Tuesday, August 17, 2021

Ansible 10 Shell vs Command module

Hello DevSecOps Automation learners!! You can do wonders by learning Ansible Automations along with me.

The Ansible can run the command module as default that is you don't need to mentioned with -m option for command. That means when you don't mention any module then it is working with the 'command module'

Ansible Shell vs Command module
Ansible Shell vs Command module


Here we will execute in details of experiment with 4 different use cases which could be part of your automation playbook construct:

  1. Both operate similarly
  2. When redirect operator used
  3. When pipes used between commands
  4. Multiple commands need to run

Let's examine these use cases

1. Both operate similarly

If we need to run single Linux command to be executed then both shell, commands modules operates same way there is no difference. Here I'm using "who -r" command to be run. If we don't mention any module name then command module by default.


# Using default command module
ansible web -a "who -r"

#or
ansible web -m command -a "who -r"

# trying with localhost also fine
ansible localhost -m command -a "who -r"

# using shell module here	
ansible web -m shell -a "who -r"
Image
Ansible Shell vs Command module usage




2. When the redirection operator used

when we need to store the command execution stdout to a file we will be either using redirection operator such as greater-than or double greater-than operators. Let's see the execution of whoami command output store to user.dat file.
# Using shell module creating a redirecting file
ansible localhost -m shell -a "whoami >user.dat"


3. When pipe used between commands

Command has its limitation to execute single Linux command and output it. whereas, shell can be used for multiple commands with pipe operator allowed. let's see how it works here:
# Using shell module with pipe
ansible web -m shell -a "who -r|awk -F' ' '{print $3}'"

# pipe is not allowed in the command module ...  so fails 
ansible web -m command  -a "who -r|awk -F' ' '{print $3}'"

Image:

Ansible Shell vs Command module example
Ansible Shell vs Command module using pipe


4. When multiple commands to be run


If you need to run the multiple Linux commands, where we can use either double-ampersand && or semi-colon ; operators in between those Linux commands, This can works good with Shell module but doesn't works with command module. Hence we need to understand the limitations of command module.
# works good with shell
ansible web -m shell -a "who -r && uptime"

# fails to output with command module 
ansible web -m command -a "who -r && uptime"

# command fails when ; used
ansible web -m command -a "who -r; uptime"

# It is okay for shell module for ; separate multiple commands
ansible web -m shell -a "who -r; uptime"
The execution of the above commands output Image:
Shell vs command modules using && and ;
Ansible Shell vs Command module using && and ;

Conclusion: 

If you want to run a command securely and predictably, it may be better to use the 'command module'.

Ansible 'shell module' can run most commands that can run from bash script or CLI. They are powerful, but also opens up the doors for attachers so be careful.

 There is no file storage and usage of the process to process piped for connecting one command with other in command module not possible. You can see the error when you use '>' or '|; with com

No comments:

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)