When would you use the 'command' module instead of the 'shell' module in Ansible?

In Ansible, you would use the command module instead of the shell module in the following scenarios:

1. No Shell Features Needed: Use the command module when you do not need shell features like pipes (|), redirection (>, >>), or command chaining (&&, ||). The command module executes commands directly without invoking a shell.

2. Security Considerations: The command module is safer than the shell module because it does not process the command through a shell. This reduces the risk of shell injection vulnerabilities, making it a better choice for executing commands that do not require shell features.

3. Simplicity: If the command you want to run is straightforward and does not require any complex shell behavior, the command module is simpler and more efficient.

Example Usage:

Using the command module:

- name: Run a command without shell features
  command: /usr/bin/uptime

Using the shell module (when shell features are needed):

- name: Run a command with shell features
  shell: echo "Current uptime is: $(/usr/bin/uptime)"

Summary:

In summary, prefer the command module for executing simple commands directly and use the shell module when you need to leverage shell-specific features. This approach helps maintain security and clarity in your Ansible playbooks.