ansible-pull man page

ansible-pull — pulls playbooks from a VCS repo and executes them for the local host

Synopsis

ansible-pull -U <repository> [options] [<playbook.yml>]

Description

is used to up a remote copy of ansible on each managed node, each set to run via cron and update playbook source via a source repository. This inverts the default push architecture of ansible into a pull architecture, which has near-limitless scaling potential.

The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible-pull. This is useful both for extreme scale-out as well as periodic remediation. Usage of the fetch module to retrieve logs from ansible-pull runs would be an excellent way to gather and analyze remote logs from ansible-pull.

Common Options

--accept-host-key

adds the hostkey for the repo url if not already added

--ask-su-pass

ask for su password (deprecated, use become)

--ask-sudo-pass

ask for sudo password (deprecated, use become)

--ask-vault-pass

ask for vault password

--check

don’t make any changes; instead, try to predict some of the changes that may occur

--clean

modified files in the working repository will be discarded

--full

Do a full clone, instead of a shallow one.

--list-hosts

outputs a list of matching hosts; does not execute anything else

--new-vault-id NEW_VAULT_ID

the new vault identity to use for rekey

--new-vault-password-file

new vault password file for rekey

--private-key, --key-file

use this file to authenticate the connection

--purge

purge checkout after playbook run

--scp-extra-args SCP_EXTRA_ARGS

specify extra arguments to pass to scp only (e.g. -l)

--sftp-extra-args SFTP_EXTRA_ARGS

specify extra arguments to pass to sftp only (e.g. -f, -l)

--skip-tags

only run plays and tasks whose tags do not match these values

--ssh-common-args SSH_COMMON_ARGS

specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)

--ssh-extra-args SSH_EXTRA_ARGS

specify extra arguments to pass to ssh only (e.g. -R)

--track-subs

submodules will track the latest changes. This is equivalent to specifying the --remote flag to git submodule update

--vault-id

the vault identity to use

--vault-password-file

vault password file

--verify-commit

verify GPG signature of checked out commit, if it fails abort running the playbook. This needs the corresponding VCS module to support such an operation

--version

show program’s version number and exit

-C CHECKOUT, --checkout CHECKOUT

branch/tag/commit to checkout. Defaults to behavior of repository module.

-K, --ask-become-pass

ask for privilege escalation password

-M, --module-path

prepend colon-separated path(s) to module library (default=[u'/home/jenkins/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'])

-T TIMEOUT, --timeout TIMEOUT

override the connection timeout in seconds (default=10)

-U URL, --url URL

URL of the playbook repository

-c CONNECTION, --connection CONNECTION

connection type to use (default=smart)

-d DEST, --directory DEST

directory to checkout repository to

-e, --extra-vars

set additional variables as key=value or YAML/JSON, if filename prepend with @

-f, --force

run the playbook even if the repository could not be updated

-h, --help

show this help message and exit

-i, --inventory, --inventory-file

specify inventory host path (default=) or comma separated host list. --inventory-file is deprecated

-k, --ask-pass

ask for connection password

-l SUBSET, --limit SUBSET

further limit selected hosts to an additional pattern

-m MODULE_NAME, --module-name MODULE_NAME

Repository module name, which ansible will use to check out the repo. Default is git.

-o, --only-if-changed

only run the playbook if the repository has been updated

-s SLEEP, --sleep SLEEP

sleep for random interval (between 0 and n number of seconds) before starting. This is a useful way to disperse git requests

-t, --tags

only run plays and tasks tagged with these values

-u REMOTE_USER, --user REMOTE_USER

connect as this user (default=None)

-v, --verbose

verbose mode (-vvv for more, -vvvv to enable connection debugging)

Environment

The following environment variables may be specified.

ANSIBLE_CONFIG — Override the default ansible config file

Many more are available for most options in ansible.cfg

Files

/etc/ansible/ansible.cfg — Config file, used if present

~/.ansible.cfg — User config file, overrides the default config if present

Author

Ansible was originally written by Michael DeHaan. See the AUTHORS file for a complete list of contributors.

See Also

ansible(1), ansible-config(1), ansible-console(1), ansible-doc(1), ansible-galaxy(1), ansible-inventory(1), ansible-playbook(1), ansible-vault(1)

Extensive documentation is available in the documentation site: http://docs.ansible.com. IRC and mailing list info can be found in file CONTRIBUTING.md, available in: https://github.com/ansible/ansible

Referenced By

ansible(1), ansible-config(1), ansible-console(1), ansible-doc(1), ansible-galaxy(1), ansible-inventory(1), ansible-playbook(1), ansible-vault(1).

09/19/2017 Ansible 2.4.0.0 System administration commands