3
export ANSIBLE_HOST_KEY_CHECKING=False - to avoid strict ssh key-checking
4
ansible-playbook -i <inventory.erb> playbook.yml - running playbook
5
... -e var1=val1 -e var2=val2 - setting parameters
6
... -e vars.json -e vars.yml - load parameters from the file
7
... --ask-vault-pass - instructs ansible to ask for password and decrypt encrypted files if any
9
--syntax-check - check syntax
10
--list-hosts - list affected nodes
12
ansible <hosts> -u root -m shell -a "( cd software; tar xzf *.tgz )" - just run a single command (module shell)
14
ansible-pull - will checkout a repo of configuration instructions from git, and then run ansible-playbook against that content.
18
group_vars/ - allows to assign variables to paritcular groups
20
host_vars/ - allows to assign variable to specific hosts
22
roles/ - non-standard roles to include
24
library/ - custom modules
25
filter_plugins/ - python plugins (should be compatible with both python2 and python3)
26
playbook.yml - the directories are looked up from the location of playbook, not current directory
33
hosts: nodes:!masters - group of nodes to execute tasks on (on all nodes except masters in this case)
34
serial: # - specifies how many host Ansible will manage in parallel (all by default, this is helpful for rolling updates)
35
besides number percentage can be specified, like "30%". Also list can be given which would specify number/percentage on each step.
36
remote_user: root - remote user
37
become_user: root - ansible may escalate priliges to this user for certain tasks
38
become_method: sudo - sudo/su/pbrun/pfexec/doas/dzdo/ksu
39
tasks: - list of tasks
42
- block: - allows to define a common parameters for the tasks, for instance all tasks will be executed if some condition is met
47
handlers: - handlers can be called from other places by name to make certain action, for example restart service (using 'notify')
50
roles: - the roles are executed before, after, or in parallel with tasks. So, use pre/post_tasks if combining
52
- { role: role2, arg1: val1, ... } - role with parameters
53
- { role: role3, when: <cond> } - conditional role, <cond> is just applied to all tasks of the role
54
pre_tasks: - the tasks to execute before the roles
55
post_tasks: - the tasks to execute after the roles
60
- name: <arbitrary title to show in the output>
61
[hosts: <inventory groups>] - overrides hosts where the task will be run
62
[run_once: true] - executes only on one of the nodes
63
-> run_once effect is not surviving embedded 'include' statement (include within include execetude with run_once)
64
[delegate_to: <host>] - will execute task on the specified host
65
-> delegate_to is also not surviving embedded 'include' statement
66
-> The task will be delegated as many times as there are hosts in the group
67
-> The facts are propogated ('ping {{ inventory_hostname }}' will ping the provisioned host from the host where task was delegated)
68
-> the facts gathered by a delegated task are assigned to the current node (and not to the node where they were actually executed)
69
[delegate_facts: true] - instructs ansible to assign facts to the delegated node
70
[remote_user: root] - overrides remote ssh user
71
[become: yes] - if remote user is not root allows to escalete privileges
72
[become_user: root] - specifies the user to execute the task if 'become' is yes
73
<module_name>: <hash_with_module_parameters> - action to execute
74
[environment: <hash>] - set remote environmental variables before executing the actions
75
[register: <var>] - stores the results/output in the var (also in the loops)
76
( var | failed,succeeded,skipped,changed) - true if last command 'register'ed in 'var' failed, succeeded, or was not executed
77
( var.rc ) - exit code
78
( var.stdout|stderr ) - complete stdout/stderr
79
.invocation - with keys 'module_name', 'module_args' tells which module was executed
80
.changed - true if change was performed
81
.start / .end / .delta - task start, end, and duration
82
For loops the list of hashes will be returned under .results and .results[#] will contain all aforementioned keys
83
However, while iterating the result of the current item will be placed in the variable (and it can be used in _when tests)
84
[notify: <list of handlers>] - specifies names of handlers which should be notified and should perform the configured action
85
[with_<type>: <var>] - executes task multiple times, once for each element of the list, etc.
