76

I am new to the Ansible world can anyone help me in understanding the difference between shell and command in Ansible? When to use shell and when to use command?

I know that the command module is safer, as it is not affected by the user's environment.

Saikat
  • 14,222
  • 20
  • 104
  • 125
prashant
  • 2,808
  • 5
  • 26
  • 41
  • 3
    https://blog.confirm.ch/ansible-modules-shell-vs-command/ -- this link will has info on the differences between the modules. – error404 Jun 19 '19 at 08:50

4 Answers4

42

according to documentation :

shell – Execute shell commands on targets

It is almost exactly like the command module but runs the command through a shell (/bin/sh) on the remote node.

and:

command – Execute commands on targets

The command(s) will not be processed through the shell, so variables like $HOME and operations like "<", ">", "|", ";" and "&" will not work. Use the shell module if you need these features.

Samuel Harmer
  • 4,264
  • 5
  • 33
  • 67
tassinp
  • 734
  • 4
  • 8
  • 1
    If in some case, I am able to use both. Which one is preferred ? – Ahmed Hussein Mar 23 '20 at 12:30
  • 8
    `command` offers you more security (or more so-called, isolation). In other words, your command execution is unaffected by the user's environment variable. Whereas, `shell` is very similar to executing commands as yourself on a terminal – SilleBille Jun 01 '20 at 15:04
28

The Ansible Shell Module allows you to run arbitrary commands on a remote host, just like you were logged into the shell. The Shell and Command modules are very similar, the major difference being that the shell module does not escape commands, allowing you to use shell operators like redirects ("greater than", "less than"), pipe ("|") and boolean operators ("&&", "||"). This does mean that the Shell module is susceptible to command injection/shell injection, but this is easy enough to overcome by using the "quote" filter when using variables with the Shell module.

Reference: Ansible Shell Module Tutorial - Complete Beginner's Guide

stackprotector
  • 10,498
  • 4
  • 35
  • 64
RAJAT RAWAT
  • 498
  • 7
  • 17
0

shell and command are almost identical

 - name: copy or mv  within remote host
   command: cp /path/of/the/file/with/name /path/of/the/destination/directory/

while giving path of the source file, make sure it does not end with slash(/) and destination ends with slash(/)

- name: rename within remote host 
  shell: chdir=/path/ mv file_name new_file_name

command and shell can be used interchangeably.

Ghost Rider
  • 688
  • 3
  • 17
  • 38
CHIRANJEEV TRIPATHI
  • 1
  • 1
0

From ansible-lint documentation for the command-instead-of-shell rule.

This rule identifies uses of shell modules instead of a command one when this is not really needed. Shell is considerably slower than command and should be avoided unless there is a special need for using shell features, like environment variable expansion or chaining multiple commands using pipes.

sergiogarciadev
  • 2,061
  • 1
  • 21
  • 35