Ansible Cheatsheet
Basic Commands
- Run ad-hoc command on all hosts
ansible all -m ping
- Run command on specific group
ansible webservers -m command -a "uptime"
ansible all -m command -a "systemctl status nginx" --become
- Run command with specific user
ansible all -m command -a "whoami" --become-user=nginx
ansible --version
- List all hosts in inventory
ansible all --list-hosts
Inventory Management
- Use custom inventory file
ansible all -i inventory.ini -m ping
- Example static inventory file (inventory.ini)
[webservers]
web1.example.com
web2.example.com
[databases]
db1.example.com
db2.example.com
[all:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/id_rsa
- Example dynamic inventory (YAML)
all:
children:
webservers:
hosts:
web1.example.com:
web2.example.com:
databases:
hosts:
db1.example.com:
ansible-inventory --list
ansible-inventory --list --yaml webservers
Playbooks
ansible-playbook playbook.yml
- Run playbook with specific inventory
ansible-playbook -i inventory.ini playbook.yml
ansible-playbook playbook.yml --check
- Run with increased verbosity
ansible-playbook playbook.yml -v
# or -vv, -vvv for more detail
ansible-playbook playbook.yml --tags "install,configure"
ansible-playbook playbook.yml --skip-tags "testing"
---
- name: Install and configure nginx
hosts: webservers
become: yes
tasks:
- name: Install nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Start nginx service
systemd:
name: nginx
state: started
enabled: yes
Common Modules
- Package management (apt/yum)
ansible all -m apt -a "name=nginx state=present" --become
ansible all -m systemd -a "name=nginx state=started enabled=yes" --become
ansible all -m copy -a "src=/local/file dest=/remote/file owner=root mode=644" --become
ansible all -m template -a "src=template.j2 dest=/etc/config.conf" --become
ansible all -m file -a "path=/opt/myapp state=directory owner=root group=root mode=755" --become
ansible all -m get_url -a "url=https://example.com/file.tar.gz dest=/tmp/"
ansible all -m shell -a "echo $HOME"
ansible all -m setup
Variables and Facts
- Use variables in playbook
---
- name: Use variables
hosts: all
vars:
app_name: myapp
app_version: 1.0
tasks:
- name: Create app directory
file:
path: "/opt/{{ app_name }}"
state: directory
ansible-playbook playbook.yml --extra-vars "@vars.yml"
- Pass variables via command line
ansible-playbook playbook.yml --extra-vars "version=2.0 environment=production"
ansible hostname -m setup
ansible hostname -m setup -a "filter=ansible_distribution*"
Roles
ansible-galaxy init myrole
ansible-galaxy install geerlingguy.nginx
- Install roles from requirements file
ansible-galaxy install -r requirements.yml
---
- name: geerlingguy.nginx
version: 2.8.0
- src: https://github.com/username/repo.git
name: custom-role
---
- name: Configure web servers
hosts: webservers
roles:
- geerlingguy.nginx
- { role: myapp, app_env: production }
Ansible Vault
ansible-vault create secrets.yml
ansible-vault edit secrets.yml
ansible-vault view secrets.yml
ansible-vault encrypt vars.yml
ansible-vault decrypt vars.yml
ansible-vault rekey secrets.yml
ansible-playbook playbook.yml --ask-vault-pass
ansible-playbook playbook.yml --vault-password-file .vault_pass
Conditionals and Loops
- name: Install package on Ubuntu
apt:
name: nginx
state: present
when: ansible_distribution == "Ubuntu"
- name: Install multiple packages
apt:
name: "{{ item }}"
state: present
loop:
- nginx
- git
- curl
- name: Create users
user:
name: "{{ item.name }}"
shell: "{{ item.shell }}"
loop:
- { name: 'user1', shell: '/bin/bash' }
- { name: 'user2', shell: '/bin/zsh' }
Error Handling
- name: This might fail
command: /bin/false
ignore_errors: yes
- name: Attempt something
command: /might/fail
register: result
failed_when: result.rc != 0 and "expected error" not in result.stderr
- name: Download file
get_url:
url: https://example.com/file.tar.gz
dest: /tmp/file.tar.gz
retries: 3
delay: 5
Debugging and Testing
- name: Show variable
debug:
var: ansible_hostname
- name: Show custom message
debug:
msg: "The hostname is {{ ansible_hostname }}"
ansible-playbook playbook.yml --syntax-check
ansible-playbook playbook.yml --list-tasks
ansible-playbook playbook.yml --list-hosts
ansible-playbook playbook.yml --step
Configuration
- View Ansible configuration
ansible-config view
ansible-config list
[defaults]
inventory = ./inventory
remote_user = ubuntu
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
retry_files_enabled = False
[privilege_escalation]
become = True
become_method = sudo
become_user = root
Useful Patterns
- Run playbook on single host
ansible-playbook playbook.yml --limit "web1.example.com"
ansible-playbook playbook.yml --limit "webservers:&production"
ansible-playbook playbook.yml --limit "all:!databases"
- Check if service is running
- name: Check if nginx is running
command: systemctl is-active nginx
register: nginx_status
failed_when: false
changed_when: false
- Restart service only if config changed
- name: Copy nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted