How to Limit Ansible playbook on Hosts, Groups and multiple hosts?
Infrastructure as code management is possible with the help of the robust automation tool Ansible.
Using playbooks, which are YAML files that provide a series of actions and configurations to apply to a group of computers, you can build and automate complicated IT operations using Ansible.
For testing, troubleshooting, or security purposes, you might need to restrict the use of your playbook to a single or group of hosts, though.
We'll look at several approaches to limiting an Ansible playbook to a single machine in this blog article.
Let take a sample hosts file in which I have two remote hosts running on -
- AWS - ec2-3-126-91-79.eu-central-1.compute.amazonaws.com
- GCP - 35.204.184.224
Here is the screenshot of my hosts file -
Table of Content
- Method 1: Use the limit parameter with remote host IP
- Method 2: Use the limit parameter with host name
- Method 3: Use the -l parameter with host name and host IP
- How to limit multiple hosts in Ansible Playbook
- How to exclude host from Ansible playbook execution
- Wildcard pattern for including and excluding the hosts
- Range pattern for including and excluding the hosts
- Why you should use --limit flag more often?
Method 1: Use the limit parameter with remote host IP
Using the --limit argument when executing an Ansible playbook is the easiest approach to restrict it to a single machine.
Ansible is instructed to only apply the playbook to the machines specified in a comma-separated list of hostnames or IP addresses by the --limit argument.
Consider the scenario where you have a script that installs and sets up Apache on several web servers.
Run the following command to restrict the playbook to a single AWS machine with the hostname "ec2-3-126-91-79.eu-central-1.compute.amazonaws.com":
1# Horizontal scroll the command to see the limit
2#Ansible playbook with --limit ec2-3-126-91-79.eu-central-1.compute.amazonaws.com
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit ec2-3-126-91-79.eu-central-1.compute.amazonaws.com
Running the ansible playbook by limiting on GCP host
1# Horizontal scroll the command to see the limit
2#Ansible playbook with --limit 35.204.184.224
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit 35.204.184.224
Method 2: Use the limit parameter with host name
Now we will limit the ansible playbook using the host name, so here is my hosts file with hosts name - aws, gcp
1# Host name = aws
2[aws]
3ec2-3-126-91-79.eu-central-1.compute.amazonaws.com
4
5# Host name = gcp
6[gcp]
735.204.184.224
Let's check the ansible playbook commands and how we are going to pass the hostname.
For AWS
1# Horizontal scroll the command to see the limit
2# --limit aws
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit aws
For GCP
1# Horizontal scroll the command to see the limit
2# --limit gcp
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit gcp
Method 3: Use the -l parameter with host name and host IP
Now we will limit the ansible playbook using the host name & IP, so here is my hosts file with hosts name - aws, gcp
1# Host name = aws
2[aws]
3ec2-3-126-91-79.eu-central-1.compute.amazonaws.com
4
5# Host name = gcp
6[gcp]
735.204.184.224
Let's check the ansible playbook commands and how we are going to pass the hostname & IP with -l limit
For AWS
1# Horizontal scroll the command to see the limit
2# -l 'aws:&ec2-3-126-91-79.eu-central-1.compute.amazonaws.com'
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml -l 'aws:&ec2-3-126-91-79.eu-central-1.compute.amazonaws.com'
For GCP
1# Horizontal scroll the command to see the limit
2# -l 'gcp:&35.204.184.224'
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml -l 'gcp:&35.204.184.224'
How to limit multiple hosts in Ansible Playbook
Let's take the same example of the hosts file where we have two hosts - aws, gcp
1# Host name = aws
2[aws]
3ec2-3-126-91-79.eu-central-1.compute.amazonaws.com
4
5# Host name = gcp
6[gcp]
735.204.184.224
Now we will use the --limit flag on both the hosts .i.e. aws, gcp.
Here is ansible playbook command -
1# Horizontal scroll the command to see the limit
2# --limit gcp,aws
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit gcp,aws
How to exclude host from Ansible playbook execution?
For excluding the hosts from ansible playbook execution you should use ! followed by host name.
Here is an example on how to exclude the gcp host-
(Note - Instead of using host name you can also use the host IP address as well --limit '!35.204.184.224')
1# Horizontal scroll the command to see the limit
2# --limit '!gcp'
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit '!gcp'
To restrict the playbook to a specific subset of hosts in the inventory, use Ansible's --limit option.
This might be helpful if you simply want to make modifications to a certain set of hosts, or if you want to leave out specific hosts from the playbook run.
By specifying a particular pattern, in this case!gcp, the --limit option is being utilized to exclude sites that match that pattern. !gcp means "exclude any hosts that match the pattern gcp" because the ! character is used to negate patterns.
Consequently, the following happens when the command ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit '!gcp' is executed:
- A list of all the hosts that Ansible will manage may be found in the inventory file located at inventory/ansible-import-roles-playbook/hosts, which Ansible will read.
