Connection types determine how Ansible connects to managed hosts in order to communicate with them. By default, Ansible uses the SSH protocol for remote connection to target nodes. Assuming pipelining is not enabled, Ansible uses this SSH connection to transfer modules and template files, to run remote commands, and to run the plays in the playbook on managed hosts. Thus having a fast, stable, and secure SSH connection is of paramount importance to Ansible. Besides ssh, Ansible offers other connection types which can be used to connect to managedhosts, including paramiko, and local. The connection type can be specified in the Ansible configuration file (ansible.cfg), in the inventory on a host or group basis, inside a playbook, or
\non the command-line interface.<\/p>\n
<\/p>\n
The pipelining <\/span>feature reduces the number of SSH operations required to execute a module on the remote server, by executing many ansible modules without actual file transfer. To support pipelining, the requiretty feature must be disabled in the sudoers file on the managed hosts. Pipelining is enabled by setting pipelining to true in the [ssh_connection] section of the Ansible configuration file.<\/p>\n <\/p>\n Connection types<\/span> \u2022 smart<\/strong>: This connection type checks if the locally installed SSH client supports the ControlPersist feature. If ControlPersist is supported, Ansible will use the local SSH client. If the SSH client does not support ControlPersist, the smart connection type will fall back to using paramiko. The smart connection type is the default. The ControlPersist feature is available in OpenSSH 5.6 or later. It allows SSH connections to persist so that when frequent commands run over SSH, they do not have to repeatedly go through the initial handshake. When the ControlPersist timeout is reached, the SSH connection goes through the TCP handshake again. This setting can be set in the OpenSSH The 60 second default value may be changed to something much higher to accept connections, even though the initial connection has exited and the connection is in an idle state for a longer time. This value should be set depending on the length of time it takes for playbooks to run and the frequency of running playbooks. A value of 30 minutes may be more \u2022 paramiko<\/strong>: Paramiko is a Python implementation of the SSHv2 protocol. Ansible supports it as the connection type for backward compatibility for RHEL6 and earlier, which did not have support for the ControlPersist setting in their OpenSSH version. Ansible ships with other connection type plug-ins like chroot, libvirt_lxc, jail for FreeBSD jail environments, and the recently added winrm, which uses the Python pywinrm module to communicate to Windows remote hosts that do not have SSH but support PowerShell remoting. Ansible connection types are pluggable and extensible and additional connection types are <\/p>\n Configuring connection types<\/span><\/p>\n The transport global value can be overridden by using the -c TRANSPORTNAME option while running an ad hoc command with ansible or running a playbook with ansible-playbook. The default settings related to each individual connection type appear as comments beneath their respective connection headings in Important<\/em> Alternatively, the connection type can be set with the connection: CONNECTIONTYPE parameter in a playbook as shown in the following example.<\/p>\n <\/p>\n Setting environment variables in playbooks<\/span> An environment hash can be defined in a variable using the vars<\/em> keyword in a playbook, or using the group_vars<\/em> keyword. These variables can then be referenced inside a playbook using the environment parameter. When using Ansible roles, the environment variables can be passed at a playbook level. The following example shows how to pass the $http_proxy environment variable when using an Ansible role.<\/p>\n <\/p>\n Example.<\/span><\/p>\n In this exercise, you will configure connection type and an environment using Ansible playbook. The playbook will copy a template file using the connection type defined in the inventory file, either using local or ssh connection type. The template file needs to be copied to managed hosts servera and workstation in the Create an inventory file named hosts under Create a new directory called Create a playbook named Execute the playbook Verify the content of the file <\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Connection types determine how Ansible connects to managed hosts in order to communicate with them. By default, Ansible uses the SSH protocol for remote connection to target nodes. Assuming pipelining is not enabled, Ansible uses this SSH connection to transfer modules and template files, to run remote commands, and to run the plays in the … <\/p>\n
\nVarious connection types supported by Ansible include:<\/p>\n
\nconfiguration, but is better done in the Ansible settings. In \/etc\/ansible\/ansible.cfg,<\/code> the default setting is listed in a comment:<\/p>\n#ssh_args = -o ControlMaster=auto -o ControlPersist=60s<\/pre>\n
\nappropriate:<\/p>\nssh_args = -o ControlMaster=auto -o ControlPersist=30m<\/pre>\n
\n\u2022 local<\/strong>: The local connection runs commands locally, instead of running over SSH.
