ansible all -m ping | Ping all hosts |
ansible all -a "uptime" | Run command on all hosts |
ansible webservers -m shell -a "df -h" | Run shell command |
ansible all -m copy -a "src=file dest=/tmp/" | Copy file |
ansible all -m apt -a "name=nginx state=present" -b | Install package (sudo) |
ansible all -m service -a "name=nginx state=started" -b | Start service |
ansible all -m user -a "name=deploy state=present" -b | Create user |
ansible-inventory --list | List inventory |
ansible-playbook playbook.yml | Run playbook |
ansible-playbook playbook.yml -i inventory | Specify inventory |
ansible-playbook playbook.yml --check | Dry run |
ansible-playbook playbook.yml --diff | Show diff |
ansible-playbook playbook.yml -v | Verbose (-vvv for more) |
ansible-playbook playbook.yml --limit web01 | Limit to hosts |
ansible-playbook playbook.yml --tags deploy | Run specific tags |
ansible-playbook playbook.yml --skip-tags test | Skip tags |
ansible-playbook playbook.yml -e "env=prod" | Extra variables |
# inventory.ini
[webservers]
web01 ansible_host=192.168.1.10
web02 ansible_host=192.168.1.11
[databases]
db01 ansible_host=192.168.1.20
[production:children]
webservers
databases[webservers]
web01 ansible_host=192.168.1.10 http_port=80
web02 ansible_host=192.168.1.11 http_port=8080[webservers:vars]
ansible_user=deploy
ansible_ssh_private_key_file=~/.ssh/deploy_key# inventory.yml
all:
children:
webservers:
hosts:
web01:
ansible_host: 192.168.1.10
web02:
ansible_host: 192.168.1.11
vars:
http_port: 80
databases:
hosts:
db01:
ansible_host: 192.168.1.20---
- name: Configure web servers
hosts: webservers
become: true
tasks:
- name: Install nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Start nginx
service:
name: nginx
state: started
enabled: yes---
- name: Deploy application
hosts: webservers
vars:
app_name: myapp
app_port: 8080
tasks:
- name: Create app directory
file:
path: "/opt/{{ app_name }}"
state: directory---
- name: Configure nginx
hosts: webservers
become: true
tasks:
- name: Copy nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart nginx
handlers:
- name: Restart nginx
service:
name: nginx
state: restarted- name: Install on Debian
apt:
name: nginx
when: ansible_os_family == "Debian"
- name: Install on RedHat
yum:
name: nginx
when: ansible_os_family == "RedHat"- name: Create users
user:
name: "{{ item }}"
state: present
loop:
- alice
- bob
- charlie- name: Create users with groups
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
loop:
- { name: alice, groups: admin }
- { name: bob, groups: developers }- name: Get uptime
command: uptime
register: uptime_result
- name: Show uptime
debug:
msg: "{{ uptime_result.stdout }}"- name: Handle errors
block:
- name: Risky task
command: /bin/false
rescue:
- name: Recovery task
debug:
msg: "Task failed, recovering"
always:
- name: Always runs
debug:
msg: "Cleanup"- name: Create directory
file:
path: /opt/app
state: directory
owner: deploy
group: deploy
mode: '0755'- name: Copy file
copy:
src: files/app.conf
dest: /etc/app/app.conf
owner: root
mode: '0644'- name: Deploy config
template:
src: templates/app.conf.j2
dest: /etc/app/app.conf- name: Add line to file
lineinfile:
path: /etc/hosts
line: "192.168.1.10 server.local"
state: present- name: Create user
user:
name: deploy
groups: sudo
shell: /bin/bash
generate_ssh_key: yes- name: Install packages
apt:
name:
- nginx
- python3
state: present
update_cache: yes- name: Install packages
yum:
name: nginx
state: latest- name: Manage service
service:
name: nginx
state: started
enabled: yes- name: Manage systemd service
systemd:
name: myapp
state: restarted
daemon_reload: yes- name: Clone repository
git:
repo: https://github.com/user/repo.git
dest: /opt/app
version: main- name: Run container
docker_container:
name: myapp
image: myapp:latest
ports:
- "8080:80"- name: Check endpoint
uri:
url: http://localhost:8080/health
status_code: 200
register: result- name: Print variable
debug:
var: my_variable
- name: Print message
debug:
msg: "Value is {{ my_variable }}"roles/
webserver/
tasks/
main.yml
handlers/
main.yml
templates/
nginx.conf.j2
files/
vars/
main.yml
defaults/
main.yml
meta/
main.yml---
- name: Configure servers
hosts: webservers
roles:
- webserver
- { role: database, db_name: mydb }
- role: monitoring
when: enable_monitoringansible-galaxy init myroleansible-galaxy install geerlingguy.nginx
ansible-galaxy install -r requirements.yml ansible-vault create secrets.yml | Create encrypted file |
ansible-vault edit secrets.yml | Edit encrypted file |
ansible-vault view secrets.yml | View encrypted file |
ansible-vault encrypt secrets.yml | Encrypt existing file |
ansible-vault decrypt secrets.yml | Decrypt file |
ansible-vault rekey secrets.yml | Change password |
ansible-playbook --ask-vault-pass playbook.yml | Run with vault password |
ansible-playbook --vault-password-file .vault_pass playbook.yml | Use password file |