Ansible ships with a number of modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks. Users can also write their own modules. These modules can control system resources, like services, packages, or files (anything really), or handle executing system commands.
Let’s review how we execute three different modules from the command line:
ansible webservers -m service -a "name=httpd state=running"
ansible webservers -m ping
ansible webservers -m command -a "/sbin/reboot -t now"
Each module supports taking arguments. Nearly all modules take key=value arguments, space delimited. Some modules take no arguments, and the command/shell modules simply take the string of the command you want to run.
From playbooks, Ansible modules are executed in a very similar way:
- name: reboot the servers
action: command /sbin/reboot -t now
All modules technically return JSON format data, though if you are using the command line or playbooks, you don’t really need to know much about that. If you’re writing your own module, you care, and this means you do not have to write modules in any particular language – you get to choose.
Most modules other than command are idempotent, meaning they will seek to avoid changes to the system unless a change needs to be made. When using Ansible playbooks, these modules can trigger ‘change events’. Unless otherwise noted, any given module does support change hooks.
Let’s see what’s available in the Ansible module library, out of the box:
Manages apt-packages (such as for Debian/Ubuntu).
pkg:
state:
update-cache:
purge:
default-release:
Example action from Ansible Playbooks:
apt pkg=foo update-cache=yes
apt pkg=foo state=removed
apt pkg=foo state=installed
apt pkg=foo=1.00 state=installed
apt pkg=nginx state=latest default-release=squeeze-backports update-cache=yes
NOTE: the apt module cannot currently request installation of a specific software version, as the yum module can. This should be available in a future release.
The command module takes the command name followed by a list of arguments, space delimited.
If you want to run a command through the shell (say you are using ‘<’, ‘>’, ‘|’, etc), you actually want the ‘shell’ module instead. The ‘command’ module is much more secure as it’s not affected by the user’s environment.
The given command will be executed on all selected nodes. It will not be processed through the shell, so variables like “$HOME” and operations like “<”, “>”, “|”, and “&” will not work. As such, all paths to commands must be fully qualified.
This module does not support change hooks and returns the return code from the program as well as timing information about how long the command was running.
Example action from Ansible Playbooks:
command /sbin/shutdown -t now
If you only want to run a command if a certain file does not exist, you can do the following:
command /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database
The creates= option will not be passed to the executable.
The copy module moves a file on the local box to remote locations. In addition to the options listed below, the arguments available to the file module can also be passed to the copy module.
src:
dest:
This module also returns md5sum information about the resultant file.
Example action from Ansible Playbooks:
copy src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644
Runs the discovery program ‘facter’ on the remote system, returning JSON data that can be useful for inventory purposes.
Requires that ‘facter’ and ‘ruby-json’ be installed on the remote end.
This module is informative only - it takes no parameters & does not support change hooks, nor does it make any changes on the system. Playbooks do not actually use this module, they use the setup module behind the scenes.
This module works like ‘copy’, but in reverse. It is used for fetching files from remote machines and storing them locally in a file tree, organized by hostname.
src:
dest:
The fetch module is a useful way to gather log files from remote systems. If you require fetching multiple files from remote systems, you may wish to execute a tar command and then fetch the tarball.
Example:
fetch src=/var/log/messages dest=/home/logtree
Sets attributes of files, symlinks, and directories, or removes files/symlinks/directories. All parameters available to the file module are also available when running the copy or template modules.
dest:
state:
mode:
owner:
group:
src:
seuser:
serole:
setype:
selevel:
context:
Example action from Ansible Playbooks:
file path=/etc/foo.conf owner=foo group=foo mode=0644
file path=/some/path owner=foo group=foo state=directory
file path=/path/to/delete state=absent
file src=/file/to/link/to dest=/path/to/symlink owner=foo group=foo state=link
file path=/some/path state=directory setype=httpd_sys_content_t
file path=/some/path state=directory context=default
Deploys software (or files) from git checkouts.
repo:
dest:
version:
branch:
Example action from Ansible Playbooks:
git repo=git://foosball.example.org/path/to/repo.git dest=/srv/checkout version=release-0.22
Adds or removes groups.
name:
gid:
state:
system:
To control members of the group, see the users resource.
Example action from Ansible Playbooks:
group name=somegroup state=present
Similar to the facter module, this returns JSON inventory data. Ohai data is a bit more verbose and nested than facter.
Requires that ‘ohai’ be installed on the remote end.
This module is information only - it takes no parameters & does not support change hooks, nor does it make any changes on the system.
Playbooks should not call the ohai module, playbooks call the setup module behind the scenes instead.
A trivial test module, this module always returns the integer 1 on successful contact.
This module does not support change hooks and is informative only - it takes no parameters & does not support change hooks, nor does it make any changes on the system.
Executes a low-down and dirty SSH command, not going through the module subsystem. This module is new in Ansible 0.4.
This is useful and should only be done in two cases. The first case is installing python-simplejson on older (python 2.4 and before) hosts that need it as a dependency to run modules, since nearly all core modules require it. Another is speaking to any devices such as routers that do not have any Python installed. In any other case, using the ‘shell’ or ‘command’ module is much more appropriate.
Arguments given to ‘raw’ are run directly through the configured remote shell and only output is returned. There is no error detection or change handler support for this module.
