home
ansible cheat sheet
Configuration Management Tool
print

Ansible version: 2.3 - Date: June 2017

Getting Started

Installation (example on RedHat environnement) :

$ sudo yum -y install epel-release
$ sudo yum -y update
$ sudo yum -y install ansible

** Doc link : http://docs.ansible.com/ansible/latest/**

Inventory files

The default file is /etc/ansible/hosts :

[web]
web1.sii-ouest.fr ansible_ssh_host=192.168.0.101
web2.sii-ouest.fr ansible_ssh_host=192.168.0.102

[db]
db1.sii-ouest.fr ansible_ssh_host=192.168.0.100

[production:children]
web
db

Hostname ranges

www[01:50].example.com, db-[a:f].example.com

Variable files

  • ./group_vars/web : variable definitions for all members of group 'web'
  • ./host_vars/web1.sii-ouest.fr : variable definitions for 'web1.sii-ouest.fr'

Ad-Hoc commands

ansible <pattern> -m <module> -a <params>

Execute reboot on all servers in a group (example on production, in 10 parallel forks) :

$ ansible production -i ./hosts all -m command -a "/sbin/reboot" -f 10

Playbooks

Execute a playbook : ansible-playbook <playbook.yml> -i ./hosts

Test a playbook (don't make any changes on servers) : ansible-playbook <playbook.yml> --check

Limit a playbook on a host : ansible-playbook <playbook.yml> --limit <host>

Tasks :

---
- hosts: web
  tasks:
   - name: Installation of Apache Package
     yum:
       name: httpd
       state: present
       update_cache: yes

   - name: Ensure Apache is running (and enable it at boot)
     service: name=httpd state=started enabled=yes

Roles (use to structure a list of Tasks):

  • Directory structure :
    .
    ├── ansible.cfg
    ├── hosts
    └── roles
      └── myrole
          ├── defaults
          │   └── main.yml
          ├── files
          │   └── myfile
          ├── handlers
          │   └── main.yml
          ├── tasks
          │   └── main.yml
          ├── templates
          │   └── mytemplate.j2
          └── vars
              └── main.yml

Handlers and Notify :

tasks:
 - name: Install Apache
   yum: name=httpd state=present
   notify: Start Apache

handlers:
 - name: Start Apache
   service: name=httpd state=started

Handlers by default get executed at the end of the playbook.

Conditionnals :

- name: Analyse 'my_file'
  shell: cat "my_file"
  register: my_file_contents

- name: Show results
  shell: echo "find <toto> pattern"
  when: my_file_contents.stdout.find('toto') != -1

Template : Jinja Templating

  • {% ... %} for control statements
  • {{ ... }} for expressions
  • {# ... #} for comments

Tags : Limit a playbook on tags : ansible-playbook <playbook.yml> -i ./hosts --tag <mytag>

Loops over items :

- name: Add a list of users
  user: name={{ item }} state=present
  with_items:
   - testuser1
   - testuser2
   - testuser3

Example (Installation and conf. of Apache server):

./playbook-deploy-apache.yml

---
- hosts: web
  roles:
    - { role: demo-install-apache }
    - { role: demo-configure-apache }

./roles/demo-configure-apache/vars/main.yml

---
apache_listen_port: 8081
app_directory: /var/www/html
app_user: apache
app_group: apache

./roles/demo-configure-apache/handlers/main.yml

---
 - name: Reload Apache
     service:
       name: httpd
       state: reloaded

./roles/demo-install-apache/tasks/main.yml

---
   - name: Installation of Apache Package
     yum:
       name: httpd
       state: present
       update_cache: yes

   - name: Ensure Apache is running (and enable it at boot)
     service: name=httpd state=started enabled=yes

./roles/demo-configure-apache/tasks/main.yml

---
   - name: Modify permission of directory {{ app_directory }}
     file:
       dest: '{{ app_directory }}'
       mode: 0755
       owner: '{{ app_user }}'
       group: '{{ app_group }}'
       recurse: yes

   - name: Modify Apache configuration
     lineinfile:
       dest: /etc/httpd/conf/httpd.conf
       regexp: '^Listen '
       line: 'Listen {{ apache_listen_port }}'
     notify: Reload Apache