home
ansible cheat sheet
Configuration Management Tool
print

Ansible version: 2.3 - Date: June 2017

Getting Started

Installation (example on RedHat environnement) : 

$ sudo yum -y install epel-release
$ sudo yum -y update
$ sudo yum -y install ansible

** Doc link : http://docs.ansible.com/ansible/latest/**

Inventory files

The default file is /etc/ansible/hosts :

[web]
web1.sii-ouest.fr ansible_ssh_host=192.168.0.101
web2.sii-ouest.fr ansible_ssh_host=192.168.0.102

[db]
db1.sii-ouest.fr ansible_ssh_host=192.168.0.100

[production:children]
web
db

Hostname ranges

www[01:50].example.com, db-[a:f].example.com

Variable files

  • ./group_vars/web : variable definitions for all members of group 'web'
  • ./host_vars/web1.sii-ouest.fr : variable definitions for 'web1.sii-ouest.fr'

Ad-Hoc commands

ansible <pattern> -m <module> -a <params>

Execute reboot on all servers in a group (example on production, in 10 parallel forks) :

$ ansible production -i ./hosts all -m command -a "/sbin/reboot" -f 10

Playbooks

Execute a playbook : ansible-playbook <playbook.yml> -i ./hosts

Test a playbook (don't make any changes on servers) : ansible-playbook <playbook.yml> --check

Limit a playbook on a host : ansible-playbook <playbook.yml> --limit <host>

Tasks : ```

  • hosts: web tasks:

    • name: Installation of Apache Package yum: name: httpd state: present update_cache: yes

    • name: Ensure Apache is running (and enable it at boot) service: name=httpd state=started enabled=yes


**Roles** (use to structure a list of Tasks):
- Directory structure :

. ├── ansible.cfg ├── hosts └── roles └── myrole ├── defaults │   └── main.yml ├── files │   └── myfile ├── handlers │   └── main.yml ├── tasks │   └── main.yml ├── templates │   └── mytemplate.j2 └── vars └── main.yml
ansible cheat sheet

Handlers and Notify :

tasks:
 - name: Install Apache
   yum: name=httpd state=present
   notify: Start Apache

handlers:
 - name: Start Apache
   service: name=httpd state=started

Handlers by default get executed at the end of the playbook.

Conditionnals :

- name: Analyse 'my_file'
  shell: cat "my_file"
  register: my_file_contents

- name: Show results
  shell: echo "find <toto> pattern"
  when: my_file_contents.stdout.find('toto') != -1

Template : Jinja Templating

  • {% ... %} for control statements
  • {{ ... }} for expressions
  • {# ... #} for comments

Tags : Limit a playbook on tags : ansible-playbook <playbook.yml> -i ./hosts --tag <mytag>

Loops over items :

- name: Add a list of users
  user: name={{ item }} state=present
  with_items:
   - testuser1
   - testuser2
   - testuser3

Example (Installation and conf. of Apache server):

./playbook-deploy-apache.yml ```

  • hosts: web roles:
    • { role: demo-install-apache }
    • { role: demo-configure-apache }

./roles/demo-configure-apache/vars/main.yml ```

apache_listen_port: 8081 app_directory: /var/www/html app_user: apache app_group: apache


./roles/demo-configure-apache/handlers/main.yml
  • name: Reload Apache service: name: httpd state: reloaded

./roles/demo-install-apache/tasks/main.yml

  • name: Installation of Apache Package yum: name: httpd state: present update_cache: yes

  • name: Ensure Apache is running (and enable it at boot) service: name=httpd state=started enabled=yes


./roles/demo-configure-apache/tasks/main.yml

  • name: Modify permission of directory {{ app_directory }} file: dest: '{{ app_directory }}' mode: 0755 owner: '{{ app_user }}' group: '{{ app_group }}' recurse: yes

  • name: Modify Apache configuration lineinfile: dest: /etc/httpd/conf/httpd.conf regexp: '^Listen ' line: 'Listen {{ apache_listen_port }}' notify: Reload Apache