Ansible allows administrators to execute on-demand tasks on Ansible managed servers. The ad-hoc commands are the most basic operations that can be performed with Ansible engine. Each ad-hoc command is capable of performing a single operation on host or group of hosts. To perform multiple operations, the administrator should run the series of ad-hoc commands from Ansible Server. Some of the commands might require “root” privilege. We will see that how to become a root user in ad-hoc mode.
1. Login to Ansible server and run “uptime” command in ad-hoc mode.
[sysadmin@ansible-server ~]$ ansible all -a 'uptime' ana-2 | SUCCESS | rc=0 >> 07:01:19 up 2 days, 8:29, 2 users, load average: 0.24, 0.06, 0.06 ana-1 | SUCCESS | rc=0 >> 00:43:56 up 3 days, 20:58, 1 user, load average: 0.19, 0.31, 0.22 uaans | SUCCESS | rc=0 >> 04:18:41 up 3 days, 12:00, 2 users, load average: 0.00, 0.01, 0.05 uaans69 | SUCCESS | rc=0 >> 04:18:40 up 4 days, 1:50, 2 users, load average: 0.00, 0.00, 0.00
To align the output in one line, use “-o” option.
[sysadmin@ansible-server ~]$ ansible all -a 'uptime' -o ana-1 | SUCCESS | rc=0 | (stdout) 00:44:03 up 3 days, 20:58, 1 user, load average: 0.17, 0.31, 0.22 uaans69 | SUCCESS | rc=0 | (stdout) 04:18:46 up 4 days, 1:50, 2 users, load average: 0.00, 0.00, 0.00 uaans | SUCCESS | rc=0 | (stdout) 04:18:47 up 3 days, 12:00, 2 users, load average: 0.00, 0.01, 0.05 ana-2 | SUCCESS | rc=0 | (stdout) 07:01:26 up 2 days, 8:29, 2 users, load average: 0.22, 0.06, 0.06 [sysadmin@ansible-server ~]$
2. How to gain the escalated privileges on Ad-hoc mode?
The following command just finds the user which is configured with ansible for passwordless authentication.
[sysadmin@ansible-server ~]$ ansible all -a "whoami" ana-1 | SUCCESS | rc=0 >> sysadmin ana-2 | SUCCESS | rc=0 >> sysadmin uaans | SUCCESS | rc=0 >> sysadmin uaans69 | SUCCESS | rc=0 >> sysadmin [sysadmin@ansible-server ~]$
Try the same command using the “-b” option to gain the elevated access/root access.
[sysadmin@ansible-server ~]$ ansible all -b -a "whoami" uaans69 | SUCCESS | rc=0 >> root uaans | SUCCESS | rc=0 >> root ana-2 | SUCCESS | rc=0 >> root ana-1 | SUCCESS | rc=0 >> root [sysadmin@ansible-server ~]$
Here we can see that, sysadmin user has gained the root access. In many cases, you need to escalate the privileges to manage the hosts.
3. Install Apache package using “ad-hoc” command.
- “-b” option used for escalating the privilege.
- “-m” option used for specifying the module.
[sysadmin@ansible-server ~]$ ansible all -b -m yum -a "name=httpd state=present"
ana-2 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-80.el7.centos.1.x86_64 providing httpd is already installed"
]
}
ana-1 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-80.el7.centos.1.x86_64 providing httpd is already installed"
]
}
uaans69 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.2.15-60.el6_9.6.x86_64 providing httpd is already installed"
]
}
uaans | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-17.el7.x86_64 providing httpd is already installed"
]
}
[sysadmin@ansible-server ~]$
3. Try to remove the installed package without “-b” option. You should get errors since we haven’t escalated the privileges.
[sysadmin@ansible-server ~]$ ansible all -m yum -a "name=httpd state=absent"
ana-2 | FAILED! => {
"changed": false,
"msg": "You need to be root to perform this command.\n",
"rc": 1,
"results": [
"Loaded plugins: fastestmirror\n"
]
}
ana-1 | FAILED! => {
"changed": false,
"msg": "Repository epel is listed more than once in the configuration\nRepository epel-source is listed more than once in the configuration\nYou need to be root to perform this command.\n",
"rc": 1,
"results": [
"Loaded plugins: fastestmirror\n"
]
}
uaans | FAILED! => {
"changed": false,
"msg": "You need to be root to perform this command.\n",
"rc": 1,
"results": [
"Loaded plugins: langpacks, product-id, subscription-manager\n"
]
}
uaans69 | FAILED! => {
"changed": false,
"msg": "You need to be root to perform this command.\n",
"rc": 1,
"results": [
"Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security,\n : subscription-manager\n"
]
}
[sysadmin@ansible-server ~]$
The “ad-hoc” mode can be used to perform most of the activities but playbooks and roles are more matured and it’s better for error handling. It can also avoid the command line syntax errors. When you have a mix of Debian and RHEL variants, ad-hoc mode commands might fail since commands will be different on each flavor.