Example from /usr/bin/ansible to bootstrap a legacy python 2.4 host:
ansible newhost.example.com raw -a “yum install python-simplejson”
Controls services on remote machines.
state:
enabled:
list:
name:
Example action from Ansible Playbooks:
service name=httpd state=started
service name=httpd state=stopped
service name=httpd state=restarted
Writes a JSON file containing key/value data, for use in templating. Call this once before using the template module. Playbooks will execute this module automatically as the first step in each play using the variables section, so it is unnecessary to make explicit calls to setup within a playbook.
Ansible provides many ‘facts’ about the system, automatically.
Some of the variables that are supplied are listed below. These in particular are from a VMWare Fusion 4 VM running CentOS 6.2:
"ansible_architecture": "x86_64",
"ansible_distribution": "CentOS",
"ansible_distribution_release": "Final",
"ansible_distribution_version": "6.2",
"ansible_eth0": {
"ipv4": {
"address": "REDACTED",
"netmask": "255.255.255.0"
},
"ipv6": [
{
"address": "REDACTED",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "REDACTED"
},
"ansible_form_factor": "Other",
"ansible_fqdn": "localhost.localdomain",
"ansible_hostname": "localhost",
"ansible_interfaces": [
"lo",
"eth0"
],
"ansible_kernel": "2.6.32-220.2.1.el6.x86_64",
"ansible_lo": {
"ipv4": {
"address": "127.0.0.1",
"netmask": "255.0.0.0"
},
"ipv6": [
{
"address": "::1",
"prefix": "128",
"scope": "host"
}
],
"ansible_machine": "x86_64",
"ansible_memfree_mb": 89,
"ansible_memtotal_mb": 993,
"ansible_processor": [
"Intel(R) Core(TM) i7-2677M CPU @ 1.80GHz"
],
"ansible_processor_cores": "NA",
"ansible_processor_count": 1,
"ansible_product_name": "VMware Virtual Platform",
"ansible_product_serial": "REDACTED",
"ansible_product_uuid": "REDACTED",
"ansible_product_version": "None",
"ansible_python_version": "2.6.6",
"ansible_product_version": "None",
"ansible_python_version": "2.6.6",
"ansible_ssh_host_key_dsa_public": REDACTED",
"ansible_ssh_host_key_rsa_public": "REDACTED",
"ansible_swapfree_mb": 1822,
"ansible_swaptotal_mb": 2015,
"ansible_system": "Linux",
"ansible_system_vendor": "VMware, Inc.",
"ansible_virtualization_role": "None",
"ansible_virtualization_type": "None",
More ansible facts will be added with successive releases.
If facter or ohai are installed, variables from these programs will also be snapshotted into the JSON file for usage in templating. These variables are prefixed with facter_ and ohai_ so it’s easy to tell their source.
All variables are bubbled up to the caller. Using the ansible facts and choosing to not install facter and ohai means you can avoid ruby-dependencies on your remote systems.
variablename:
Example action from Ansible Playbooks:
vars:
ntpserver: 'ntp.example.com'
xyz: 1234
Example action from /usr/bin/ansible:
ansible all -m setup -a "ntpserver=ntp.example.com xyz=1234"
The shell module takes the command name followed by a list of arguments, space delimited. It is almost exactly like the command module but runs the command through the user’s configured shell on the remote node.
The given command will be executed on all selected nodes.
If you want to execute a command securely and predicably, it may be better to use the ‘command’ module instead. Best practices when writing playbooks will follow the trend of using ‘command’ unless ‘shell’ is explicitly required. When running ad-hoc commands, use your best judgement.
This module does not support change hooks and returns the return code from the program as well as timing information about how long the command was running.
Example action from a playbook:
shell somescript.sh >> somelog.txt
Templates a file out to a remote server. Call the setup module prior to usage if you are not running from a playbook. In addition to the options listed below, the arguments available to the file and copy modules can also be passed to the template module.
src:
dest:
This module also returns md5sum information about the resultant file.
Example action from a playbook:
template src=/srv/mytemplates/foo.j2 dest=/etc/foo.conf owner=foo group=foo mode=0644
Creates user accounts, manipulates existing user accounts, and removes user accounts.
name:
comment:
uid:
group:
groups:
append:
shell:
createhome:
password:
state:
system:
force:
remove:
Example action from Ansible Playbooks:
user name=mdehaan comment=awesome passwd=awWxVV.JvmdHw createhome=yes
user name=mdehaan groups=wheel,skynet
user name=mdehaan state=absent force=yes
Manages virtual machines supported by libvirt. Requires that libvirt be installed on the managed machine.
guest:
state
command:
Example action from Ansible Playbooks:
virt guest=alpha state=running
virt guest=alpha state=shutdown
virt guest=alpha state=destroyed
virt guest=alpha state=undefined
Example guest management commands from /usr/bin/ansible:
ansible host -m virt -a "guest=foo command=status"
ansible host -m virt -a "guest=foo command=pause"
ansible host -m virt -a "guest=foo command=unpause"
ansible host -m virt -a "guest=foo command=get_xml"
ansible host -m virt -a "guest=foo command=autostart"
Example host (hypervisor) management commands from /usr/bin/ansible:
ansible host -m virt -a "command=freemem"
ansible host -m virt -a "command=list_vms"
ansible host -m virt -a "command=info"
ansible host -m virt -a "command=nodeinfo"
ansible host -m virt -a "command=virttype"
Will install, upgrade, remove, and list packages with the yum package manager.
pkg:
state:
list:
Example action from Ansible Playbooks:
yum pkg=httpd state=latest
yum pkg=httpd state=removed
yum pkg=httpd state=installed
See also