Ad Hoc Commands execution in Ansible

By using below command syntax, we can execute OS commands on the managed machines from controller machine.

    ansible host-pattern -m module [-a ‘module arguments’] [-i inventory]

Pre-requisite for ansible execution is as below,

Create a generic service account in all the servers, here i am going to create user id called ‘ansible’ as below,

[root@centos7 ansible]# useradd ansible
[root@centos7 ansible]#

Set the password for the ansible user id which we have created in the above step,

[root@centos7 ansible]# passwd ansible
Changing password for user ansible.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@centos7 ansible]#

Now give passwordless sudo access to ‘ansible’ user id in all managed nodes,

[root@centos7 sudoers.d]# pwd
/etc/sudoers.d
[root@centos7 sudoers.d]# vi ansible
[root@centos7 sudoers.d]# cat ansible
ansible ALL=(ALL) NOPASSWD: ALL
[root@centos7 sudoers.d]#

Verify the sudo access as below,

[root@centos7 sudoers.d]# sudo -l -U ansible
Matching Defaults entries for ansible on this host:
!visiblepw, always_set_home, env_reset, env_keep=”COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS”, env_keep+=”MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE”, env_keep+=”LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES”, env_keep+=”LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE”,
env_keep+=”LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY”, secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User ansible may run the following commands on this host:
(ALL) NOPASSWD: ALL
[root@centos7 sudoers.d]#

Please repeat the above steps in remaining managed nodes ie. in WEB server(centos6web) an DB server(centos6db)

Login to controller node as an ansible user, and execute the below commands,

To list out all the hosts available in our inventory:

#ansible –list-host all

output:

[ansible@centos7 ~]$ ansible –list-host all
hosts (3):
centos6web
centos6db
centos7
[ansible@centos7 ~]$

Now try to ping all the host ‘centos6web’ from controller node as an ansible user

[ansible@centos7 ~]$ ping -c4 centos6web
PING centos6web (192.168.0.30) 56(84) bytes of data.
64 bytes from centos6web (192.168.0.30): icmp_seq=1 ttl=128 time=0.681 ms
64 bytes from centos6web (192.168.0.30): icmp_seq=2 ttl=128 time=1.09 ms
64 bytes from centos6web (192.168.0.30): icmp_seq=3 ttl=128 time=0.784 ms
64 bytes from centos6web (192.168.0.30): icmp_seq=4 ttl=128 time=1.22 ms

— centos6web ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3035ms
rtt min/avg/max/mdev = 0.681/0.944/1.221/0.223 ms
[ansible@centos7 ~]$

same ping, we are going to perform via ansible using ping module as below,

[ansible@centos7 ~]$ ansible centos6web -m ping
centos6web | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n”,
“unreachable”: true
}
[ansible@centos7 ~]$

now we are getting Permission denied error so we have to configure passwordless authentication now,

Go to directory .ssh under ‘ansible’ user’s home directory,
[ansible@centos7 .ssh]$ pwd
/home/ansible/.ssh
[ansible@centos7 .ssh]$ ls -lrt
total 4
-rw-r–r–. 1 ansible ansible 811 Jan 29 03:55 known_hosts
[ansible@centos7 .ssh]$

Generate the RSA keys using below command,

[ansible@centos7 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
d1:cd:38:6d:06:27:3a:53:ea:76:6a:62:c8:c0:05:ed ansible@centos7.localdomain
The key’s randomart image is:
+–[ RSA 2048]—-+
| .. + . |
| .. = O |
| .. * + * |
| . .E . + + |
| o S . |
| o . . o |
| o o o |
| . o |
| |
+—————–+
[ansible@centos7 .ssh]$

copy the public to remote host ‘centos6we’ using below command

[ansible@centos7 .ssh]$ ssh-copy-id centos6web
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
ansible@centos6web’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘centos6web'”
and check to make sure that only the key(s) you wanted were added.

[ansible@centos7 .ssh]$

make sure, you are able to ssh to ‘centos6web’ server via ansible user id without any password as below,
[ansible@centos7 .ssh]$ ssh centos6web
[ansible@centos6web ~]$
[ansible@centos6web ~]$ logout
Connection to centos6web closed.
[ansible@centos7 .ssh]$

Now execute ansible ad-hoc command to ping the remote host ‘centos6web’ from controller node

[ansible@centos7 .ssh]$ ansible centos6web -m ping
centos6web | SUCCESS => {
“changed”: false,
“failed”: false,
“ping”: “pong”
}
[ansible@centos7 .ssh]$

Please do the above passwordless authentication setup for all the managed nodes from Controller node.

Now execute ping module for all the hosts which mentioned in the inventory file

[ansible@centos7 .ssh]$ ansible all -m ping
centos6web | SUCCESS => {
“changed”: false,
“failed”: false,
“ping”: “pong”
}
centos7 | SUCCESS => {
“changed”: false,
“failed”: false,
“ping”: “pong”
}
centos6db | SUCCESS => {
“changed”: false,
“failed”: false,
“ping”: “pong”
}
[ansible@centos7 .ssh]$

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: