ANSIBLE-PULL(1) System administration commands ANSIBLE-PULL(1)
NAME
ansible-pull - pulls playbooks from a VCS repo and executes them on
target host
SYNOPSIS
usage: ansible-pull [-h] [--version] [-v] [--private-key
PRIVATE_KEY_FILE]
[-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] [--ssh-common-args
SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS]
[--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args
SSH_EXTRA_ARGS] [-k | --connection-password-file
CONNECTION_PASSWORD_FILE] [--vault-id VAULT_IDS] [-J |
--vault-password-file VAULT_PASSWORD_FILES] [-e EXTRA_VARS] [-t
TAGS] [--skip-tags SKIP_TAGS] [-i INVENTORY] [--list-hosts] [-l
SUBSET] [-M MODULE_PATH] [-K | --become-password-file
BECOME_PASSWORD_FILE] [--purge] [-o] [-s SLEEP] [-f] [-d DEST]
[-U URL] [--full] [-C CHECKOUT] [--accept-host-key] [-m
MODULE_NAME] [--verify-commit] [--clean] [--track-subs]
[--check] [--diff] [playbook.yml ...]
DESCRIPTION
Used to pull a remote copy of ansible on each managed node, each set to
run via cron and update playbook source via a source repository. This
inverts the default push architecture of ansible into a pull
architecture, which has near-limitless scaling potential.
None of the CLI tools are designed to run concurrently with themselves,
you should use an external scheduler and/or locking to ensure there are
no clashing operations.
The setup playbook can be tuned to change the cron frequency, logging
locations, and parameters to ansible-pull. This is useful both for
extreme scale-out as well as periodic remediation. Usage of the
'fetch' module to retrieve logs from ansible-pull runs would be an
excellent way to gather and analyze remote logs from ansible-pull.
COMMON OPTIONS
Playbook(s)
--accept-host-key
adds the hostkey for the repo url if not already added
--become-password-file 'BECOME_PASSWORD_FILE', --become-pass-file
'BECOME_PASSWORD_FILE'
Become password file
--check
don't make any changes; instead, try to predict some of the changes
that may occur
--clean
modified files in the working repository will be discarded
--connection-password-file 'CONNECTION_PASSWORD_FILE', --conn-pass-file
'CONNECTION_PASSWORD_FILE'
Connection password file
--diff
when changing (small) files and templates, show the differences in
those files; works great with --check
--full
Do a full clone, instead of a shallow one.
--list-hosts
outputs a list of matching hosts; does not execute anything else
--private-key 'PRIVATE_KEY_FILE', --key-file 'PRIVATE_KEY_FILE'
use this file to authenticate the connection
--purge
purge checkout after playbook run
--scp-extra-args 'SCP_EXTRA_ARGS'
specify extra arguments to pass to scp only (e.g. -l)
--sftp-extra-args 'SFTP_EXTRA_ARGS'
specify extra arguments to pass to sftp only (e.g. -f, -l)
--skip-tags
only run plays and tasks whose tags do not match these values. This
argument may be specified multiple times.
--ssh-common-args 'SSH_COMMON_ARGS'
specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)
--ssh-extra-args 'SSH_EXTRA_ARGS'
specify extra arguments to pass to ssh only (e.g. -R)
--track-subs
submodules will track the latest changes. This is equivalent to
specifying the --remote flag to git submodule update
--vault-id
the vault identity to use. This argument may be specified multiple
times.
--vault-password-file, --vault-pass-file
vault password file
--verify-commit
verify GPG signature of checked out commit, if it fails abort
running the playbook. This needs the corresponding VCS module to
support such an operation
--version
show program's version number, config file location, configured
module search path, module location, executable location and exit
-C 'CHECKOUT', --checkout 'CHECKOUT'
branch/tag/commit to checkout. Defaults to behavior of repository
module.
-J, --ask-vault-password, --ask-vault-pass
ask for vault password
-K, --ask-become-pass
ask for privilege escalation password
-M, --module-path
prepend colon-separated path(s) to module library (default={{
ANSIBLE_HOME ~ "/plugins/modules:/usr/share/ansible/plugins/modules"
}}). This argument may be specified multiple times.
-T 'TIMEOUT', --timeout 'TIMEOUT'
override the connection timeout in seconds (default depends on
connection)
-U 'URL', --url 'URL'
URL of the playbook repository
-c 'CONNECTION', --connection 'CONNECTION'
connection type to use (default=ssh)
-d 'DEST', --directory 'DEST'
path to the directory to which Ansible will checkout the repository.
-e, --extra-vars
set additional variables as key=value or YAML/JSON, if filename
prepend with @. This argument may be specified multiple times.
-f, --force
run the playbook even if the repository could not be updated
-h, --help
show this help message and exit
-i, --inventory, --inventory-file
specify inventory host path or comma separated host list.
--inventory-file is deprecated. This argument may be specified
multiple times.
-k, --ask-pass
ask for connection password
-l 'SUBSET', --limit 'SUBSET'
further limit selected hosts to an additional pattern
-m 'MODULE_NAME', --module-name 'MODULE_NAME'
Repository module name, which ansible will use to check out the
repo. Choices are ('git', 'subversion', 'hg', 'bzr'). Default is
git.
-o, --only-if-changed
only run the playbook if the repository has been updated
-s 'SLEEP', --sleep 'SLEEP'
sleep for random interval (between 0 and n number of seconds) before
starting. This is a useful way to disperse git requests
-t, --tags
only run plays and tasks tagged with these values. This argument may
be specified multiple times.
-u 'REMOTE_USER', --user 'REMOTE_USER'
connect as this user (default=None)
-v, --verbose
Causes Ansible to print more debug messages. Adding multiple -v will
increase the verbosity, the builtin plugins currently evaluate up to
-vvvvvv. A reasonable level to start is -vvv, connection debugging
might require -vvvv. This argument may be specified multiple times.
ARGUMENTS
playbook.yml
The name of one the YAML format files to run as an Ansible
playbook.This can be a relative path within the checkout. By default,
Ansible willlook for a playbook based on the host's fully-qualified
domain name,on the host hostname and finally a playbook named
local.yml.
INVENTORY
Ansible stores the hosts it can potentially operate on in an inventory.
This can be an YAML file, ini-like file, a script, directory, list,
etc. For additional options, see the documentation on
.
ENVIRONMENT
The following environment variables may be specified.
ANSIBLE_INVENTORY -- Override the default ansible inventory sources
ANSIBLE_LIBRARY -- Override the default ansible module library path
ANSIBLE_CONFIG -- Specify override location for the ansible config file
Many more are available for most options in ansible.cfg
For a full list check . or use the
ansible-config command.
FILES
/etc/ansible/hosts -- Default inventory file
/etc/ansible/ansible.cfg -- Config file, used if present
~/.ansible.cfg -- User config file, overrides the default config if
present
./ansible.cfg -- Local config file (in current working directory)
assumed to be 'project specific' and overrides the rest if present.
As mentioned above, the ANSIBLE_CONFIG environment variable will
override all others.
AUTHOR
Ansible was originally written by Michael DeHaan.
COPYRIGHT
Copyright (C) 2018 Red Hat, Inc | Ansible. Ansible is released under
the terms of the GPLv3 license.
SEE ALSO
ansible (1), ansible-config (1), ansible-console (1), ansible-doc (1),
ansible-galaxy (1), ansible-inventory (1), ansible-playbook (1),
ansible-vault (1)
Extensive documentation is available in the documentation site: <
>. IRC and mailing list info can be found
in file CONTRIBUTING.md, available in: <
>
Ansible 2.16.6 ANSIBLE-PULL(1)