ansible all -m ping | 모든 호스트 핑 |
ansible all -a "uptime" | 모든 호스트에서 명령 실행 |
ansible webservers -m shell -a "df -h" | 쉘 명령 실행 |
ansible all -m copy -a "src=file dest=/tmp/" | 파일 복사 |
ansible all -m apt -a "name=nginx state=present" -b | 패키지 설치 (sudo) |
ansible all -m service -a "name=nginx state=started" -b | 서비스 시작 |
ansible all -m user -a "name=deploy state=present" -b | 사용자 생성 |
ansible-inventory --list | 인벤토리 목록 |
ansible-playbook playbook.yml | 플레이북 실행 |
ansible-playbook playbook.yml -i inventory | 인벤토리 지정 |
ansible-playbook playbook.yml --check | 드라이 런 |
ansible-playbook playbook.yml --diff | 차이 표시 |
ansible-playbook playbook.yml -v | 상세 출력 |
ansible-playbook playbook.yml --limit web01 | 호스트 제한 |
ansible-playbook playbook.yml --tags deploy | 특정 태그 실행 |
ansible-playbook playbook.yml --skip-tags test | 태그 건너뛰기 |
ansible-playbook playbook.yml -e "env=prod" | 추가 변수 |
# inventory.ini
[webservers]
web01 ansible_host=192.168.1.10
web02 ansible_host=192.168.1.11
[databases]
db01 ansible_host=192.168.1.20
[production:children]
webservers
databases[webservers]
web01 ansible_host=192.168.1.10 http_port=80
web02 ansible_host=192.168.1.11 http_port=8080[webservers:vars]
ansible_user=deploy
ansible_ssh_private_key_file=~/.ssh/deploy_key# inventory.yml
all:
children:
webservers:
hosts:
web01:
ansible_host: 192.168.1.10
web02:
ansible_host: 192.168.1.11
vars:
http_port: 80
databases:
hosts:
db01:
ansible_host: 192.168.1.20---
- name: Configure web servers
hosts: webservers
become: true
tasks:
- name: Install nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Start nginx
service:
name: nginx
state: started
enabled: yes---
- name: Deploy application
hosts: webservers
vars:
app_name: myapp
app_port: 8080
tasks:
- name: Create app directory
file:
path: "/opt/{{ app_name }}"
state: directory---
- name: Configure nginx
hosts: webservers
become: true
tasks:
- name: Copy nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart nginx
handlers:
- name: Restart nginx
service:
name: nginx
state: restarted- name: Install on Debian
apt:
name: nginx
when: ansible_os_family == "Debian"
- name: Install on RedHat
yum:
name: nginx
when: ansible_os_family == "RedHat"- name: Create users
user:
name: "{{ item }}"
state: present
loop:
- alice
- bob
- charlie- name: Create users with groups
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
loop:
- { name: alice, groups: admin }
- { name: bob, groups: developers }- name: Get uptime
command: uptime
register: uptime_result
- name: Show uptime
debug:
msg: "{{ uptime_result.stdout }}"- name: Handle errors
block:
- name: Risky task
command: /bin/false
rescue:
- name: Recovery task
debug:
msg: "Task failed, recovering"
always:
- name: Always runs
debug:
msg: "Cleanup"- name: Create directory
file:
path: /opt/app
state: directory
owner: deploy
group: deploy
mode: '0755'- name: Copy file
copy:
src: files/app.conf
dest: /etc/app/app.conf
owner: root
mode: '0644'- name: Deploy config
template:
src: templates/app.conf.j2
dest: /etc/app/app.conf- name: Add line to file
lineinfile:
path: /etc/hosts
line: "192.168.1.10 server.local"
state: present- name: Create user
user:
name: deploy
groups: sudo
shell: /bin/bash
generate_ssh_key: yes- name: Install packages
apt:
name:
- nginx
- python3
state: present
update_cache: yes- name: Install packages
yum:
name: nginx
state: latest- name: Manage service
service:
name: nginx
state: started
enabled: yes- name: Manage systemd service
systemd:
name: myapp
state: restarted
daemon_reload: yes- name: Clone repository
git:
repo: https://github.com/user/repo.git
dest: /opt/app
version: main- name: Run container
docker_container:
name: myapp
image: myapp:latest
ports:
- "8080:80"- name: Check endpoint
uri:
url: http://localhost:8080/health
status_code: 200
register: result- name: Print variable
debug:
var: my_variable
- name: Print message
debug:
msg: "Value is {{ my_variable }}"roles/
webserver/
tasks/
main.yml
handlers/
main.yml
templates/
nginx.conf.j2
files/
vars/
main.yml
defaults/
main.yml
meta/
main.yml---
- name: Configure servers
hosts: webservers
roles:
- webserver
- { role: database, db_name: mydb }
- role: monitoring
when: enable_monitoringansible-galaxy init myroleansible-galaxy install geerlingguy.nginx
ansible-galaxy install -r requirements.yml ansible-vault create secrets.yml | 암호화된 파일 생성 |
ansible-vault edit secrets.yml | 암호화된 파일 편집 |
ansible-vault view secrets.yml | 암호화된 파일 보기 |
ansible-vault encrypt secrets.yml | 기존 파일 암호화 |
ansible-vault decrypt secrets.yml | 파일 복호화 |
ansible-vault rekey secrets.yml | 비밀번호 변경 |
ansible-playbook --ask-vault-pass playbook.yml | Vault 비밀번호로 실행 |
ansible-playbook --vault-password-file .vault_pass playbook.yml | 비밀번호 파일 사용 |