Ansible Options

In this lesson we’ll be taking a look at options available when we’re executing Ansible commands. The options can be used for both Ad-Hoc commands and playbooks.

Overview

In our upcoming lessons we’ll be using a variety of options when running Ansible scripts. These can provide tremendous benefits, especially when we’re using Ansible in a production environment.

Let’s go over a handful of common Ansible options that can be used whilst executing ad hoc commands and playbooks.

-i

Let’s start by looking at -i. This is used to specify an inventory file to use to execute the commands against.

To provide some context, we’ll take a look at an example:

root@ANSIBLE:/etc/ansible/CiscoAnsible# ansible CORE -i LABHOSTS -m raw -a “show run” -u Ansible -k

We run our command as normal and specify the group within the inventory we want to execute our commands against. In this example, we’re using the group called CORE .

The inventory file is then specified using
-i followed by the name of the inventory file. We can use any name for our inventory file, in this example we’re using LABHOSTS.

Some uses cases where this would be beneficial include:

  • No ansible.cfg file has been configured
  • An inventory file hasn’t been configured in our ansible.cfg file
  • We want to use a different inventory file than that configured within ansible.cfg

The only downside of using the -i option is that the inventory file needs to be in the same folder that we’re executing our Ansible commands from.

–inventory

Unlike -i, we can use the –inventory option to specify a hosts file located in another folder.

To provide some context, let’s take a look an example:

root@ANSIBLE:/etc/ansible/CiscoAnsible# mkdir Inventories
root@ANSIBLE:/etc/ansible/CiscoAnsible# cd Inventories
root@ANSIBLE:/etc/ansible/CiscoAnsible/Inventories#

We’ll start by creating a new directory to store our inventory files in using mkdir Inventories. Next, we’ll use cd Inventories to navigate to our folder.

root@ANSIBLE:/etc/ansible/CiscoAnsible/Inventories# nano LABHOSTS

Let’s create an inventory file in our folder called LABHOSTS using the nano command.

[SWITCHES]
SW1 ansible_host=192.168.10.251
SW2 ansible_host=192.168.10.252

To keep things simple, we’ll then create a group called [SWITCHES] and list SW1 and SW2.

We can save the file using
CTRL X.

root@ANSIBLE:/etc/ansible/CiscoAnsible/Inventories# cd ..
root@ANSIBLE:/etc/ansible/CiscoAnsible#

We’ll navigate back a folder level to our Ansible folder using cd ..

root@ANSIBLE:/etc/ansible/CiscoAnsible# ansible SWITCHES –inventory=/etc/ansible/CiscoAnsible/Inventories/LABHOSTS -m raw -a “show version | include uptime” -u Ansible -k
SSH password:

Similar to the -i option, we need to specify the group within our inventory file we want to execute the commands against. In this instance we’ll be using SWITCHES .

We then use
–inventory followed by the location of the hosts file we want to use, /etc/ansible/CiscoAnsible/Inventories/LABHOSTS.

Some uses cases where this would be beneficial include:

  • No ansible.cfg file has been configured
  • An inventory file hasn’t been configured in our ansible.cfg file
  • We want to use a different inventory file than that configured within ansible.cfg
  • Calling inventory files located in a seperate directory

-u

-u

We can use -u as an option when executing commands with Ansible to specify a username to use. Ansible will use the username provided using the -u command to authenticate with our devices with.

To provide some context, let’s take a look at an example:

root@ANSIBLE:/etc/ansible/CiscoAnsible# ansible ACCESS -m raw -a “write mem” -u Ansible -k

In order to force Ansible to connect to our devices with a specific username we use the -u command. Following this, we specify the username, in this case we want Ansible to connect using Ansible as the SSH username.

The downside of specifying the username using -u is that the username must be configured on all of the devices we’re connecting too. Alternatively to this we can configure our usernames within the inventory file or using an Ansible vault.

-k

In order to be prompted for a password that Ansible can use, we can use the -k option. Ansible will use the password provided to connect to the devices to execute the commands.

To provide some context, let’s take a look at an example:

root@ANSIBLE:/etc/ansible/CiscoAnsible# ansible ACCESS -m raw -a “write mem” -u Ansible -k
SSH password:

In order to force Ansible to connect to our devices with a specific password we use the -k command. When we then run our Ansible commands, Ansible will prompt us for an SSH password.

The downside of specifying the password using -k is that the password must be configured on all of the devices we’re connecting too.

An alternative to this is configuring our passwords within the inventory file. This, however is highly discouraged as the passwords will be stored in clear-text. The best practice is to store passwords within an encrypted Ansible vault.