From entry to mastery: Application and best practices of Ansible Shell modules

Ansible is a powerful automated operation and maintenance tool. Through its modular design, it can easily manage and configure remote hosts. As a commonly used module of Ansible, the shell module allows us to execute complex commands or scripts on the target host. Whether it is a single command or a complex shell script, the Ansible shell module can easily handle it.

This article will comprehensively explain the use of Ansible shell modules from entry to mastery, and combine best practices to help you use this module more efficiently to perform automation tasks.

1. Overview of Ansible shell module

Ansible's shell module allows us to execute arbitrary Shell commands on the target host. It supports standard Shell command syntax, including pipes, redirections, and other operations, so it is very suitable for handling some scenarios that require complex commands or scripts.

1. Basic syntax of shell module

 ansible <host-pattern> -m shell -a '<command>'

• <host-pattern>: The host or host group on which the command is to be executed. It can be a single host, multiple hosts, or a host group.
• -m shell: Specifies to use the shell module to execute the command.
• -a '<command>': Pass the command to be executed via -a, in this case uptime.

You can also use ansible-playbook to execute the shell:

 - name:Runashellcommand hosts:all tasks: -name:Runacommandtocheckdiskspace shell:<command># "df -h" register:disk_space -name:Showtheoutput debug: var:disk_space.stdout

• <command> is the Shell command you want to execute on the target host, for example: df -h.
• Unlike other Ansible modules, shell modules generally require the desired actions to be written explicitly in a command string.
• register: disk_space captures the return result of the command df -h and stores it in the disk_space variable.

2. Common parameters of shell module

• chdir: Specifies the directory to switch to before executing the command.
• creates: If the file or directory already exists, the command will not be executed. This is useful for preventing repeated execution of tasks.
• removes: Similar to creates, but the command is executed only if the file or directory does not exist.

2. Basic usage: executing simple commands

Example 1: Execute the uptime command

Use the ansible -m shell -a 'uptime' command to execute the uptime command directly on the remote host managed by Ansible. This command uses the shell module and passes command parameters through the -a parameter. Successful execution is as follows:

 root@ansible:~/shell# ansible hp -m shell -a 'uptime' 192.168.31.232 | CHANGED | rc=0 >> 12:11:06 up 17 min, 2 users, load average: 0.77, 0.66, 0.44 192.168.31.231 | CHANGED | rc=0 >> 12:11:06 up 17 min, 2 users, load average: 0.77, 0.66, 0.44

To use ansible-playbook to execute, you must first write a yml file with the following content:

 - name:Executeasimpleshellcommand hosts:all tasks: -name:Run`uptime`command shell:uptime register:uptime_output -name:Showtheoutput debug: var:uptime_output.stdout

The above content uses the shell module to execute uptime, store the output result in uptime_output, and output it to the terminal as standard.

This example executes the uptime command on all target hosts to obtain the system uptime.

Example 2: Running multiple commands

Ansible's shell module supports executing multiple commands, and commands can be concatenated through pipelines (&& or ;).

You can also execute it through ansible-playbook:

 - name:Runmultipleshellcommands hosts:hp tasks: -name:Checkdiskspaceandsystemload shell:"df -h && uptime" register:output_vars -name:Showtheoutput debug: var:output_vars.stdout

In this example, df -h is used to view the disk space, and then uptime is executed to view the system load.

3. Advanced Applications: Multi-line Commands and Script Execution

The shell module supports the execution of multi-line commands, allowing you to run a complete shell script in one task.

Example 3: Execute multiple lines of commands

 - name:Executeamulti-lineshellscript hosts:all tasks: -name:Runsetupscript shell: | echo "Starting setup..." mkdir -p /tmp/setup cd /tmp/setup curl -O https://example.com/setup.sh chmod +x setup.sh ./setup.sh

In this example, the | symbol indicates a multi-line command, and the task will:

• Create a directory /tmp/setup
• Download the script setup.sh
• Add execute permissions to the script
• Execute the script

Example 4: Using conditional judgment to execute commands

The shell module can also be combined with conditional judgment to execute commands. As shown below, the directory /tmp/mydir will be created only if it does not exist.

 - name:Runaconditionalshellcommand hosts:all tasks: -name:Checkifadirectoryexistsandcreateit shell: | if [ ! -d "/tmp/mydir" ]; then mkdir /tmp/mydir fi

Advanced features: Avoiding duplicate execution and working directories

Example 5: Avoiding repeated execution of commands

Sometimes we don’t want to execute the same command every time we run a Playbook. The creates parameter can help us avoid this.

 - name:Runacommandonlyifafiledoesnotexist hosts:all tasks: -name:Createafileifitdoesn'talreadyexist shell:touch/tmp/example.txt args: creates:/tmp/example.txt

If the /tmp/example.txt file already exists, the task will not be executed, thus avoiding duplicate creation of the file.

Example 6: Execute a command in a specific directory

The chdir parameter allows you to specify the working directory for command execution. This is very useful when you need to execute a command in a project directory.

 - name:Executecommandinaspecificdirectory hosts:all tasks: -name:PullthelatestcodefromGit shell:gitpull args: chdir:/path/to/project

This task will go to the /path/to/project directory and execute the git pull command to update the code.

FAQ and Best Practices

Notes when using the shell module:

• Avoid executing simple commands: For simple commands, try to use the command module, which is safer and more efficient than the shell module. The command module does not handle any shell features (such as pipes, redirections, etc.) in the command line, so for simple tasks, it is recommended to give priority to command.
• Ensure idempotency: Ansible tasks should be idempotent, that is, the tasks will not produce side effects when executed multiple times. For commands that need to be executed, it is best to use conditional judgments to ensure that they are executed only when necessary.
• Avoid exposing sensitive information in commands: If the command contains sensitive information (such as passwords), try to avoid hard-coding it in the Playbook. Consider using Ansible Vault to encrypt sensitive information.

Performance optimization:

• Reduce the number of command executions: By properly using the creates or removes parameters, you can avoid unnecessary command execution and improve the execution efficiency of the Playbook.
• Reasonable task division: Divide more complex scripts into multiple tasks to ensure that each task has a single execution goal, which facilitates problem troubleshooting.

Summarize

Ansible's shell module provides powerful functions, allowing us to execute complex commands and scripts on the target host. By properly using the various features of the shell module, we can greatly simplify automated operation and maintenance work and improve production efficiency.