Ansible Cheat Sheet

A concise cheat sheet for ansible and ansible-playbook for Linux infrastructure automation without unnecessary theory.

Basic Checks

ansible --version
ansible-inventory --graph
ansible all -i inventory.ini -m ping
ansible all -i inventory.ini -m setup

Inventory

INI

[web]
web1 ansible_host=10.0.10.11
web2 ansible_host=10.0.10.12

[db]
db1 ansible_host=10.0.20.11

[all:vars]
ansible_user=ubuntu
ansible_become=true

YAML

all:
  vars:
    ansible_user: ubuntu
    ansible_become: true
  children:
    web:
      hosts:
        web1:
          ansible_host: 10.0.10.11

Ad-Hoc Commands

ansible all -i inventory.ini -m ping
ansible web -i inventory.ini -a "uptime"
ansible web -i inventory.ini -b -m apt -a "name=nginx state=present update_cache=true"
ansible all -i inventory.ini -b -m service -a "name=nginx state=restarted"
ansible all -i inventory.ini -m shell -a "df -h"
ansible all -i inventory.ini -m copy -a "src=./motd dest=/etc/motd mode=0644" -b

Playbook Lifecycle

ansible-playbook -i inventory.ini site.yml
ansible-playbook -i inventory.ini site.yml --check
ansible-playbook -i inventory.ini site.yml --diff
ansible-playbook -i inventory.ini site.yml --limit web
ansible-playbook -i inventory.ini site.yml --tags nginx
ansible-playbook -i inventory.ini site.yml --skip-tags debug
ansible-playbook -i inventory.ini site.yml --start-at-task "Install nginx"

Minimal Playbook

- name: Configure web servers
  hosts: web
  become: true
  tasks:
    - name: Install nginx
      ansible.builtin.apt:
        name: nginx
        state: present
        update_cache: true

    - name: Ensure nginx is enabled and running
      ansible.builtin.service:
        name: nginx
        state: started
        enabled: true

Common Modules

• ansible.builtin.apt
• ansible.builtin.yum
• ansible.builtin.dnf
• ansible.builtin.package
• ansible.builtin.service
• ansible.builtin.copy
• ansible.builtin.template
• ansible.builtin.file
• ansible.builtin.user
• ansible.builtin.lineinfile
• ansible.builtin.command
• ansible.builtin.shell

Roles

ansible-galaxy init roles/nginx
ansible-galaxy role install geerlingguy.docker

Role structure:

roles/nginx/
  defaults/
  files/
  handlers/
  tasks/
  templates/
  vars/

Vault

ansible-vault create group_vars/prod/vault.yml
ansible-vault edit group_vars/prod/vault.yml
ansible-vault view group_vars/prod/vault.yml
ansible-playbook -i inventory.ini site.yml --ask-vault-pass

Debug and Troubleshooting

ansible all -i inventory.ini -m ping -vvv
ansible-playbook -i inventory.ini site.yml -vvv
ansible-inventory -i inventory.ini --list
ansible-config dump --only-changed

Practice

• Prefer idempotent modules over shell and command whenever possible.
• Run --check and --diff before changes in critical environments.
• Keep inventory, group vars, and roles in Git.
• Use Vault for secrets instead of plaintext in group_vars.

References

• Getting started with Ansible
• Using Ansible command line tools
• Working with playbooks