Ansible modules - command vs shell

A comparison between command vs shell Ansible modules, when you really need to execute commands on Linux target hosts.

April 6, 2022

Ready to advance your Ansible expertise? Explore Linux Administrator Job openings today!

What is the difference between command vs shell Ansible modules?

These two Ansible modules are confused one for another but they’re fundamentally different. Both modules allow you to execute command on a target host but in a slightly different way. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

command vs shell

command

• execute commands against the target Unix-based hosts
• it bypasses the shell
• always set changed to True

shell

• execute shell commands against the target Unix-based hosts
• redirections and shell’s inbuilt functionality
• always set changed to True

The command and shell Ansible modules execute commands on the target node. Generally speaking, is always better to use a specialized Ansible module to execute a task. However, sometimes the only way is to execute a Linux command via command or shell module. Let me reinforce again, you should avoid as much as possible the usage of command/shell instead of a better module. Both modules execute commands on target nodes but in a sensible different way. The command modules execute commands on the target machine without using the target shell, it simply executes the command. The target shell is for example the popular bash, zsh, or sh. As a side effect user environment, variable expansions, output redirections, stringing two commands together, and other shell features are not available. On the other side, every command executed using shell module has all shell features so it could be expanded in runtime. From the security point of viewcommand module is more robust and has a more predictable outcome because it bypasses the shell. Both modules returned always changed status because Ansible is not able to predict if the execution has or has not altered the target system.

command module

• Execute commands on targets

The “command” module is the default module in Ansible Ad-hoc mode. The command module is able to execute only the binaries on remote hosts. The command module won’t be impacted by local shell variables because it bypasses the shell. At the same time, it may not be able to run “shell” built-in features and redirections.

shell module

• Execute shell commands on targets

The shell Ansible module is potentially more dangerous than the command module and should only be used when you actually really need the shell functionality. So if you’re not stringing two commands together (using pipes or even just && or ;), you don’t really need the shell module. Similarly, expanding shell variables or file global requires the shell module. If you’re not using these features, don’t use the shell module. Sometimes it’s the only way, I know.

Links

• ansible.builtin.shell
• ansible.builtin.command

The Best Resources For Ansible

Certifications

• The Linux Foundation Linux Performance Tuning - Build a broad toolkit to optimize Linux performance from the kernel up

• Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription

Video Course

• Udemy: Learn Ansible Automation in 250+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Printed Book

• Ansible For VMware by Examples
  Buy on Amazon Buy on Apress
• Ansible for Kubernetes by Example
  Buy on Amazon Buy on Apress
• Hands-on Ansible Automation
  Buy on Amazon Buy on BPB
• Red Hat Ansible Automation Platform
  Buy on Amazon Buy on BPB

eBooks

• Buy on Leanpub Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
• Buy on Leanpub Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
• Buy on Leanpub Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
• Buy on Leanpub Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
• Buy on Leanpub Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
• Buy on Leanpub Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
• Buy on Leanpub Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
• Buy on Leanpub Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
• Buy on Leanpub Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
• Buy on Leanpub Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
• Buy on Leanpub Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
• Buy on Leanpub Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios

demo

The command vs shell Ansible modules in Ansible Playbook. Let me show you the difference between command vs shell Ansible modules in an Ansible Playbook.

command code

---
- name: command module demo
  hosts: all
  tasks:
    - name: check uptime
      ansible.builtin.command: uptime
      register: command_output
    - name: command output
      ansible.builtin.debug:
        var: command_output.stdout_lines

command execution

ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory commmand_shell/uptime.yml
PLAY [command module demo] ************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [check uptime] *******************************************************************************
changed: [demo.example.com]
TASK [command output] *****************************************************************************
ok: [demo.example.com] => {
    "command_output.stdout_lines": [
        " 12:51:34 up 8 min,  1 user,  load average: 0.00, 0.05, 0.06"
    ]
}
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $
shell code
---
- name: shell module demo
  hosts: all
  tasks:
    - name: list file(s) and folder(s)
      ansible.builtin.shell: 'ls -l *'
      register: command_output
    - name: command output
      ansible.builtin.debug:
        var: command_output.stdout_lines

shell execution

ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory commmand_shell/list_files.yml
PLAY [shell module demo] **************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [list file(s) and folder(s)] *****************************************************************
changed: [demo.example.com]
TASK [command output] *****************************************************************************
ok: [demo.example.com] => {
    "command_output.stdout_lines": [
        "-rwxr-xr-x. 1 devops wheel 31 Mar 30 13:39 example.sh"
    ]
}
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

wrong module code

---
- name: shell module demo
  hosts: all
  tasks:
    - name: list file(s) and folder(s)
      ansible.builtin.command: 'ls -l *'
      register: command_output
   - name: command output
      ansible.builtin.debug:
        var: command_output.stdout_lines

wrong module execution

ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory commmand_shell/list_files_command.yaml
PLAY [shell module demo] **************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [list file(s) and folder(s)] *****************************************************************
fatal: [demo.example.com]: FAILED! => {"changed": true, "cmd": ["ls", "-l", "*"], "delta": "0:00:00.003038", "end": "2022-04-06 13:01:54.498403", "msg": "non-zero return code", "rc": 2, "start": "2022-04-06 13:01:54.495365", "stderr": "ls: cannot access '*': No such file or directory", "stderr_lines": ["ls: cannot access '*': No such file or directory"], "stdout": "", "stdout_lines": []}
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
ansible-pilot $

Recap

Now you know the difference between command vs shell Ansible modules and their use case. You know how to use it based on your use case.

Academy

Learn the Ansible automation technology with some real-life examples in my 200+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza