Three options to Safely Limit Ansible Playbooks Execution to a Single Machine — Video Tutorial

Three options to safely limit Ansible Playbook execution to a single machine using runtime parameters, playbook code, and variables.

Watch on YouTube · Read the written article

Tutorial summary

What you'll learn

Three options to Safely Limit Ansible Playbooks Execution to a Single Machine.
Limit Ansible Playbook to only one HOSTNAME
Ansible command limit option
code
execution
wrong execution
Ansible Playbook hosts
code
execution
Ansible Playbook hosts advanced

Three options to Safely Limit Ansible Playbooks Execution to a Single Machine. Today we're going to talk about the three options to limit the execution of a potentially harmful Ansible Playbook to only one host. I'm Luca Berton and welcome to today's episode of Ansible Pilot. Limit Ansible Playbook to only one HOSTNAME - use `--limit` at runtime - `hosts: HOSTNAME` Ansible Playbook - `hosts: "{{ HOSTS }}"` Ansible Playbook Let's deep dive into our use case to Limit Ansible Playbook to only one HOSTNAME. I'm going to show three different ways to achieve this result: using the `--limit` parameter at runtime, limit the HOSTNAME in the Playbook code and the most advanced way is to define a variable in the Ansible Playbook that you could populate on-demand. Let's discuss the pros and cons of each option. ## Playbook In the following Playbook scenarios, I'd like to execute my harmful Ansible Playbook ONLY against demo.example.com host. This is my Playbook inventory file: ```ini [linux] demo.example.com Playbook2.example.com [all:vars] ansible_connection=ssh ansible_user=devops ansible_ssh_private_key_file=~/.ssh/id_rsa ``` Ansible command limit option - `--limit` - `ansible-playbook - limit HOSTNAME PLAYBOOK` Using the `--limit` parameter of the `ansible-playbook` command is the easiest option to limit the execution of the code to only one host. The advantage is that you don't need to edit the Ansible Playbook code before executing to only one host. The drawback is that you should remember every time you execute the command and sometimes humans are not so reliable. code - playbook.yml ```yaml --- - name: harmful playbook hosts: all tasks: - name: harmful task ansible.builtin.debug: msg: "harmful task" ``` execution ```bash ansible-pilot $ ansible-playbook --limit demo.example.com -i limit/inventory limit/playbook.yml PLAY [harmful playbook] *************************************************************************** TASK [Gathering Facts] **************************************************************************** ok: [demo.example.com] TASK [harmful task] ******************************************************************************* ok: [demo.example.com] => { "msg": "harmful task" } PLAY RECAP **************************************************************************************** demo.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ansible-pilot $ ``` wrong execution If we forgot the `--limit` option the result could be very harmful. ```bash ansible-pilot $ ansible-playbook -i limit/inventory limit/playbook.yml PLAY [harmful playbook] *************************************************************************** TASK [Gathering Facts] **************************************************************************** ok: [demo.example.com] ok: [Playbook2.example.com] TASK [harmful task] ******************************************************************

About this tutorial

Author: Luca Berton
Difficulty: Advanced
Read time: 5 min
Category: troubleshooting

Topics covered

Related video tutorials