Skip to content

Ansible Operations

Prerequisites

  • Ansible installed
  • SSH key access to target host(s)
  • Inventory file configured

Quick Reference

Action Command
Check Syntax ansible-playbook --syntax-check site.yml
Dry Run ansible-playbook site.yml --check
Dry Run + Diff ansible-playbook site.yml --check --diff
Run Playbook ansible-playbook site.yml
Run with Diff ansible-playbook site.yml --diff
Run Tags Only ansible-playbook site.yml --tags "dns"
List Hosts ansible-inventory --list
Ad-hoc Ping ansible all -m ping
Init Role ansible-galaxy init <name>
Encrypt File ansible-vault encrypt <file>

Procedure: Preview Changes (Dry Run)

When to use: Before applying changes to a live system, preview what Ansible would do without actually making any modifications.

Steps:

  1. Run in check mode (dry run — no changes applied): 

    ansible-playbook site.yml --check
    Tasks will report changed or ok based on what they would do, but nothing is modified on the target.

  2. Combine with --diff to see exactly what would change in files: 

    ansible-playbook site.yml --check --diff
    For template, copy, and lineinfile tasks, this shows a unified diff of the file contents before and after.

  3. Use --diff without --check during a real run to see what changed as it happens: 

    ansible-playbook site.yml --diff

  4. Combine with tags to preview a specific role: 

    ansible-playbook site.yml --check --diff --tags dns

Limitations:

  • Some modules cannot predict their result in check mode (e.g., command, shell). These will be skipped.
  • Tasks that depend on earlier tasks having actually run may behave differently in check mode.

Procedure: Run a Playbook

When to use: Applying configuration to managed hosts.

Steps:

  1. Syntax check: 

    ansible-playbook --syntax-check site.yml

  2. Run the playbook: 

    ansible-playbook -i inventory.ini site.yml

  3. Run with sudo/become prompt (if password needed): 

    ansible-playbook -i inventory.ini site.yml -K

Troubleshooting:

  • "Unreachable": Check SSH connectivity and key setup.
  • "Permission denied": Ensure the user has sudo rights and you used -b (become) in the playbook or command.

Procedure: Run with Tags

When to use: Running only specific parts of a playbook (e.g., only updating configuration files).

Steps:

  1. List available tags: 

    ansible-playbook site.yml --list-tags

  2. Run specific tags: 

    ansible-playbook site.yml --tags "nginx,config"

  3. Skip tags: 

    ansible-playbook site.yml --skip-tags "packages"

Troubleshooting:

  • "No tasks run": The tags might be misspelled or applied to tasks that didn't need to run (idempotency).

Procedure: Create a Role

When to use: Structuring complex configurations into reusable components.

Steps:

  1. Initialize role structure: 

    ansible-galaxy init roles/myrole

  2. Structure:

    • tasks/main.yml: Main list of tasks
    • handlers/main.yml: Service restarts
    • templates/: Jinja2 configuration templates
    • vars/main.yml: Role-specific variables

Troubleshooting:

  • Role not found: Ensure roles_path is configured in ansible.cfg or the role is in a roles/ directory relative to the playbook.

Procedure: Use Variables

When to use: Making playbooks flexible (e.g., different ports for dev/prod).

Steps:

  1. Define in group_vars/all.yml: 

    http_port: 80

  2. Use in tasks: 

    - name: Start Apache
  service:
    name: "{{ apache_service }}"
    state: started

  3. Use in templates (.j2): 

    Listen {{ http_port }}

Troubleshooting:

  • "Undefined variable": Check variable scope and precedence.

Procedure: Use Handlers

When to use: Restarting a service only when a configuration file changes.

Steps:

  1. Define handler: 

    handlers:
  - name: restart apache
    service:
      name: httpd
      state: restarted

  2. Notify from task: 

    - name: Copy config
  template:
    src: httpd.conf.j2
    dest: /etc/httpd/conf/httpd.conf
  notify: restart apache

Troubleshooting:

  • Handler didn't run: The notify task must report "changed". If the file was already correct, the handler won't trigger.

Procedure: Push to GitLab

When to use: Saving your Ansible code to version control.

Steps:

  1. Check status: 

    git status

  2. Add changes: 

    git add .

  3. Commit: 

    git commit -m "Update apache role configuration"

  4. Push: 

    git push origin main

Troubleshooting:

  • "rejected": Pull changes from remote first (git pull).
  • Technologies: Ansible
  • Concepts: Configuration Management, Version Control