The debops exec command

The debops exec command will run the ansible command inside of the DebOps project directory with its context - environment variables defined in the configuration, unlocked ansible/secret/ directory and with the ansible.cfg configuration file used by the project, which points to the Ansible inventory.

debops exec

Execute an Ansible module against the Ansible inventory. The ansible.builtin.command module is used by default, a different module can be specified with the -m or --module-name parameter.

The debops exec command will automatically unlock and lock the encrypted ansible/secret/ directory as needed, to give the Ansible module access to secrets.


The options below need to be specified before any Ansible arguments to take effect.

-h, --help

Display the help and usage information

--project-dir <project_dir>

Path to the project directory to work on. If it's not specified, the script will use the current directory.

-V <view>, --view <view>

Specify the name of the "infrastructure view" to use for running Ansible commands. If not specified, the default view will be used automatically. Using this option overrides the automatic view detection performed by DebOps based on the current working directory.

-E, --bell

Emit an ASCII "bell" at the end of the ansible command execution to notify the user. This might be useful during longer module runs.


Do not execute ansible command; instead print out all the environment variables and the command itself to stdout.

-v, --verbose

Increase output verbosity. More letters means higher verbosity.


Mark the end of the debops exec options. Any of the options after this mark will be passed to the ansible command as-is.


You can specify all arguments supported by the ansible command to augment the execution, for example --diff, --check, --become, and so on. See ansible --help for more details.


Send a ping to all hosts in the Ansible inventory:

debops exec all -m ping

Check what UNIX account is used to run Ansible commands using a specific "infrastructure view":

debops exec -V deployment hostname -a 'whoami'

Perform a full upgrade of a Debian host using APT:

debops exec hostname -m apt -a 'upgrade=full' -b

Reboot all webservers with molly-guard(8) protection, user will be notified at the end of Ansible execution:

debops exec -E webservers -b -m reboot -a 'search_paths=/lib/molly-guard'