ansible-pull man page

ansible-pull — pull playbooks from VCS server and run them using this machine as the target.


ansible-pull -U URL [options] [ <filename.yml> ]


Ansible is an extra-simple tool/framework/API for doing 'remote things'.

Use ansible-pull to set up a remote copy of ansible on each managed node, each set to run via cron and update playbook source via a source repository. This inverts the default push architecture of ansible into a pull architecture, which has near-limitless scaling potential.

The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible-pull.

This is useful both for extreme scale-out as well as periodic remediation. Usage of the fetch module to retrieve logs from ansible-pull runs would be an excellent way to gather and analyze remote logs from ansible-pull.

Optional Argument

The name of one the YAML format files to run as an ansible playbook. This can be a relative path within the checkout. If not provided, ansible-pull will look for a playbook based on the host’s fully-qualified domain name, on the host hostname and finally a playbook named local.yml.


Adds the hostkey for the repo URL if not already added.
-b, --become
Use privilege escalation (specific one depends on become_method), this does not imply prompting for passwords.
-K, --ask-become-pass
Ask for privilege escalation password.
-k, --ask-pass
Prompt for the connection password, if it is needed for the transport used. For example, using ssh and not having a key-based authentication with ssh-agent.
Prompt for su password, used with --su (deprecated, use become).
Prompt for the password to use with --sudo, if any (deprecated, use become).
Prompt for vault password.
Branch/Tag/Commit to checkout. If not provided, uses default behavior of module used to check out playbook repository.
-d DEST, --directory=DEST
Directory to checkout repository into. If not provided, a subdirectory of ~/.ansible/pull/ will be used.
-e EXTRA_VARS, --extra-vars='EXTRA_VARS
Extra variables to inject into a playbook, in key=value key=value format or as quoted YAML/JSON (hashes and arrays). To load variables from a file, specify the file preceded by @ (e.g. @vars.yml).
-f, --force
Force running of playbook even if unable to update playbook repository. This can be useful, for example, to enforce run-time state when a network connection may not always be up or possible.
Do a full clone of the repository. By default ansible-pull will do a shallow clone based on the last revision.
-h, --help
Show the help message and exit.
-i PATH, --inventory=PATH
The PATH to the inventory, which defaults to /etc/ansible/hosts. Alternatively you can use a comma separated list of hosts or single host with traling comma host,.
Use this file to authenticate the connection.
-m NAME, --module-name=NAME
Module used to checkout playbook repository. Defaults to git.
-o, --only-if-changed
Only run the playbook if the repository has been updated.
Purge the checkout after the playbook is run.
-s SLEEP, --sleep=SLEEP
Sleep for random interval (between 0 and SLEEP number of seconds) before starting. This is a useful way ot disperse git requests.
--ssh-common-args='-o ProxyCommand="ssh -W %h:%p …" …'
Add the specified arguments to any sftp/scp/ssh command-line. Useful to set a ProxyCommand to use a jump host, but any arguments that are accepted by all three programs may be specified.
Add the specified arguments to any sftp command-line.
Add the specified arguments to any scp command-line.
Add the specified arguments to any ssh command-line.
-t TAGS, --tags=TAGS
Only run plays and tasks tagged with these values.
-U URL, --url=URL
URL of the playbook repository to checkout.
Vault password file.
Modified files in the working repository will be discarded.
Submodules will track the latest changes.
-v, --verbose
Pass -vvv to ansible-playbook.


Ansible stores the hosts it can potentially operate on in an inventory. This can be an ini-like file, a script, directory or a list. The ini syntax is one host per line. Groups headers are allowed and are included on their own line, enclosed in square brackets that start the line.

Ranges of hosts are also supported. For more information and additional options, see the documentation on http://docs.ansible.com/.


The following environment variables may be specified.

ANSIBLE_INVENTORY  — Override the default ansible inventory file

ANSIBLE_LIBRARY — Override the default ansible module library path

ANSIBLE_CONFIG — Override the default ansible config file

Many more are available for most options in ansible.cfg


/etc/ansible/hosts — Default inventory file

/usr/share/ansible/ — Default module library

/etc/ansible/ansible.cfg — Config file, used if present

~/.ansible.cfg — User config file, overrides the default config if present


Ansible was originally written by Michael DeHaan. See the AUTHORS file for a complete list of contributors.

See Also

ansible(1) ansible-playbook(1), ansible-doc(1), ansible-vault(1), ansible-galaxy(1)

Extensive documentation is available in the documentation site: http://docs.ansible.com. IRC and mailing list info can be found in file CONTRIBUTING.md, available in: https://github.com/ansible/ansible

Referenced By

ansible(1), ansible-doc(1), ansible-galaxy(1), ansible-playbook(1), ansible-vault(1).

Explore man page connections for ansible-pull(1).