This is an old revision of the document!
Ansible-Pull
General Information
The command ansible-pull, inverts the way that ansible works. Instead of sending commands from a central location, a client can pull down a playbook from a version controlled repository and run it locally.
Checklist
- A software repo setup that can be reached by the client system (such as git or svn)
Pre-Req: The VCS Repo
You will need access to a software repo in order to commit/push your ansible-pull playbook into.
This repo will be used by the clients to pull from.
The repo visibility (public/private) doesn't matter, as long as there is a way for the client to access it over https or ssh.
Playbook: About
The ansible-pull playbook file will be the only part that looks different than a normal playbook/role setup.
The entire role directory structure/files can remain the same as if it were being deployed via normal ansible-playbook commands.
Playbook: Example
Example of a playbook tailored for pulling.
Playbook: Role Example
Example of a role that can be used with either a pull playbook or normal playbook.
The Client: Putting It All Together
Steps for the client to run the playbook via ansible-pull.
Example with a git repo
- Install ansible and git
yum -y install ansible git
- If Using SSH Key Login
- Copy private ssh key to root's .ssh directory
cp /mnt/remote-mount/share/id_rsa_ansible-pull /root/.ssh/id_rsa_ansible-pull
- Ensure proper permissions
chown root:root /root/.ssh/id_rsa_ansible-pull chmod 600 /root/.ssh/id_rsa_ansible-pull
- Create a directory for ansible-pull to clone into
mkdir -p /root/.ansible/pull
- Run the ansible-pull command
- SSH Key Example
ansible-pull --directory /root/.ansible/pull --url git@mygitserver.mycorps.domain.org:group/myrepo.git --key-file /root/.ssh/id_rsa_ansible-pull --accept-host-key --clean myplaybook.yml
- HTTPS Example
ansible-pull --directory /root/.ansible/pull --url https://mygitserver.mycorps.domain.org/group/myrepo.git --clean myplaybook.yml
Options Used
- –directory → Use this directory to checkout/clone repo to
- –url → SSH or HTTPS url to clone from
- –key-file → Use this private ssh key (ssh method)
- –accept-host-key → Auto add the host identification for the url if not added (ssh method)
- –clean → Files modified in the local copy of the repo are discarded
- myplaybook.yml → Playbook to execute in the repo