pulls playbooks from a VCS repo and executes them for the local host
is used to up a remote copy of ansible on each managed node, each set to run via cron and update playbook source via a source repository. This inverts the default push architecture of ansible into a pull architecture, which has near-limitless scaling potential.
The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible-pull. This is useful both for extreme scale-out as well as periodic remediation. Usage of the ‘fetch’ module to retrieve logs from ansible-pull runs would be an excellent way to gather and analyze remote logs from ansible-pull.
--accept-host-keyadds the hostkey for the repo url if not already added
--ask-su-passask for su password (deprecated, use become)
--ask-sudo-passask for sudo password (deprecated, use become)
--ask-vault-passask for vault password
--checkdon’t make any changes; instead, try to predict some of the changes that may occur
--cleanmodified files in the working repository will be discarded
--fullDo a full clone, instead of a shallow one.
--list-hostsoutputs a list of matching hosts; does not execute anything else
--private-key, --key-fileuse this file to authenticate the connection
--purgepurge checkout after playbook run
--scp-extra-args <SCP_EXTRA_ARGS>¶specify extra arguments to pass to scp only (e.g. -l)
--sftp-extra-args <SFTP_EXTRA_ARGS>¶specify extra arguments to pass to sftp only (e.g. -f, -l)
only run plays and tasks whose tags do not match these values
--ssh-common-args <SSH_COMMON_ARGS>¶specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)
--ssh-extra-args <SSH_EXTRA_ARGS>¶specify extra arguments to pass to ssh only (e.g. -R)
--track-subssubmodules will track the latest changes. This is equivalent to specifying the –remote flag to git submodule update
--vault-idthe vault identity to use
--vault-password-filevault password file
--verify-commitverify GPG signature of checked out commit, if it fails abort running the playbook. This needs the corresponding VCS module to support such an operation
--versionshow program’s version number and exit
-C <CHECKOUT>, --checkout <CHECKOUT>¶branch/tag/commit to checkout. Defaults to behavior of repository module.
-K, --ask-become-passask for privilege escalation password
-M, --module-pathprepend colon-separated path(s) to module library (default=[u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’])
-T <TIMEOUT>, --timeout <TIMEOUT>¶override the connection timeout in seconds (default=10)
-U <URL>, --url <URL>¶URL of the playbook repository
-c <CONNECTION>, --connection <CONNECTION>¶connection type to use (default=smart)
-d <DEST>, --directory <DEST>¶directory to checkout repository to
-e, --extra-varsset additional variables as key=value or YAML/JSON, if filename prepend with @
-f, --forcerun the playbook even if the repository could not be updated
-h, --helpshow this help message and exit
-i, --inventory, --inventory-filespecify inventory host path or comma separated host list. –inventory-file is deprecated
-k, --ask-passask for connection password
-l <SUBSET>, --limit <SUBSET>¶further limit selected hosts to an additional pattern
-m <MODULE_NAME>, --module-name <MODULE_NAME>¶Repository module name, which ansible will use to check out the repo. Choices are (‘git’, ‘subversion’, ‘hg’, ‘bzr’). Default is git.
-o, --only-if-changedonly run the playbook if the repository has been updated
-s <SLEEP>, --sleep <SLEEP>¶sleep for random interval (between 0 and n number of seconds) before starting. This is a useful way to disperse git requests
only run plays and tasks tagged with these values
-u <REMOTE_USER>, --user <REMOTE_USER>¶connect as this user (default=None)
-v, --verboseverbose mode (-vvv for more, -vvvv to enable connection debugging)
The following environment variables may be specified.
ANSIBLE_CONFIG – Override the default ansible config file
Many more are available for most options in ansible.cfg
/etc/ansible/ansible.cfg – Config file, used if present
~/.ansible.cfg – User config file, overrides the default config if present
Ansible was originally written by Michael DeHaan.
See the AUTHORS file for a complete list of contributors.