Watch: Three options to Safely Limit Ansible Playbooks Execution to a Single Machine

Three options to Safely Limit Ansible Playbooks Execution to a Single Machine.

Today we're going to talk about the three options to limit the execution of a potentially harmful Ansible Playbook to only one host.

I'm Luca Berton and welcome to today's episode of Ansible Pilot.

Limit Ansible Playbook to only one HOSTNAME

• use --limit at runtime

• hosts: HOSTNAME Ansible Playbook

• hosts: "{{ HOSTS }}" Ansible Playbook

Let's deep dive into our use case to Limit Ansible Playbook to only one HOSTNAME.

I'm going to show three different ways to achieve this result:

using the --limit parameter at runtime, limit the HOSTNAME in the Playbook code and the most advanced way is to define a variable in the Ansible Playbook that you could populate on-demand.

Let's discuss the pros and cons of each option.

## Playbook

In the following Playbook scenarios, I'd like to execute my harmful Ansible Playbook ONLY against demo.example.com host.

This is my Playbook inventory file:

``yaml

`

• --limit

• ansible-playbook - limit HOSTNAME PLAYBOOK

Using the --limit parameter of the ansible-playbook command is the easiest option to limit the execution of the code to only one host.

`yaml

`

``bash

ansible-pilot $ ansible-playbook --limit demo.example.com -i limit/inventory limit/playbook.yml

PLAY [harmful playbook] *

TASK [Gathering Facts]

ok: [demo.example.com]

TASK [harmful task] *

ok: [demo.example.com] => {

"msg": "harmful task"

}

PLAY RECAP **

demo.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

ansib