86
[when: <conditions>] - allows to skip complete action or perform it only for some items of the list/hash (i.e. executed after with_*)
87
- <cond1> - multiple conditions can be specified as list and applied in 'and' fashion
90
[vars: hash] - define local variables
91
[vars_files: file list] - include variables from the specified .yml files
92
[ignore_errors: true] - will not fail if module returns an error
93
[failed_when: <condition>] - the task will ignore module result and will only return error if condition is true
94
[changed_when: <condition>] - override also changed status with specified condition
95
[no_log: true] - makes output less verbose
102
[listen: restart web services] - handlers may register generic names, which can be used to trigger multiple handlers at once
103
<module_name>: <params>
105
And thent tasks, can trigger this handler using 'notify' statement:
106
- name: Configure apache
107
template: src=template.j2 dest=/etc/apache/httpd.conf
109
- restart web services
114
<module_name>: ... - task to execute
116
register: result - variable to save execution results
117
until: <condition> - for instance, result.stdout.find("done") != -1
118
retries: <num> - maximum number of retries
119
delay: <secs> - delay in second between retries
124
with_items: <list> - the specified module will be executed multiple times, once for each member of the list,
125
the list elements will be propogated as 'item' variable. List can be given as variable
126
or directly in the statement like
127
yum: name={{item}} state=present
131
items also may be of complex type, like:
133
- { name: 'user1', groups: 'wheel' }
134
- { name: 'user2', groups: 'root' }
135
with_nested: <list of lists> - Will execute all combinations from the lists exposing current selection as 'item' list.
136
For example, the following will iterate over multiple users and databases and will give access to each user to each database
137
mysql_user: name="{{ item[0] }}" priv="{{ item[1] }}.*:ALL" append_privs=yes password="foo"
139
- [ 'user1', 'user1' ]
141
with_together: <list of lists> - Will just combine elements from the first list with elements from the second. I.e. in this case user 'user1' will be given
142
accesss to 'db1' only. And user 'user2' to databse 'db2'.
143
with_subelements: [<list>, '<element_name>'] - Subelements walks a list of hashes and then traverses a list with a given (nested sub-)key inside of those
144
records. For example, the following list:
145
- { 'name': user1, 'databases': ['db1', 'db2'] }
146
- { 'name': user2, 'databases': ['db1', 'db3'] }
147
can be traversed with
148
with_subelements: [ "{{list}}", databases ]
149
with_flattened: <list of lists> - Just lattens the list and iterate all elements one after another
152
with_randome_choice: <list>
153
with_sequence: <list> - Iterate over integer sequence, the has have the following parameters: start, end, stride, format. For instance,
159
with_dict: <hash> - the module will be executed multiple times, once for each key of the hash,
160
the current element will be propogates as 'item' variable which is a hash
161
with 2 keys 'key' and 'value'.
162
with_lines: <list of commands> - executes the task with the lines returned by command (executed locally, on the ansible host)
164
with_inventory_hostnames: <list of groups> - executes task for each node in the specified groups, setting 'item' to the current node name
165
with_inventory_hostnames: [ all:!masters, storage ]
166
with_file: <list> - 'item' will be set to content of the file
167
with_fileglob: <list> - in this the members of the list may contain standard shell fileglobs like '*' or '?' (files only!!! not directories)
168
with_first_found: <list> - returns the first existing file from the list, for instance:
169
['/home/csa/cfg', '/etc/cfg', '/usr/share/cfg']
170
the elements of list can be also dictionaries specifying search paths:
171
[{'files': ['file1', 'file2'], 'paths': ['path1','path2']}, ... ]
173
with_ini: [ 'keys_regexp', {section: name}, {file: name}, {re: true} ] - Reads the values of the keys in the specified section of the remote .ini file and exposes them as 'item'. The ini is like
176
The corresponding request is:
177
with_ini: [ 'key.*', {section: section1}, {file: "name.ini"}, {re: true} ]
180
It is possibe to make nested loops using the include statement, like:
182
with_items: [ 1, 2, 3 ]
183
If inner.yml also contains the with_ inside, the 'item' variable will be overwitten and in-accessible within the inner loop.
184
To prevent it it is possible to use other variable instead of standard 'item' like
186
with_items: [ 1, 2, 3 ]
b'\\ No newline at end of file'