\n\u2022 ssh<\/strong>: The ssh connection uses an OpenSSH-based connection, which supports ControlPersist technology.
\n\u2022 docker<\/strong>: Ansible offers a new docker connection type. It connects to containers using the docker exec command.<\/p>\n
\nplanned for future releases.<\/p>\n\n
\nThe connection type can be specified in the ansible.cfg<\/code> file under the [defaults] section of the file using the transport key.<\/li>\n<\/ul>\n[defaults]\r\n# some basic default values...\r\n... Output omitted ...\r\n#transport = smart<\/pre>\n
\/etc\/ansible\/ansible.cfg<\/code>. They can be overridden
\nspecifying that directive with a different value in the controlling ansible.cfg file. The settings for the ssh connection type are specified under the [ssh_connection] section. Likewise, the settings for paramiko can be found under the [paramiko_connection] section. The following example shows some of the default ssh connection type options.<\/p>\n[ssh_connection]\r\n... Output omitted ...\r\n# control_path = %(directory)s\/%%h-%%r\r\n#control_path = %(directory)s\/ansible-ssh-%%h-%%p-%%r\r\n#pipelining = False\r\n#scp_if_ssh = True\r\n#sftp_batch_mode = False<\/pre>\n
\nAdministrators should usually leave the connection type set to smart<\/strong> in
\nansible.cfg<\/code>, and configure playbooks or inventory files to choose an alternative connection setting when necessary.<\/p>\n\n
\nThe connection type can also be specified in inventory files on a per-host basis by using the ansible_connection variable. The following example shows an inventory file using the local connection type for localhost, and the ssh connection type for demo.<\/li>\n<\/ul>\n[targets]\r\nlocalhost ansible_connection=local\r\ndemo.lab.example.com ansible_connection=ssh<\/pre>\n
\n
\nConnection types can also be specified when running an entire playbook. Specify the --connection=CONNECTIONTYPE<\/code> option to the ansible-playbook command as shown in the following example.<\/p>\n[user@host ~]$ ansible-playbook playbook.yml --connection=local<\/pre>\n<\/li>\n<\/ul>\n
---\r\n- name: Connection type in playbook\r\n hosts: 127.0.0.1\r\n connection: local<\/pre>\n
\nSometimes a managed host needs to configure some shell environment variables before executing commands. For example, a proxy server may need to be specified through an environment variable before installing packages or downloading files; a special $PATH<\/em> variable may be needed; or certain other environment variables may need to be set. Ansible can make these types of environment settings by using the environment: parameter in a playbook.
\nSome Ansible modules, such as get_url<\/em>, yum<\/em>, and apt<\/em>, use environment variables to set their proxy server. The following example shows how to set the proxy server for package installation using the environment:<\/code> parameter which sets the $http_proxy<\/em> environment variable to
\nhttp:\/\/demo.example.com<\/code>.<\/p>\n---\r\n- hosts: devservers\r\n tasks:\r\n - name: download a file using demo.lab.example.com as proxy\r\n get_url:\r\n url: http:\/\/materials.example.copm\/file.tar.gz\r\n dest: ~\/Downloads\r\n environment:\r\n http_proxy: http:\/\/demo.example.com:8080<\/pre>\n
\nThe following example shows how to define an environment variable and reference it using the environment keyword for an entire block of tasks.<\/p>\n---\r\n- name: Demonstrate environment variable in block\r\n hosts: localhost\r\n connection: local\r\n gather_facts: false\r\n vars:\r\n myname: ansible\r\n tasks:\r\n - block:\r\n - name: Print variable\r\n shell: \"echo $name\"\r\n register: result\r\n - debug: var=result.stdout\r\n environment:\r\n name: \"{{ myname }}\"<\/pre>\n---\r\n- hosts: example_host\r\n roles:\r\n - php\r\n - nginx\r\n environment:\r\n http_proxy: http:\/\/demo.example.com:8080<\/pre>\n
\/tmp<\/code> directory.<\/p>\n ~\/ansible\/connection\/<\/code>
\ninventory with two different host names for controlnode<\/code>, controlnode<\/code> and
