Ansible Automation without Playbooks

Hello Everyone,

In today's articles we are going to talk about ansible, most of you know ansible as it is a configuration management tool and it requires you to write some configuration and convert it to a form called playbooks and ansible push those playbooks to the target machines. put in today's articles will talk about ansible from different angle to answer below questions.

• can you use ansible without writing playbooks?!
• is it possible to make ansible push my commands directly to the target machines?!

the answer is yes, we can do all of that and more using something called ansible-console

What is ansible-console?

ansible-console is an interactive command-line tool included with Ansible that allows you to execute tasks on your managed nodes in a real-time, exploratory manner. It's a valuable asset for testing modules, debugging playbooks, and quickly performing ad-hoc actions on your infrastructure.

Let's start playing

• Check the installed version

# ansible-console --version
ansible-console 2.9.27
  config file = /root/ansible-playbooks/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-console
  python version = 3.6.8 (default, Jan 14 2022, 11:04:20) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]        

• Create Sample inventory with 2 groups {localmachine, bastions}

# cat test-hosts
[localmachine]
10.10.xx.yy
[bastions]
10.10.xx.yy
10.10.xx.yy
        

• connect to the target machines using below ansible console command

ansible-console -i test-hosts -u admin -K -k -b

-k for asking about ssh password

-K for asking about sudo password

-b to become sudo

-i for inventory path

-u for user name

# ansible-console  -i test-hosts -u admin -K -k -b
SSH password:
BECOME password[defaults to SSH password]:
Welcome to the ansible console.
Type help or ? to list commands.

admin@all (3)[f:20]#
        

• list connected hosts and groups using list or list groups

admin@all (3)[f:20]# list
10.10.xx.yy
10.10.xx.yy
10.10.xx.yy
admin@all (3)[f:20]# list groups
all
bastions
localmachine
ungrouped
        

• traverse between the groups, you now connected to all 3 hosts

you can use cd command to move to specific group

also you can use cd to move to specific hosts even if they are from different groups

admin@all (3)[f:20]# cd localmachine
admin@localmachine (1)[f:20]# list
10.10.xx.yy

admin@localmachine (1)[f:20]# cd bastions
admin@bastions (2)[f:20]# list
10.10.xx.yy
10.10.xx.yy
admin@bastions (2)[f:20]

admin@bastions (2)[f:20]# cd 10.10.xx.yy
[email protected] (1)[f:20]#
[email protected] (1)[f:20]# cd 10.10.xx.yy 10.10.xx.yy
[email protected] 10.10.xx.yy (2)[f:20]#


        

• now its show time to run commands directly on groups or hosts using shell module

# shell cat /etc/ssh/sshd_config | egrep -i ^allowgroups
10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel 
10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel 
#
        

Senario-01

we have 3 hosts, 2 of them on group called bastions, the last on group called localmachine.

we need to append admins groups to ssh allowgroup on bastions group only

using that command sed -i '/^AllowGroups/s/$/ admins/' /etc/ssh/sshd_config

then restart sshd on those machines only

admin@bastions (2)[f:20]# sed -i '/^AllowGroups/s/$/ admins/' /etc/ssh/sshd_config
10.10.xx.yy | CHANGED | rc=0 >>
10.10.xx.yy | CHANGED | rc=0 >>

admin@bastions (2)[f:20]# cat /etc/ssh/sshd_config | egrep -i 'allowgroups'
10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel admins
10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel admins

admin@bastions (2)[f:20]# shell systemctl restart  sshd
10.10.16.7 | CHANGED | rc=0 >>

10.10.17.7 | CHANGED | rc=0 >>

admin@bastions (2)[f:20]#

admin@bastions (2)[f:20]# cd all

admin@all (3)[f:20]# cat /etc/ssh/sshd_config | egrep -i 'allowgroups'
10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel admins

10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel admins

10.10.xx.yy | CHANGED | rc=0 >>
AllowGroups wheel 

admin@all (3)[f:20]# 
        

as you can see now any Linux admin can easily use ansible as long as he knows the commands he needs to run on the target servers, he can collect those commands and use ansible console directly without any needs to write ansible playbooks.

The Moral of the Story?

Ansible-console is your secret weapon for those times when playbooks feel like overkill. It's fast, it's fun, and it gets the job done. Just remember, with great power comes great responsibility.

So, the next time you have a small task or a burning itch to test something out, fire up ansible-console and see what kind of magic you can create. Just don't blame us if you get hooked on the convenience.

OfCourse writing playbooks is the best practice as it keeps you know what configuration you did on the machines and keep all your team updated with what you did.

but I just mentioned ansible-console to be used on the small tasks that don't require to write playbooks and that may consume time on the just small tasks or checks.

Hope you have enjoyed reading with me about ansible-console.

If you need to know anything about IT please feel free to contact me and read my past articles maybe it helps.

Subscribe on LinkedIn https://www.dhirubhai.net/build-relation/newsletter-follow?entityUrn=6909177885404622848