Using Ansible "Pull" Mode to Dynamically Automate Server/Workstation Builds

Ansible “Pull” is an often overlooked gem, that makes it even easier to manage your server and workstation builds by combining the power of version control with the flexibility of Ansible. In this video, you’ll learn everything you need to know in order to use ansible-pull.

Individual Sections:
1:14 – What is “ansible-pull”?
7:00 – Setting up the Git Repository
14:13 – Running playbooks via ansible-pull

🙌 Support me on Patreon and get early access to new content!

Get $100 toward your own cloud server with Linode!

Wiki article for this video:

Using Ansible to configure your Desktops and Laptops

🛒 Affiliate store for Linux compatible hardware/accessories (commission earned):

💻 Check out the Tiny Pilot KVM for your Homelab (commission earned):

💻 Check out and spin up your very own Linux or Windows desktop in the cloud (commission earned):

🐦 Follow me on Twitter!

💬 Official Community:

📖 Check out jay’s latest book, Mastering Ubuntu Server 3rd Edition. Available now!

👨 More about me:

💽 How to create a bootable flash drive for installing Linux:

🐧 Which distro do I use?

🔐 How to better secure OpenSSH:

☁️ How to create a cloud Linux server with Linode:


26 thoughts on “Using Ansible "Pull" Mode to Dynamically Automate Server/Workstation Builds”
  1. I use terraform to create git repositories. It makes it really easy to keep clean repositories. I really like linode, packer, terraform, ansible-pull, and git combination. You can build things out quickly. Great video.

  2. Thank you very much, Jay, for doing such an amazing work and offering it for free! I believe I have learnt some wonderful things that are intended to be shared with the rest of the world, and individuals like you have made that possible!
    I'm hoping to see more fantastic works like this on your YouTube channel in the near future.

  3. I know several things have changed in Ansible since this video was produced. But I'm having a problem with the copy sudoers_ansible section.

    – name: copy sudoers_ansible
    src: files/sudoers_ansible
    dest: /etc/sudoers.d/ansible
    owner: root
    group: root
    mode: 0440

    I get an error that I can't decypher:

    TASK [copy sudoers_ansible] *************************************************
    fatal: [localhost]: FAILED! => {"changed": false, "checksum": "9c9e5aae4aa1c02a4934d7172d2c4cd6c057d15d",
    "msg": "Unsupported parameters for (ansible.legacy.copy) module: root Supported parameters include:
    _original_basename, attributes, backup, checksum, content, dest, directory_mode, follow, force, group,
    local_follow, mode, owner, remote_src, selevel, serole, setype, seuser, src, unsafe_writes, validate"}

    As best as I can tell, we are only using 5 parameters, src, dest, owner, group & mode. All of which are identified as being supported.
    Any ideas?

  4. Great video, I would like to suggest a video on ansible pull with private git repos. I think ppl would look like to see that video as well.

  5. I'm not sure if I get the "centralize configuration management" thingy here. If you let nodes pull in their Ansible stuff and run it, how do you get a central overview of what's going on then? Then you need to have something easy setup to visualize how these Ansible runs are doing. Otherwise you're flying blind. There are ways to do this, with callback plugins if I recall correctly. But that's not discussed here. So this is not "everything you need to know in order to use ansible-pull".

    Also, Ansible has to run the full playbook, which is quite resource intensive. Why not use Salt if you want a setup like this? Which runs an agent and keeps an eye out for what is out of sync and just applies what's needed for that.

  6. I can't seem to figure out how to get it to work with a repo that I have hosted on my private server. I always just get a very long error message

  7. This is awesome. Ansible pull seems is easy to set up. Now I can roll SSH keys if need be and do mass scale configuration. Thanks for the video.

  8. I have been trying to do this in a little bit of a different way. I'm was able to use the $HOME variable in ansible, but I can't get a $USER variable to work so I don't have to relabel if I have a different account name. Can you shed some insight

  9. Great stuff !
    This is like a reverse way of IaC via Ansible + Gitlab CI where the Gitlab runners take care of the automated provisioning..
    It will be great if you can make a video about it..

  10. Great video, watching this gives me enough confidence to start using ansible-pull across my infrastructure.

    A couple of times in the video you allude to some "extra-power" e.g. using pull mode with private repos, setting up a notification on error, but you don't go into further detail. I completely understand you excluding these deeper topics to keep the video streamlined, although it would be extra satisfying if you could provide links to further information on these skipped topics.

    Thanks for your hard work on these videos, this is the best working overview of pull mode I've seen so far.

  11. Thanks so much again!!! awesome, hope you'll keep on doing videos for Ansible. seems like from one videos to another you are uncovering the secrets of Ansible. 🙂

    what can be the issue, when nothing happens after 10 minutes?
    i'm editing the packages.yml files, then i'm pushing the changes to git, but after 10 minutes nothing happends. i thought the app will be installed, but as i'm watching Crontab logs, after 10 minutes nothing happens, and i've followed every step of this video, and when i triggered the Ansible-pull it ended successfully just like in your screen.
    what do you think can be the issue?

  12. Cron solution is a little bit "ugly". I would love to see some webhooks in action for such things. Currently im looking for some simple tool for that. I most familiar with Jenkins but its like shooting a flies with a cannon. Rundeck or Stackstorm look big and bulky as well, not to mention AWX. I could write some python script – requests and jsons are easy there. But im not programmer, i prefer to use others (better written) tools. Maybe you could recommend something lightweight?

  13. the biggest problem with ansible-pull seems to be vaults: you`ll need to make the secrets available to all clients otherwise just were available to the ansible-master.

    just a couple of annotations:
    – never update sudoers-files without validating the syntax. malformed files will ruin your day aka "cannot login anymore". just add "validate: /usr/sbin/visudo -cf %s" in the task.
    – just use the generic ansible module "packages instead of the specialized apt/dnf/yum-modules if you don`t need specific options of a package-manager like apt.
    – would not recommend installing ansible via package-manager: you`re stuck with a old version and without the possibility on version down- / upgrade. instead use pip: "sudo -H pip install ansible" oder prefered in python3: "sudo -H pip3 install ansible"

  14. I have been following your video on ansible and highly appreciate it as I find it useful. I am trying to deploy splunk in a set of hosts using ansible. Instead of the playbooks available in git. Could you make a video on deploying splunk and splunk forwarder by writing an ansible playbook? The playbook to contain wget of splunk url and wget of splunk forwarder url followed by the user name password and the ports and directories to be configured. I find this challenging and appreciate if you could make a video on this.

Leave a Reply

Your email address will not be published.

Captcha loading...