Title: πŸ› οΈ Ansible Group: Dev & Tools Icon: πŸ› οΈ Order: 5 # Ansible Cheatsheet > **Context:** Ansible is an open-source software provisioning, configuration management, and application-deployment tool. / Ansible - это open-source инструмСнт для ΠΏΡ€ΠΎΠ²ΠΈΠΆΠΈΠ½ΠΈΠ½Π³Π° ПО, управлСния ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠ΅ΠΉ ΠΈ дСплоя. > **Role:** DevOps / Sysadmin > **Version:** 2.9+ --- ## πŸ“š Table of Contents / Π‘ΠΎΠ΄Π΅Ρ€ΠΆΠ°Π½ΠΈΠ΅ 1. [Ad-Hoc Commands](#ad-hoc-commands--ad-hoc-ΠΊΠΎΠΌΠ°Π½Π΄Ρ‹) 2. [Playbooks](#playbooks--ΠΏΠ»Π΅ΠΉΠ±ΡƒΠΊΠΈ) 3. [Ansible Galaxy](#ansible-galaxy--ansible-galaxy) 4. [Ansible Vault](#ansible-vault--ansible-vault-ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅) 5. [Configuration](#configuration--конфигурация) --- ## 1. Ad-Hoc Commands / Ad-Hoc ΠšΠΎΠΌΠ°Π½Π΄Ρ‹ ### Basic Connectivity / Пинг ```bash # Ping all hosts / Пинг всСх хостов ansible all -m ping -i ``` ### Module Execution / Π—Π°ΠΏΠΎΠ»Π½Π΅Π½ΠΈΠ΅ ΠΌΠΎΠ΄ΡƒΠ»Π΅ΠΉ ```bash # Shell command / Команда shell ansible all -m shell -a "uptime" -i hosts # Copy file / ΠšΠΎΠΏΠΈΡ€ΠΎΠ²Π°Π½ΠΈΠ΅ Ρ„Π°ΠΉΠ»Π° ansible web -m copy -a "src=/etc/hosts dest=/tmp/hosts" # Install package (yum) / Установка ΠΏΠ°ΠΊΠ΅Ρ‚Π° (yum) ansible db -m yum -a "name=nc state=present" --become ``` --- ## 2. Playbooks / ΠŸΠ»Π΅ΠΉΠ±ΡƒΠΊΠΈ ### Running Playbooks / Запуск ΠΏΠ»Π΅ΠΉΠ±ΡƒΠΊΠΎΠ² ```bash # Run / Запуск ansible-playbook -i inventory site.yml # Check mode (Dry Run) / Π Π΅ΠΆΠΈΠΌ ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠΈ (Dry Run) ansible-playbook -i inventory site.yml --check # Limit to specific hosts / ΠžΠ³Ρ€Π°Π½ΠΈΡ‡ΠΈΡ‚ΡŒ ΠΊΠΎΠ½ΠΊΡ€Π΅Ρ‚Π½Ρ‹ΠΌΠΈ хостами ansible-playbook -i inventory site.yml --limit web01 # Debug (Verbose) / ΠžΡ‚Π»Π°Π΄ΠΊΠ° (ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½ΠΎ) ansible-playbook site.yml -vvv ``` ### Example Playbook / ΠŸΡ€ΠΈΠΌΠ΅Ρ€ ΠΏΠ»Π΅ΠΉΠ±ΡƒΠΊΠ° ```yaml --- - name: Install Nginx hosts: webservers become: yes tasks: - name: Ensure nginx is installed yum: name: nginx state: present - name: Start nginx service service: name: nginx state: started enabled: yes ``` --- ## 3. Ansible Galaxy / Ansible Galaxy ```bash # Install Role / Π£ΡΡ‚Π°Π½ΠΎΠ²ΠΈΡ‚ΡŒ Ρ€ΠΎΠ»ΡŒ ansible-galaxy install geerlingguy.nginx # Init new role structure / Π‘ΠΎΠ·Π΄Π°Ρ‚ΡŒ структуру Π½ΠΎΠ²ΠΎΠΉ Ρ€ΠΎΠ»ΠΈ ansible-galaxy init ``` --- ## 4. Ansible Vault / Ansible Vault (Π¨ΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅) ```bash # Encrypt file / Π—Π°ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Ρ‚ΡŒ Ρ„Π°ΠΉΠ» ansible-vault encrypt secrets.yml # Edit encrypted file / Π Π΅Π΄Π°ΠΊΡ‚ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ Π·Π°ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½Π½Ρ‹ΠΉ Ρ„Π°ΠΉΠ» ansible-vault edit secrets.yml # Decrypt file / Π Π°ΡΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Ρ‚ΡŒ Ρ„Π°ΠΉΠ» ansible-vault decrypt secrets.yml # Run playbook with vault / Запуск ΠΏΠ»Π΅ΠΉΠ±ΡƒΠΊΠ° с vault ansible-playbook site.yml --ask-vault-pass ``` --- ## 5. Configuration / ΠšΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡ File: `/etc/ansible/ansible.cfg` or `./ansible.cfg` ```ini [defaults] inventory = ./hosts remote_user = host_key_checking = False private_key_file = ~/.ssh/id_rsa ```