messages. Adding multiple −v will increase the verbosity, the builtin plugins currently evaluate up to −vvvvvv. A reasonable level to start is −vvv, connection debugging might require −vvvv. This argument may be specified multiple times.
playbook.yml
The name of one the YAML format files to run as an Ansible playbook.This can be a relative path within the checkout. By default, Ansible willlook for a playbook based on the host's fully−qualified domain name,on the host hostname and finally a playbook named local.yml.
Ansible stores the hosts it can potentially operate on in an inventory. This can be an YAML file, ini−like file, a script, directory, list, etc. For additional options, see the documentation on https://docs.ansible.com/.
The following environment variables may be specified.
ANSIBLE_INVENTORY −− Override the default ansible inventory sources
ANSIBLE_LIBRARY −− Override the default ansible module library path
ANSIBLE_CONFIG −− Specify override location for the ansible config file
Many more are available for most options in ansible.cfg
For a full list check https://docs.ansible.com/. or use the ansible−config command.
/etc/ansible/hosts −− Default inventory file
/etc/ansible/ansible.cfg −− Config file, used if present
˜/.ansible.cfg −− User config file, overrides the default config if present
./ansible.cfg −− Local config file (in current working directory) assumed to be 'project specific' and overrides the rest if present.
As mentioned above, the ANSIBLE_CONFIG environment variable will override all others.
Ansible was originally written by Michael DeHaan.
Copyright © 2018 Red Hat, Inc | Ansible. Ansible is released under the terms of the GPLv3 license.
ansible (1), ansible−config (1), ansible−console (1), ansible−doc (1), ansible−galaxy (1), ansible−inventory (1), ansible−playbook (1), ansible−vault (1)
Extensive documentation is available in the documentation site: <- https://docs.ansible.com>. IRC and mailing list info can be found in file CONTRIBUTING.md, available in: <- https://github.com/ansible/ansible>