Ansible Cheatsheet
Ansible commands, playbook syntax, inventory, variables, loops, conditionals, roles, and vault for configuration management.
Ad-Hoc Commands
ansible all -m ping -i inventory.iniPing all hosts to test connectivity
ansible webservers -m command -a 'uptime'Run command on webservers group
ansible all -m shell -a 'df -h' -i inventory.iniShell command (supports pipes/redirects)
ansible db -m apt -a 'name=postgresql state=present' --becomeInstall package with sudo
ansible all -m copy -a 'src=file.conf dest=/etc/app/file.conf' --becomeCopy file to all hosts
ansible all -m service -a 'name=nginx state=restarted' --becomeRestart service on all hosts
ansible all -m setup -a 'filter=ansible_distribution'Gather specific facts from hosts
ansible all -m gather_facts --tree /tmp/facts/Save facts to files for inspection
Ping all hosts to test connectivity
Run command on webservers group
Shell command (supports pipes/redirects)
Install package with sudo
Copy file to all hosts
Restart service on all hosts
Gather specific facts from hosts
Save facts to files for inspection
Inventory
[webservers]
web1 ansible_host=10.0.0.1
web2 ansible_host=10.0.0.2 ansible_port=2222INI inventory with custom host and port
[all:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/key.pemVariables for all hosts in inventory
ansible-inventory -i inventory.ini --listShow parsed inventory as JSON
ansible-inventory -i inventory.ini --graphShow inventory host tree
ansible all -i 'server1,server2,' -m pingInline inventory (comma after last host)
ansible all -i ./inventory/ -m pingUse directory as dynamic inventory
ansible all -i aws_ec2.yml -m pingUse AWS dynamic inventory plugin
INI inventory with custom host and port
Variables for all hosts in inventory
Show parsed inventory as JSON
Show inventory host tree
Inline inventory (comma after last host)
Use directory as dynamic inventory
Use AWS dynamic inventory plugin
Playbook Basics
ansible-playbook site.yml -i inventory.iniRun a playbook
ansible-playbook site.yml --checkDry run — show changes without applying
ansible-playbook site.yml --diffShow file diffs when files change
ansible-playbook site.yml --check --diffDry run with diffs (most useful preview)
ansible-playbook site.yml --tags deployRun only tasks tagged 'deploy'
ansible-playbook site.yml --skip-tags testSkip tasks tagged 'test'
ansible-playbook site.yml --limit webserversRun only on webservers group
ansible-playbook site.yml --limit 'web1,web2'Run only on specific hosts
ansible-playbook site.yml -e 'version=1.2.3'Pass extra variable on command line
ansible-playbook site.yml --start-at-task 'Deploy app'Start from a specific task name
Run a playbook
Dry run — show changes without applying
Show file diffs when files change
Dry run with diffs (most useful preview)
Run only tasks tagged 'deploy'
Skip tasks tagged 'test'
Run only on webservers group
Run only on specific hosts
Pass extra variable on command line
Start from a specific task name
Playbook YAML Syntax
- name: Install nginx
apt:
name: nginx
state: present
update_cache: yes
become: trueInstall package task with sudo
- name: Copy config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
mode: '0644'
notify: Restart nginxDeploy template and trigger handler
handlers:
- name: Restart nginx
service:
name: nginx
state: restartedHandler — runs only when notified
- name: Wait for port 8080
wait_for:
port: 8080
host: localhost
timeout: 30Wait for service to be available
- name: Get git commit
command: git rev-parse HEAD
register: git_hash
- debug: msg='{{ git_hash.stdout }}'Run command and use output
when: ansible_distribution == 'Ubuntu'Conditional — run only on Ubuntu
when: env == 'production'Conditional based on variable
Install package task with sudo
Deploy template and trigger handler
Handler — runs only when notified
Wait for service to be available
Run command and use output
Conditional — run only on Ubuntu
Conditional based on variable
Loops & Variables
loop:
- nginx
- postgresql
- redisLoop over a list
loop: '{{ packages }}'Loop over a variable list
loop: '{{ users | dict2items }}'Loop over dictionary items
vars:
app_port: 8080
app_name: myappDefine variables in play
vars_files:
- vars/common.yml
- vars/{{ env }}.ymlLoad variables from files (including dynamic)
set_fact:
deploy_timestamp: '{{ ansible_date_time.iso8601 }}'Set a fact (variable) during play
{{ hostvars['web1']['ansible_host'] }}Access variable from another host
Loop over a list
Loop over a variable list
Loop over dictionary items
Define variables in play
Load variables from files (including dynamic)
Set a fact (variable) during play
Access variable from another host
Ansible Vault
ansible-vault create secrets.ymlCreate new encrypted file
ansible-vault edit secrets.ymlEdit encrypted file
ansible-vault encrypt existing.ymlEncrypt an existing file
ansible-vault decrypt secrets.ymlDecrypt a file (shows plaintext)
ansible-vault view secrets.ymlView encrypted file without decrypting
ansible-playbook site.yml --ask-vault-passRun playbook, prompt for vault password
ansible-playbook site.yml --vault-password-file ~/.vault_passRun playbook with vault password file
ansible-vault encrypt_string 'mypassword' --name 'db_password'Encrypt a single string value
Create new encrypted file
Edit encrypted file
Encrypt an existing file
Decrypt a file (shows plaintext)
View encrypted file without decrypting
Run playbook, prompt for vault password
Run playbook with vault password file
Encrypt a single string value
Roles & Galaxy
ansible-galaxy role init my_roleCreate role directory structure
ansible-galaxy install geerlingguy.nginxInstall role from Ansible Galaxy
ansible-galaxy install -r requirements.ymlInstall roles from requirements file
ansible-galaxy collection install community.kubernetesInstall a collection
ansible-galaxy listList installed roles and collections
roles:
- geerlingguy.nginx
- my_roleUse roles in a playbook
Create role directory structure
Install role from Ansible Galaxy
Install roles from requirements file
Install a collection
List installed roles and collections
Use roles in a playbook