- The playbook file ansible-import-roles-playbook.yml, which provides instructions for managing and configuring the hosts, will be executed.
- The playbook execution will only be limited to hosts that do not fit the gcp pattern if the --limit '!gcp' option is used. As a result, the playbook run will not include any hosts whose names contain the phrase gcp.
The ability to execute a playbook on all hosts in the inventory with the exception of a particular group of hosts that fit a particular pattern makes this command valuable.
How to exclude multiple hosts from Ansible playbook execution?
You may use the --limit option to specify a comma-separated list of patterns to exclude multiple hosts from an Ansible playbook execution ex: --limit '!gcp,!aws'.
Here is a sample command that prevents a playbook from being executed on multiple hosts:
1# Horizontal scroll the command to see the limit
2# --limit '!gcp,!aws'
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit '!gcp,!aws'
Since we have excluded all the hosts, so our playbook will not run -
Wildcard pattern for including and excluding the hosts
In order to match a collection of hosts in the inventory, Ansible lets you specify hosts using a wildcard pattern. When you wish to execute a playbook across a number of hosts that share a naming scheme or attribute, this can be helpful.
In Ansible, you can specify hosts using a wildcard pattern by passing the pattern as an argument to the --limit option. To match one or more characters in the hostname, the pattern can use wildcard characters like * and ?
Here are a few illustrations:
- --limit 'gc*' in playbook.yml With this command, the playbook.yml will be executed on all hosts with the prefix gc.
1# Horizontal scroll the command to see the limit
2# --limit 'gc*'
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit 'gc*'
- --limit '?cp' will execute the playbook on all hosts with names that begin with the letter gc
1# Horizontal scroll the command to see the limit
2# --limit 'gc*'
3
4ansible-playbook --inventory inventory/ansible-import-roles-playbook/hosts ansible-import-roles-playbook.yml --limit '?cp'
To further reduce the number of hosts on which your playbook will run, you can combine wildcard patterns with additional patterns.
Range pattern for including and excluding the hosts
You can use a pattern that contains the range of hosts using curly braces and a range operator to provide a range of hosts with the --limit argument in Ansible.
Consider a collection of hosts with the designations host1, host2, host3, host4, and host5. The following command can be used to run an Ansible playbook on just the first three hosts in this group:
1ansible-playbook playbook.yml --limit 'host[1:3]'
In this command, the --limit parameter specifies the pattern host[1:3], which includes all hosts that match the host prefix and a number between 1 and 3. The curly braces {} are not required when using the range operator ...
You can also use other patterns with the range operator to specify a range of hosts. For example:
- host[1,3,5]..host[10] will match all hosts between host1, host3, host5 and host10.
- host-[a:b] will match all hosts with a name that starts with host- followed by a lowercase letter between a and b.
- host-[A:B] will match all hosts with a name that starts with host- followed by an uppercase letter between A and B.
Why you should use --limit flag more often?
An Ansible playbook's scope can be limited to a particular group of hosts by using the --limit parameter. The following are some advantages of utilizing Ansible's --limit flag:
-
Performance gain: By restricting the playbook to a certain group of hosts, you can increase the playbook's performance by lowering the amount of network traffic and CPU use needed to run it.
-
Reduced chance of mistakes: By restricting the playbook to a certain group of hosts, you lower the possibility that problems may arise when the playbook is executed on unwanted hosts.
-
Easier Testing: Test the playbook on a subset of hosts without difficulty before deploying it to all of the hosts in the infrastructure by restricting it to a certain set of hosts.
-
Flexibility: Running a playbook on a selected subset of hosts is possible using the --limit command. You have the option of restricting the playbook to a single host, a collection of hosts, or a mix of hosts and groups.
-
Security: By restricting the playbook to a certain group of hosts, you may lessen the chance that someone else will have access to confidential data or resources that are on other hosts.
-
Troubleshooting: Troubleshooting can be made easier by restricting the playbook to a certain set of hosts and isolating the playbook's scope to that set of hosts. This can facilitate quicker problem identification and addressing.
You can read more about targeting hosts and groups from Ansible official doc
Posts in this Series
- How to Use SSH Keys with Ansible for Secure Server Management?
- Why YAML is so important in Ansible?
- Clone Public and Private Git Repositories with Ansible
- How to Limit Ansible playbook on Hosts, Groups and multiple hosts?
- Easy Fix for 'zsh command not found ansible' Error After Installing Ansible with Pip
- Demystifying Hosts, Inventory Roles, and Tasks
- Fixing-Unable to start service apache2 Job for apache2.service failed because the control process exited with error code?
- Why Ansible is the Ultimate Tool for DevOps Teams - A Beginner's Guide?
- Ansible how to fix destination path already exists and is not an empty directory?
- Install Ansible on MacOS, Windows, Ubuntu(debian) and Fedora(rpm) - Part 1