Differences between revisions 9 and 10
Revision 9 as of 2020-02-11 11:52:49
Size: 9874
Comment: Ansible Vault
Revision 10 as of 2020-02-11 12:09:58
Size: 10009
Comment: How to Use Ansible: A Reference Guide
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
* `How to Use Ansible: A Reference Guide <https://www.digitalocean.com/community/cheatsheets/how-to-use-ansible-cheat-sheet-guide>`_.

Ansible configuration of Linux servers and desktops

Ansible is used for configuration of Linux servers and desktops.

Getting started with Ansible

Tutorials on Ansible:

Further documentation:

There is an Ansible_github repository.


Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory_file, which defaults to being saved in the location:


You can specify a different inventory file using the -i <path> option on the command line.

Ansible Vault

Ansible Vault is a feature of Ansible that allows you to keep sensitive data such as passwords or keys in encrypted files, rather than as plaintext in playbooks or roles. These vault files can then be distributed or placed in source control.

To enable this feature, a command line tool:


is used to edit files, and a command line flag (--ask-vault-pass, --vault-password-file or --vault-id) is used. Alternately, you may specify the location of a password file or command Ansible to always prompt for the password in your ansible.cfg file. These options require no command line flag usage.



Callback plugins enable adding new behaviors to Ansible when responding to events. For example, the skippy plugin will make Ansible screen output that ignores skipped status.

You must whitelist any plugins in ansible.cfg, for example:

stdout_callback = skippy
callback_whitelist = skippy

Network Automation with Ansible

Ansible’s simple automation framework means that previously isolated network administrators can finally speak the same language of automation as the rest of the IT organization, extending the capabilities of Ansible to include native support for both legacy and open network infrastructure devices. Network devices and systems can now be included in an organization's overall automation strategy for a holistic approach to application workload management.

Product specific Ansible documentation:

  • DellOS6 N1000, N2000 and N3000 series (N1148P etc.)

Setting up client hosts

SSH authorized keys

Password-less login from the Ansible server requires SSH authorized keys. Initially you must set up SSH keys on all client hosts as root:

mkdir $HOME/.ssh
restorecon -R -v $HOME/.ssh
scp <ansible-server>:.ssh/id_ecdsa.pub .
cat id_ecdsa.pub >> $HOME/.ssh/authorized_keys
rm -f id_ecdsa.pub

Test the Password-less login from the server:

server# ssh <client> date

Setting up the Ansible server

Configuration file

The Ansible configuration_file is /etc/ansible/ansible.cfg.

For local logging to a file uncomment this line:


and create the file:

touch /var/log/ansible.log

Inventory: Hosts and Groups

Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s Inventory, which defaults to being saved in the location /etc/ansible/hosts.

Add Ansible client hosts to the file /etc/ansible/hosts, for example:


Inventory: host-specific files

Sometimes some files with host-specific contents/data must be copied to the remote host. Unfortunately, Ansible doesn't have any obvious way to copy host-specific files.

A solution exists, see Where should I be organizing host-specific files/templates?:

In the top-level directory (same level as playbooks) I have a files folder. In the files folder there is a folder for every host with it's own files where the folder's name is the same as the host name in inventory:

├── files
│   ├── common
│   ├── myhost1
│   ├── myhost2

Now in any role you can access the files with files modules relatively:

- name: Copy any host based file
    src={{ inventory_hostname }}/file1
    dest= /tmp


The magic variable inventory_hostname is to get the host. Any file module (as for example copy) looks up the files directory in the respective role directory and the files directory in the same level as the calling playbook. Of course same applies to templates (but if you have different templates for the same role you should reconsider your design)

Basic Ansible tests

Make the recommended tests:

ansible all -m ping
ansible all -a "/bin/echo hello"

Ansible facts

To print all facts gathered use the setup module:

ansible XXX.fysik.dtu.dk -m setup

Playbook examples

To limit the playbook to one host only use the -l option:

ansible-playbook <playbook>.yml -l hostname

Yum install

Playbook task:

- name: Install the latest version of EPEL repository
    name: epel-release
    state: latest
- name: Install popular packages from the EPEL repository
    name: Lmod,git-all,python34-pip,python2-pip
    state: latest

Create an empty file

See How to create an empty file with Ansible?. It is better to use the copy module:

- name: Create file if it does not exist
  content: ""
  dest: <file>
  force: no
  owner: root
  group: root
  mode: 0644

in stead of the standard touch module which actually modifies the timestamp.

Playbook error handlers

Sometimes you want to ignore the changed status of a task. Use the Playbook_error_handlers for Overriding The Changed Result:

# this will never report 'changed' status
- shell: wall 'beep'
  changed_when: False

IT-wiki: Ansible_configuration (last edited 2021-05-19 12:17:26 by OleHolmNielsen)