Three options to Safely Limit Ansible Playbooks Execution to a Single Machine — Video Tutorial
Three options to safely limit Ansible Playbook execution to a single machine using runtime parameters, playbook code, and variables.
Watch Video
Watch "Three options to Safely Limit Ansible Playbooks Execution to a Single Machine" on YouTube
What You'll Learn
- Three options to Safely Limit Ansible Playbooks Execution to a Single Machine.
- Limit Ansible Playbook to only one HOSTNAME
- Ansible command limit option
- code
- execution
- wrong execution
- Ansible Playbook hosts
- code
- execution
- Ansible Playbook hosts advanced
Full Tutorial Content
Three options to Safely Limit Ansible Playbooks Execution to a Single Machine.
Today we're going to talk about the three options to limit the execution of a potentially harmful Ansible Playbook to only one host.
I'm Luca Berton and welcome to today's episode of Ansible Pilot.
Limit Ansible Playbook to only one HOSTNAME
- use `--limit` at runtime
- `hosts: HOSTNAME` Ansible Playbook
- `hosts: "{{ HOSTS }}"` Ansible Playbook
Let's deep dive into our use case to Limit Ansible Playbook to only one HOSTNAME.
I'm going to show three different ways to achieve this result:
using the `--limit` parameter at runtime, limit the HOSTNAME in the Playbook code and the most advanced way is to define a variable in the Ansible Playbook that you could populate on-demand.
Let's discuss the pros and cons of each option.
## Playbook
In the following Playbook scenarios, I'd like to execute my harmful Ansible Playbook ONLY against demo.example.com host.
This is my Playbook inventory file:
```yaml
[linux]
demo.example.com
Playbook2.example.com
[all:vars]
ansible_connection=ssh
ansible_user=devops
ansible_ssh_private_key_file=~/.ssh/id_rsa
```
Ansible command limit option
- `--limit`
- `ansible-playbook - limit HOSTNAME PLAYBOOK`
Using the `--limit` parameter of the `ansible-playbook` command is the easiest option to limit the execution of the code to only one host.
The advantage is that you don't need to edit the Ansible Playbook code before executing to only one host.
The drawback is that you should remember every time you execute the command and sometimes humans are not so reliable.
code
- playbook.yml
```yaml
---
- name: harmful playbook
hosts: all
tasks:
- name: harmful task
ansible.builtin.debug:
msg: "harmful task"
```
execution
```bash
ansible-pilot $ ansible-playbook --limit demo.example.com -i limit/inventory limit/playbook.yml
PLAY [harmful playbook] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [harmful task] *******************************************************************************
ok: [demo.example.com] => {
"msg": "harmful task"
}
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ansible-pilot $
```
wrong execution
If we forgot the `--limit` option the result could be very harmful.
```bash
ansible-pilot $ ansible-playbook -i limit/inventory limit/playbook.yml
PLAY [harmful playbook] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
ok: [Playbook2.example.com]
TASK [harmful task] *****************************************************************
About This Tutorial
- Author: Luca Berton
- Difficulty: Advanced
- Read time: 5 min
- Category: troubleshooting
Read the full written article: Three options to Safely Limit Ansible Playbooks Execution to a Single Machine
Topics Covered
Related Video Tutorials
- Ansible troubleshooting - VMware Unknown error while connecting to vCenter or ESXi — Let’s troubleshoot together the Ansible fatal error “Unknown error while connecting to vCenter or ESXi API, [Errno -2] Name or service not known” to find.
- Ansible troubleshooting - VMware certificate verify failed connecting to vCenter or ESXi — Learn how to resolve the "certificate verify failed" error in Ansible when connecting to VMware vCenter. Follow our step-by-step guide for a smooth fix.
- Ansible Disable SSH Host Key Checking: Configuration Guide — How to disable SSH host key checking in Ansible. Configure ansible.cfg, environment variables, and per-host settings for lab and production environments.
- ansible.builtin.command Module: Run Ad-Hoc Commands & Tasks (Guide) — How to run commands with Ansible command module (ansible.builtin.command). Execute ad-hoc tasks, manage remote systems, capture output with register.
- Configure Ansible Dynamic Inventory for VMware in Simple Steps — Discover how to configure Ansible Dynamic Inventory for VMware to automate and manage virtual machines efficiently. Step-by-step guide with Playbook included.
- Ansible shell Module: Run Shell Commands with Pipes & Redirects (Guide) — How to run shell commands in Ansible with the shell module (ansible.builtin.shell). Use pipes, redirects, environment variables. Difference from command.