Ansible cheatsheet
Ad-hoc commands
| Command | Description |
|---|---|
ansible web -m ping | Test SSH connectivity |
ansible all -m setup | Gather facts |
ansible web -a "uptime" | Run shell command |
ansible web -b -m apt -a "name=htop state=present" | Install package as root |
ansible-inventory --list | Show resolved inventory |
ansible-playbook site.yml --start-at-task "Install nginx" | Resume playbook from named task |
ansible-playbook site.yml --start-at-task "Deploy app" -l web01 | Resume from task on one host |
Playbooks
ansible-playbook site.yml
ansible-playbook site.yml --check # dry run
ansible-playbook site.yml --diff # show file diffs
ansible-playbook site.yml -l web01 # limit to host
ansible-playbook site.yml -e "env=prod" # extra var
ansible-playbook site.yml --tags deploy
ansible-playbook site.yml --skip-tags test
Inventory snippet (INI)
[web]
web01 ansible_host=10.0.1.10 ansible_user=ubuntu
web02 ansible_host=10.0.1.11
[web:vars]
ansible_ssh_private_key_file=~/.ssh/deploy.pem
Common modules
| Module | Purpose |
|---|---|
ansible.builtin.copy | Copy static file |
ansible.builtin.template | Render Jinja template |
ansible.builtin.file | Permissions, symlinks, directories |
ansible.builtin.service | systemd/service state |
ansible.builtin.aptyum | Package install |
ansible.builtin.commandshell | Run commands (prefer specialized modules) |
ansible.builtin.user | Local user accounts |
Handler pattern
tasks:
- name: Deploy nginx config
ansible.builtin.template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Reload nginx
handlers:
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
Role layout
roles/myapp/
tasks/main.yml
handlers/main.yml
templates/
files/
defaults/main.yml
vars/main.yml
Galaxy and collections
ansible-galaxy role install geerlingguy.nginx
ansible-galaxy collection install -r requirements.yml
ansible-galaxy role list
Debug and verbosity
ansible-playbook site.yml -vvv
ansible-playbook site.yml --step # confirm each task
ansible-playbook site.yml --start-at-task "Install nginx"
Pro tips
ansible -m ping allbefore long playbooks — fix SSH first- Use
--check --diffto preview changes safely - Prefer dedicated modules over
commandfor idempotency - Pin Galaxy roles/collections in
requirements.yml serial:orrollingstrategy for zero-downtime deploys