Execute Local Ansible Playbook
Overview
The Execute Local Ansible Playbook action allows users to run an entire Ansible project stored directly on an agent system, simplifying the deployment of configurations and automation tasks across multiple systems. This approach provides the advantage of centralizing and managing playbooks, inventories, and supporting files on the agent itself, enabling users to easily update the project on the agent as needed. By leveraging this action, you can seamlessly automate configuration management processes, such as vulnerability remediation and package management, directly from the maintained project on the agent system.
Unlike the Execute Ansible Playbook action, which requires users to input the playbook and host details directly within the bot, Execute Local Ansible Playbook accesses Ansible playbooks and host files already located on the agent. This method is ideal for environments where configurations are maintained and versioned directly on the agent system, allowing for greater control and reduced input requirements during deployment.
Prerequisites
Linux Agent:
- Agent Configuration:
Ensure the Linux Agent is configured. Refer to the Agent Installation Guide. - Ensure that Ansible is installed on the agent. Refer to the Ansible installation guide.
- The Ansible inventory file must be configured correctly on the agent to facilitate communication with the target hosts (e.g., using SSH keys).
How to Use This Action?
To use the Execute Local Ansible Playbook action, follow these steps:
-
In your bot workflow, navigate to the Linux Actions and select Library.
-
Search for or locate the Execute Local Ansible Playbook action and drag it into your workflow.
-
Select the Linux integration that is connected to the agent where the playbook is stored.
-
Under the Parameters section, specify the required parameter values according to your requirements. For more details, refer to the Parameter Details section.
-
Under the Parameters section, specify the following parameters:
- ansible_playbook_path: Provide the path to the Ansible playbook file on the agent system.
- ansible_hosts_file_path: Provide the path to the Ansible host file. If not specified, it defaults to
/etc/ansible/hosts
.
-
Save or update the bot, then click on the Run button to execute the bot or the Run button inside the action node. Wait for the execution to complete. After execution, view the results in the execution details.
Parameter Details
Parameter | Required | Description |
---|---|---|
ansible_playbook_path | Yes | The path to the Ansible playbook file on the agent system. |
ansible_hosts_file_path | No | The path to the Ansible inventory file on the agent system. If not specified, defaults to /etc/ansible/hosts . |
run_as_user | Yes | Specifies the user under which the command runs (default value is "ubuntu"). |
execution_timeout | Yes | The maximum time (in seconds) allowed for command execution (defaults to 900 seconds). |
ansible_host_key_checking | No | Default is False. Set to True to enable SSH host key checking . If set to True, ensure that all hosts are added to known hosts to avoid issues. |
dry_run | No | If set to True, performs a dry run of the playbook without making changes (default is False). |
Example Use Case
Scenario: Vulnerability Management and Package Management
In the context of vulnerability management, you can use this action to execute a playbook that updates packages across your infrastructure directly from a locally stored Ansible playbook.
Sample Ansible Playbook for Updating Packages: The following is an example of an Ansible playbook file that updates all packages on target systems.
--- - name: Update all packages hosts: all become: true tasks: - name: Ensure all packages are updated apt: upgrade: dist update_cache: yes