\ncontrolnode.example.com<\/code>, which would use two different connection types, local and ssh respectively. Also add an inventory line for managedhost1.example.com<\/code> that uses the connection type ssh.<\/p>\n[miro@controlnode ansible]# pwd\r\n\/home\/miro\/ansible\r\n[miro@controlnode ansible]# mkdir connection\r\n[miro@controlnode connection]# cat inventory\r\n\r\ncontrolnode ansible_connection=local\r\ncontrolnode.example.com ansible_connection=ssh ansible_host=localhost\r\nmanagedhost1.example.com ansible_connection=ssh<\/pre>\n
templates<\/code>. Below it, create a file named template.j2<\/code>. This file should be copied to the managed host and changed based on the environment variables specified in the playbook. This template file replaces the variables to create an inventory file on the respective host under \/tmp\/hostname<\/code>. Insert a line that replaces the $GROUPNAME<\/code> environment variable (defined in the playbook later) with the inventory group name. Insert several lines to define the inventory_hostname<\/code>, the ansible_host<\/code>, and the connection_type<\/code> variables. Set these using magic variables and predefined variables. The file should contain the following:<\/p>\n[miro@controlnode connection]# mkdir templates\r\n[miro@controlnode connection]# cd templates\r\n[miro@controlnode templates]$ cat template.j2\r\n\r\n# this is the template file\r\n[ {{ ansible_env['GROUPNAME'] }} ]\r\ninventory_hostname = {{ inventory_hostname }}\r\nansible_host = {{ ansible_host }}\r\nconnection_type = {{ ansible_connection }}<\/pre>\n connection.yml<\/code> that copies the template template.j2<\/code> to the destination host under \/tmp\/<\/code> and names the file as that of its host name specified in the inventory file (for example, \/tmp\/hostname<\/code>).
\nThe playbook should also define the environment variable named $GROUPNAME<\/code> and set its value to testservers, to define the group name in the inventory file when copied to respective managed hosts using the template template.j2<\/code>. The connection.yml<\/code> file should contain the following:<\/p>\n[miro@controlnode connection]$ cat connection.yml\r\n---\r\n# connection.yml\r\n- name: testing connection types\r\n hosts: all\r\n user: miro\r\n become: yes\r\n environment:\r\n GROUPNAME: testservers\r\n tasks:\r\n - name: template out hostfile\r\n template:\r\n src: template.j2\r\n dest: \"\/tmp\/{{ inventory_hostname }}\"<\/pre>\nconnection.yml<\/code> from its the working directory<\/p>\n[miro@controlnode connection]$ ansible-playbook -i inventory connection.yml\r\n\r\nPLAY [testing connection types] **************************************************************************************************************************************\r\n\r\nTASK [Gathering Facts] ***********************************************************************************************************************************************\r\nok: [controlnode]\r\nok: [managedhost1.example.com]\r\nok: [controlnode.example.com]\r\n\r\nTASK [template out hostfile] *****************************************************************************************************************************************\r\nok: [controlnode]\r\nok: [managedhost1.example.com]\r\nchanged: [controlnode.example.com]\r\n\r\nPLAY RECAP ***********************************************************************************************************************************************************\r\ncontrolnode : ok=2 changed=0 unreachable=0 failed=0\r\ncontrolnode.example.com : ok=2 changed=1 unreachable=0 failed=0\r\nmanagedhost1.example.com : ok=2 changed=0 unreachable=0 failed=0<\/pre>\n
\/tmp\/controlnode<\/code>, \/tmp\/controlnode.example.com<\/code>, \/tmp\/managedhost1.example.com<\/code>:<\/p>\n[miro@controlnode connection]$ cat \/tmp\/controlnode\r\n# this is the template file\r\n[ testservers ]\r\ninventory_hostname = controlnode\r\nansible_host = controlnode\r\nconnection_type = local\r\n\r\n[miro@controlnode connection]$ cat \/tmp\/controlnode.example.com\r\n# this is the template file\r\n[ testservers ]\r\ninventory_hostname = controlnode.example.com\r\nansible_host = localhost\r\nconnection_type = ssh\r\n\r\n[miro@controlnode connection]$ ansible managedhost1.example.com -a 'cat \/tmp\/managedhost1.example.com'\r\nmanagedhost1.example.com | SUCCESS | rc=0 >>\r\n# this is the template file\r\n[ testservers ]\r\ninventory_hostname = managedhost1.example.com\r\nansible_host = managedhost1.example.com\r\nconnection_type = ssh<\/pre>\n