ansible.builtin.pipe lookup – read output from a command

Note

This lookup plugin is part of ansible-core and included in all Ansible installations. In most cases, you can use the short plugin name pipe. However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.pipe for easy linking to the plugin documentation and to avoid conflicting with other collections that may have the same lookup plugin name.

Synopsis

  • Run a command and return the output.

Terms

Parameter

Comments

Terms

string / required

command(s) to run.

Notes

Note

  • Like all lookups this runs on the Ansible controller and is unaffected by other keywords, such as become, so if you need to different permissions you must change the command or run Ansible as another user.

  • Alternatively you can use a shell/command task that runs against localhost and registers the result.

  • Pipe lookup internally invokes Popen with shell=True (this is required and intentional). This type of invocation is considered a security issue if appropriate care is not taken to sanitize any user provided or variable input. It is strongly recommended to pass user input or variable input via quote filter before using with pipe lookup. See example section for this. Read more about this Bandit B602 docs

  • The directory of the play is used as the current working directory.

Examples

- name: raw result of running date command
  ansible.builtin.debug:
    msg: "{{ lookup('ansible.builtin.pipe', 'date') }}"

- name: Always use quote filter to make sure your variables are safe to use with shell
  ansible.builtin.debug:
    msg: "{{ lookup('ansible.builtin.pipe', 'getent passwd ' + myuser | quote ) }}"

Return Value

Key

Description

Return value

list / elements=string

stdout from command

Returned: success

Authors

  • Daniel Hokka Zakrisson

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.