Flansible is a very simple rest api for executing Ansible ad-hoc-commands and playbooks. It it not a replacement for Ansible Tower.
Flansible is written in Flask, and uses celery for async task execution and optionally flower for real-time monitoring of celery.
Celery requires a datastore, either Redis or RabbitMQ.
The config.ini file should be pretty self-explanatory. It's probably a good idea to remove lines 5-10 in app.py, as that's only a debug definition which probably won't make sense to you.
If you want to run the flask webserver on port 80 like I'm doing without running as root, you need to allow python to use priveliged ports:
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/python2.7
Setup tested on Ubuntu 14.04
from the Flansible/Flansible directory (where the .py files live), run the following (either using screen or in separate terminals):
celery worker -A app.celery --loglevel=info
(this starts the celery worker which will actually execute the things)
python app.py
(this starts the actual webserver. You're free to replace the built-in flask server with something else)
OPTIONAL: flower --broker=redis://localhost:6379/0
(this starts the flower web gui, which gives provides information for running tasks. Replace the value of --broker
with your own connection string for the redis/rabbitmq data store). Flower will be available on http://<hostname>:5555
Flansible comes with swagger documentation, which can be reached at
, with the json spec located at http://<hostname>/api/spec
. This should be your first stop for getting to know the
expected json payload when interacting with the api.
Flansible uses basic auth, with username/password configurable in the rbac.json file (default: admin/admin)
rbac.json allows linking usernames with a list of allowed inventories. The example provided shows how to configure a "devadmin" user which doesn't have access to Ansible's default inventory:
"rbac": [
"user": "admin",
"password": "admin",
"inventories": [
"username admin has implicit access to all inventories",
"no need to specify anything here"
"user": "devadmin",
"password": "devpassword",
"inventories": [
Not that the username "admin" is special, and is not subject to inventory access checking.
The idea behind this rbac implementation is to allow separate credentials for executing tasks and playbooks against dev/test environments without having access to make changes to production systems.
Issue a POST to http://<hostname>/api/ansiblecommand
with contenttype Application/Json
The body should contain the following (also, see the swagger spec mentioned above):
"host_pattern": "localhost",
"module": "find",
"module_args": {
"paths": "/tmp",
"age": "2d",
"recurse" : true
- module: The ansible module to execute
- host_filter: The host or host filter to execute on (defaults to "localhost" if omitted)
- extra_args: array of objects containing any extra vars
Issue a POST to http://<hostname>/api/ansibleplaybook
with contenttype Application/Json
This is an example of playbook execution:
"playbook_dir": "/home/thadministrator",
"playbook": "test.yml",
"become": true
Flansible will verify that the playbook dir/file exists before submitting the job for execution.
both ansibleplaybook and ansiblecommand will return a task_id value. That value can be used to check the
status of the job. This is done by issuing a GET to
with contenttype Application/Json
When the status reports something other than "PROGRESS", the following can be used to get the command/playbook's output:
status of the job. This is done by issuing a GET to
with contenttype Application/Json
The output from this call should resemble what you see in bash when executing Ansible interactively.
- Execute an Ansible command (
). The returning task_id is used to check status:
- Use the returned task_id to get the Ansible job output (
- Use Flower to check job statuses:
- Use Swagger to get a feel for the api (this is very much work in progress):