Ansible is great for automating devices with SSH access, but for most tasks, python is required to be installed on the host beforehand. Now, most of the time, that’s not a difficult requirement, but for some machines, that might just be too much.
For those machines, there is some ansible modules that still can be used:
- raw
- Executes a low-down and dirty command
- Official documentation: here
- script
- Runs a local script on a remote node after transferring it
- Official documentation: here
- telnet
- Executes a low-down and dirty telnet command
- Official documentation: here
- local_action
- not really a module, this is used in playbooks to run modules locally on your machine instead of remotely
- Official documentation: here
Without most of the normal modules, we are quite limited, but can still build playbooks with a lot of useful tasks.
raw
This is the most powerful one. With raw, you can do anything you normally do over ssh as commands, and then some more, because you can use templates.
The most obvious, is to run commands:
- name: "make directory"
raw: mkdir /tmp/test
You can include variables in your commands:
- name: "test"
raw: mkdir /tmp/{{ inventory_hostname_short }}
You can also abuse it to template out whole config files:
- name: "template"
raw: echo {{ lookup('template', 'templates/config.j2') | quote }} > /etc/config.conf
This works by calling the template rendering within the template, and to avoid any quoting issues with the echo command, pass it to quote so it will be correctly quoted.
Normally, when using {{ }} templates in playbooks, it is good practice to enclose them in quotes. However, with the raw module, quotes are passed completely unmodified. This will mess up any quotes done by the | quote function.
As long as you are aware of this, there is not an issue, and you can use quotes as you need.
script
The most obvious use for script is to simply transfer a shell script and execute it:
- name: "Script"
script:
cmd: scripts/test.sh
This one can also be abused to extract a tar file under any directory:
- name: "Extract"
script:
cmd: files/package.tar
chdir: /usr/local
executable: /bin/tar xvf
local_action
This often overlooked, since it by definition acts on your local machine rather than the remote, but can be quite effective when used well.
Use local_action and ssh to copy file when scp/sftp fails:
- name: "Copy"
local_action: "shell cat scripts/test.sh | ssh {{ ansible_user }}@{{ inventory_hostname }} dd of=/tmp/testfile.sh"
Compress files into a tar, perhaps for use with the above script extract:
- name: "Copy"
local_action: "shell tar -C files/package -cf files/package.tar ./bin/program ./lib/*"
Change default password of freshly installed software:
- name: "Change password"
local_action: "shell curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' http://{{ inventory_hostname }}/changepass.asp --data 'username=admin&oldpass=admin&newpass={{ secret_password }}&confirmpass={{ secret_password }}'"
I want to highlight this example found in the official documentation, to mass rsync data out to servers:
- name: Recursively copy files from management server to target
local_action: ansible.builtin.command rsync -a /path/to/files {{ inventory_hostname }}:/path/to/target/
As the official documentation says, this can also be used to take servers out of load balancers when you have a cli method of doing so.
telnet
When your device doesn’t even have SSH, but telnet, ansible can still be used:
- name: "Set syslog server"
telnet:
user: {{ telnet_username }}
password: {{ telnet_password }}
port: 23
login_prompt: 'Login: '
password_prompt: 'Password: '
prompts:
- "User> "
- "Password: "
- "Config# "
command:
- terminal length 0
- enable
- {{ telnet_password }}
- set log syslog remote {{ syslog_server }}
In the end, the most powerful feature of ansible which is parallel execution and templating, is usable on almost any device with almost any network connectivity.