Post

Ansible Cheat Sheet for Sysadmins

Posted
By Liviu Gelca
3 min read
Ansible Cheat Sheet for Sysadmins

Ansible Cheat Sheet for Sysadmins

A complete reference for Ansible automation, including commands, playbooks, modules, inventory management, vaults, and expert tips.

๐Ÿ”น Ansible Basics

  • Check Ansible Version:
    1

    ansible --version
  • Test Connectivity (Ping Module):
    1

    ansible all -m ping -i inventory
    • Replace inventory with the path to your inventory file.*
  • Run a Simple Command on Hosts:
    1

    ansible webservers -a "uptime" -i inventory
    • Replace webservers with the group name defined in your inventory.*
  • Ad-hoc Command with Become:
    1

    ansible dbservers -m shell -a "systemctl restart mysql" -b -i inventory
    • Use -b to execute commands with elevated privileges.*

๐Ÿ”น Inventory

  • Static Inventory Example (hosts.ini):
    1
2
3
4
5
6
7
8
9
10

    [webservers]
web01.example.com
web02.example.com

[dbservers]
db01.example.com

[all:vars]
ansible_user=admin
ansible_ssh_private_key_file=~/.ssh/id_rsa
  • Dynamic Inventory: Use AWS, GCP, OpenStack via scripts or --inventory-plugin.
  • Check which hosts are reachable:
    1

    ansible all -m ping

๐Ÿ”น Modules (Most Used)

  • Package Management:
    1
2
3
4

    # Debian/Ubuntu
ansible web -m apt -a "name=nginx state=latest" -b
# RHEL/CentOS
ansible db -m yum -a "name=mariadb-server state=present" -b
  • Service Management:
    1

    ansible web -m service -a "name=nginx state=restarted" -b
  • File & Directory:
    1

    ansible all -m file -a "path=/tmp/testfile state=touch mode=0644" -b
  • Copy / Template:
    1
2

    ansible all -m copy -a "src=nginx.conf dest=/etc/nginx/nginx.conf" -b
ansible all -m template -a "src=app.j2 dest=/etc/app/config.conf" -b
    • Use template for Jinja2 templating and dynamic configurations.*
  • Command & Shell:
    1
2

    ansible all -m command -a "uptime"
ansible all -m shell -a "echo $HOSTNAME > /tmp/hostname.txt" -b
    • Prefer command over shell for idempotency.*

๐Ÿ”น Playbooks

  • Basic Playbook Structure: ```yaml โ€”
    • name: Install and configure webserver hosts: webservers become: true vars: http_port: 80 tasks:
      • name: Install Nginx apt: name: nginx state: latest
      • name: Copy nginx config template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf
      • name: Ensure nginx is running service: name: nginx state: started enabled: true ```
  • Run Playbook:
    1

    ansible-playbook -i hosts.ini site.yml

๐Ÿ”น Roles

  • Directory Structure:
    1
2
3
4
5
6
7
8
9

    roles/
  common/
    tasks/
    handlers/
    templates/
    files/
    vars/
    defaults/
    meta/
  • Include a Role in Playbook: ```yaml roles:
    • common
    • webserver ```

๐Ÿ”น Variables & Facts

  • Declare Variables:
    1
2
3

    vars:
  app_port: 8080
  db_name: prod_db
  • Host-specific Variables: host_vars/hostname.yml
  • Group-specific Variables: group_vars/webservers.yml
  • Gather Facts: ```yaml tasks:
    • debug: var: ansible_distribution ```
  • Use Variables: ```yaml
    • name: Create folder file: path: โ€œ/opt/โ€ state: directory ```

๐Ÿ”น Handlers

  • Notify a Handler: ```yaml tasks:
    • name: Copy nginx config template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf notify: Restart nginx

    handlers:

    • name: Restart nginx service: name: nginx state: restarted ```

๐Ÿ”น Vault (Secrets Management)

  • Create Encrypted File:
    1

    ansible-vault create secrets.yml
  • Edit Encrypted File:
    1

    ansible-vault edit secrets.yml
  • Run Playbook with Vault:
    1

    ansible-playbook site.yml --ask-vault-pass

๐Ÿ”น Tips & Tricks

  • Preview Changes Before Applying:
    1

    ansible-playbook site.yml --check --diff
  • Use Tags to Limit Tasks:
    1

    ansible-playbook site.yml --tags "nginx,config"
  • Lint Your Playbooks:
    1

    ansible-lint site.yml
  • Debugging: ```yaml
    • debug: msg: โ€œCurrent app_port is โ€œ ```
  • Run Long Tasks Asynchronously: ```yaml
    • name: Run long task asynchronously shell: /usr/local/bin/backup.sh async: 1800 poll: 0 ```

๐Ÿ”น Common Commands

  • List All Hosts:
    1

    ansible all --list-hosts -i hosts.ini
  • Ping All Hosts:
    1

    ansible all -m ping
  • Show Variables:
    1

    ansible all -m setup | grep ansible_distribution
  • Limit Playbook to Certain Hosts:
    1

    ansible-playbook site.yml -l web01

๐Ÿ”น Best Practices

  • Always use modules over raw shell commands.
  • Maintain idempotent playbooks for reliable automation.
  • Use separate environments: dev, staging, production inventories.
  • Keep sensitive data encrypted with Vault.
  • Test playbooks with --check and --diff before applying.
  • Use roles for modular, reusable code.
  • Version control everything.
  • Document dependencies, required variables, and vault secrets.
Cheat Sheet, Ansible
ansible automation sysadmin devops
This post is licensed under CC BY 4.0 by the author.