ansible.builtin.shell module – Execute shell commands on targets
Note
This module is part of ansible-core and included in all Ansible
installations. In most cases, you can use the short
module name
shell even without specifying the collections: keyword.
However, we recommend you use the FQCN for easy linking to the
module documentation and to avoid conflicting with other collections that may have
the same module name.
New in version 0.2: of ansible.builtin
Synopsis
The
shellmodule takes the command name followed by a list of space-delimited arguments.Either a free form command or
cmdparameter is required, see the examples.It is almost exactly like the ansible.builtin.command module but runs the command through a shell (
/bin/sh) on the remote node.For Windows targets, use the ansible.windows.win_shell module instead.
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
|---|---|
Change into this directory before running the command. |
|
The command to run followed by optional arguments. |
|
A filename, when it already exists, this step will not be run. |
|
Change the shell used to execute the command. This expects an absolute path to the executable. |
|
The shell module takes a free form command to run, as a string. There is no actual parameter named ‘free form’. See the examples on how to use this module. |
|
A filename, when it does not exist, this step will not be run. |
|
Set the stdin of the command directly to the specified value. |
|
Whether to append a newline to stdin data. Choices:
|
|
Whether to enable task warnings. Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: partial while the command itself is arbitrary and cannot be subject to the check mode semantics it adds |
Can run in check_mode and return changed status prediction withought modifying target |
|
Support: none |
Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode |
|
Platform: posix |
Target OS/families that can be operated against |
|
Support: full |
Indicates if an action takes a ‘raw’ or ‘free form’ string as an option and has it’s own special parsing of it |
Notes
Note
If you want to execute a command securely and predictably, it may be better to use the ansible.builtin.command module instead. Best practices when writing playbooks will follow the trend of using ansible.builtin.command unless the ansible.builtin.shell module is explicitly required. When running ad-hoc commands, use your best judgement.
To sanitize any variables passed to the shell module, you should use
{{ var | quote }}instead of just{{ var }}to make sure they do not include evil things like semicolons.An alternative to using inline shell scripts with this module is to use the ansible.builtin.script module possibly together with the ansible.builtin.template module.
For rebooting systems, use the ansible.builtin.reboot or ansible.windows.win_reboot module.
See Also
See also
- ansible.builtin.command
The official documentation on the ansible.builtin.command module.
- ansible.builtin.raw
The official documentation on the ansible.builtin.raw module.
- ansible.builtin.script
The official documentation on the ansible.builtin.script module.
- ansible.windows.win_shell
The official documentation on the ansible.windows.win_shell module.
Examples
- name: Execute the command in remote shell; stdout goes to the specified file on the remote
ansible.builtin.shell: somescript.sh >> somelog.txt
- name: Change the working directory to somedir/ before executing the command
ansible.builtin.shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
# You can also use the 'args' form to provide the options.
- name: This command will change the working directory to somedir/ and will only run when somedir/somelog.txt doesn't exist
ansible.builtin.shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
creates: somelog.txt
# You can also use the 'cmd' parameter instead of free form format.
- name: This command will change the working directory to somedir/
ansible.builtin.shell:
cmd: ls -l | grep log
chdir: somedir/
- name: Run a command that uses non-posix shell-isms (in this example /bin/sh doesn't handle redirection and wildcards together but bash does)
ansible.builtin.shell: cat < /tmp/*txt
args:
executable: /bin/bash
- name: Run a command using a templated variable (always use quote filter to avoid injection)
ansible.builtin.shell: cat {{ myfile|quote }}
# You can use shell to run other executables to perform actions inline
- name: Run expect to wait for a successful PXE boot via out-of-band CIMC
ansible.builtin.shell: |
set timeout 300
spawn ssh admin@{{ cimc_host }}
expect "password:"
send "{{ cimc_password }}\n"
expect "\n{{ cimc_name }}"
send "connect host\n"
expect "pxeboot.n12"
send "\n"
exit 0
args:
executable: /usr/bin/expect
delegate_to: localhost
# Disabling warnings
- name: Using curl to connect to a host via SOCKS proxy (unsupported in uri). Ordinarily this would throw a warning
ansible.builtin.shell: curl --socks5 localhost:9000 http://www.ansible.com
args:
warn: no
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The command execution delta time. Returned: always Sample: “0:00:00.325771” |
|
The command execution end time. Returned: always Sample: “2016-02-25 09:18:26.755339” |
|
changed Returned: always Sample: true |
|
The command return code (0 means success). Returned: always Sample: 0 |
|
The command execution start time. Returned: always Sample: “2016-02-25 09:18:26.429568” |
|
The command standard error. Returned: always Sample: “ls: cannot access foo: No such file or directory” |
|
The command standard error split in lines. Returned: always Sample: [{“u\u0027ls cannot access foo”: “No such file or directory\u0027”}, “u\u0027ls \u2026\u0027”] |
|
The command standard output. Returned: always Sample: “Clustering node rabbit@slave1 with rabbit@master \u2026” |
|
The command standard output split in lines. Returned: always Sample: [“u\u0027Clustering node rabbit@slave1 with rabbit@master \u2026\u0027”] |
Authors
Ansible Core Team
Michael DeHaan