Ansible Commands

Essential Ansible commands and playbook examples for automation.

Basic Commands

ansible --version

Display Ansible version

ansible all -m ping

Ping all hosts

ansible all -a "uptime"

Run command on all hosts

ansible all -m setup

Gather facts from all hosts

ansible all -m setup -a "filter=ansible_distribution*"

Gather specific facts

ansible-config dump

Show all configuration settings

ansible-config view

View current config file

ansible-inventory --list

List all inventory hosts

ansible-inventory --graph

Display inventory as graph

Playbook Commands

ansible-playbook playbook.yml

Run a playbook

ansible-playbook playbook.yml --check

Dry run (check mode)

ansible-playbook playbook.yml --diff

Show file differences

ansible-playbook playbook.yml -v

Verbose output

ansible-playbook playbook.yml -vvv

More verbose output

ansible-playbook playbook.yml --syntax-check

Check playbook syntax

ansible-playbook playbook.yml --list-tasks

List all tasks

ansible-playbook playbook.yml --list-hosts

List affected hosts

ansible-playbook playbook.yml --tags "config"

Run only specific tags

ansible-playbook playbook.yml --skip-tags "deploy"

Skip specific tags

ansible-playbook playbook.yml --start-at-task "task name"

Start at specific task

ansible-playbook playbook.yml --step

Step-by-step execution

Inventory Management

ansible all -i inventory.ini --list-hosts

List hosts from inventory

ansible-inventory -i inventory.ini --list

Show inventory in JSON

ansible-inventory -i inventory.ini --graph

Show inventory graph

ansible webservers -i inventory.ini -m ping

Ping specific group

ansible all --limit "host1,host2" -m ping

Limit to specific hosts

ansible all --limit @retry_hosts.txt -m ping

Limit to hosts from file

Ad-Hoc Commands

ansible all -m shell -a "df -h"

Run shell command

ansible all -m copy -a "src=/file dest=/tmp/file"

Copy file to hosts

ansible all -m file -a "path=/tmp/file state=absent"

Remove file

ansible all -m service -a "name=nginx state=restarted"

Restart service

ansible all -m apt -a "name=nginx state=latest" -b

Install package with sudo

ansible all -m user -a "name=john state=present"

Create user

ansible all -m git -a "repo=https://github.com/user/repo dest=/opt/app"

Clone git repo

ansible all -m systemd -a "name=nginx enabled=yes state=started"

Manage systemd service

Privilege Escalation

ansible all -m shell -a "whoami" -b

Run with sudo (become)

ansible all -m shell -a "whoami" -b --become-user=admin

Become specific user

ansible all -m shell -a "whoami" -b --become-method=su

Use su instead of sudo

ansible all -m shell -a "whoami" -b -K

Prompt for become password

ansible-playbook playbook.yml -b -K

Run playbook with become and password

Variables & Extra Vars

ansible-playbook playbook.yml -e "version=1.0"

Pass extra variable

ansible-playbook playbook.yml -e "@vars.json"

Load variables from JSON file

ansible-playbook playbook.yml -e "@vars.yml"

Load variables from YAML file

ansible-playbook playbook.yml -e "env=production debug=false"

Pass multiple extra variables

Vault (Encryption)

ansible-vault create secrets.yml

Create encrypted file

ansible-vault edit secrets.yml

Edit encrypted file

ansible-vault view secrets.yml

View encrypted file

ansible-vault encrypt file.yml

Encrypt existing file

ansible-vault decrypt file.yml

Decrypt file

ansible-vault rekey secrets.yml

Change vault password

ansible-playbook playbook.yml --ask-vault-pass

Run playbook with vault password

ansible-playbook playbook.yml --vault-password-file .vault_pass

Use vault password file

ansible-vault encrypt_string "secret" --name "db_password"

Encrypt string value

Galaxy (Roles)

ansible-galaxy init myrole

Create new role structure

ansible-galaxy install geerlingguy.nginx

Install role from Galaxy

ansible-galaxy install -r requirements.yml

Install roles from requirements file

ansible-galaxy list

List installed roles

ansible-galaxy remove geerlingguy.nginx

Remove installed role

ansible-galaxy search nginx

Search for roles

ansible-galaxy collection install community.general

Install collection

ansible-galaxy collection list

List installed collections

Connection Options

ansible all -m ping -u username

Connect as specific user

ansible all -m ping -k

Prompt for SSH password

ansible all -m ping --private-key ~/.ssh/id_rsa

Use specific SSH key

ansible all -m ping -c local

Use local connection

ansible all -m ping -c paramiko

Use Paramiko connection

ansible all -m ping -T 30

Set connection timeout (seconds)

Debugging

ansible-playbook playbook.yml -vvv

Maximum verbosity

ansible-playbook playbook.yml --step

Interactive step mode

ansible-playbook playbook.yml --start-at-task "task name"

Start at specific task

ANSIBLE_DEBUG=1 ansible-playbook playbook.yml

Enable debug output

ANSIBLE_KEEP_REMOTE_FILES=1 ansible-playbook playbook.yml

Keep remote temp files

ansible-playbook playbook.yml --check --diff

Dry run with differences

Performance & Optimization

ansible-playbook playbook.yml -f 10

Set parallelism (forks) to 10

ANSIBLE_PIPELINING=1 ansible-playbook playbook.yml

Enable SSH pipelining

ansible-playbook playbook.yml --forks 50

Run on 50 hosts in parallel

ansible all -m setup --tree /tmp/facts

Cache facts to directory

Common Playbook Examples

--- - hosts: all tasks: - name: Ping ping:

Simple ping playbook

- name: Install nginx apt: name: nginx state: present

Install package task

- name: Copy config copy: src: nginx.conf dest: /etc/nginx/nginx.conf notify: restart nginx

Copy file with handler

- name: Ensure service service: name: nginx state: started enabled: yes

Manage service task