ansible-pull

pulls playbooks from a VCS repo and executes them for the local host

Synopsis

  1. ansible-pull -U <repository> [options] [<playbook.yml>]

Description

is used to up a remote copy of ansible on each managed node,each set to run via cron and update playbook source via a source repository.This inverts the default push architecture of ansible into a pull architecture,which has near-limitless scaling potential.

The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible-pull.This is useful both for extreme scale-out as well as periodic remediation.Usage of the ‘fetch’ module to retrieve logs from ansible-pull runs would be anexcellent way to gather and analyze remote logs from ansible-pull.

Common Options

  • —accept-host-key
  • adds the hostkey for the repo url if not already added
  • —ask-su-pass
  • ask for su password (deprecated, use become)
  • —ask-sudo-pass
  • ask for sudo password (deprecated, use become)
  • —ask-vault-pass
  • ask for vault password
  • —check
  • don’t make any changes; instead, try to predict some of the changes that may occur
  • —clean
  • modified files in the working repository will be discarded
  • —diff
  • when changing (small) files and templates, show the differences in those files; works great with –check
  • —full
  • Do a full clone, instead of a shallow one.
  • —list-hosts
  • outputs a list of matching hosts; does not execute anything else
  • —private-key, —key-file
  • use this file to authenticate the connection
  • —purge
  • purge checkout after playbook run
  • —scp-extra-args <SCP_EXTRA_ARGS>
  • specify extra arguments to pass to scp only (e.g. -l)
  • —sftp-extra-args <SFTP_EXTRA_ARGS>
  • specify extra arguments to pass to sftp only (e.g. -f, -l)
  • —skip-tags
  • only run plays and tasks whose tags do not match these values
  • —ssh-common-args <SSH_COMMON_ARGS>
  • specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)
  • —ssh-extra-args <SSH_EXTRA_ARGS>
  • specify extra arguments to pass to ssh only (e.g. -R)
  • —track-subs
  • submodules will track the latest changes. This is equivalent to specifying the –remote flag to git submodule update
  • —vault-id
  • the vault identity to use
  • —vault-password-file
  • vault password file
  • —verify-commit
  • verify GPG signature of checked out commit, if it fails abort running the playbook. This needs the corresponding VCS module to support such an operation
  • —version
  • show program’s version number and exit
  • -C <CHECKOUT>, —checkout <CHECKOUT>
  • branch/tag/commit to checkout. Defaults to behavior of repository module.
  • -K, —ask-become-pass
  • ask for privilege escalation password
  • -M, —module-path
  • prepend colon-separated path(s) to module library (default=[‘/home/jenkins/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’])
  • -T <TIMEOUT>, —timeout <TIMEOUT>
  • override the connection timeout in seconds (default=10)
  • -U <URL>, —url <URL>
  • URL of the playbook repository
  • -c <CONNECTION>, —connection <CONNECTION>
  • connection type to use (default=smart)
  • -d <DEST>, —directory <DEST>
  • directory to checkout repository to
  • -e, —extra-vars
  • set additional variables as key=value or YAML/JSON, if filename prepend with @
  • -f, —force
  • run the playbook even if the repository could not be updated
  • -h, —help
  • show this help message and exit
  • -i, —inventory, —inventory-file
  • specify inventory host path or comma separated host list. –inventory-file is deprecated
  • -k, —ask-pass
  • ask for connection password
  • -l <SUBSET>, —limit <SUBSET>
  • further limit selected hosts to an additional pattern
  • -m <MODULE_NAME>, —module-name <MODULE_NAME>
  • Repository module name, which ansible will use to check out the repo. Choices are (‘git’, ‘subversion’, ‘hg’, ‘bzr’). Default is git.
  • -o, —only-if-changed
  • only run the playbook if the repository has been updated
  • -s <SLEEP>, —sleep <SLEEP>
  • sleep for random interval (between 0 and n number of seconds) before starting. This is a useful way to disperse git requests
  • -t, —tags
  • only run plays and tasks tagged with these values
  • -u <REMOTE_USER>, —user <REMOTE_USER>
  • connect as this user (default=None)
  • -v, —verbose
  • verbose mode (-vvv for more, -vvvv to enable connection debugging)

Environment

The following environment variables may be specified.

ANSIBLE_CONFIG – Override the default ansible config file

Many more are available for most options in ansible.cfg

Files

/etc/ansible/ansible.cfg – Config file, used if present

~/.ansible.cfg – User config file, overrides the default config if present

Author

Ansible was originally written by Michael DeHaan.

See the AUTHORS file for a complete list of contributors.

Copyright © 2017 Red Hat, Inc | Ansible.

Ansible is released under the terms of the GPLv3 License.

See also

ansible(1), ansible-config(1), ansible-console(1), ansible-doc(1), ansible-galaxy(1), ansible-inventory(1), ansible-playbook(1), ansible-pull(1), ansible-vault(1),