244 lines
4.7 KiB
Markdown
244 lines
4.7 KiB
Markdown
# Ansible Playbook Reference
|
|
|
|
## Basic Structure
|
|
|
|
```yaml
|
|
---
|
|
- name: Playbook description
|
|
hosts: target_group
|
|
become: true # Run as root
|
|
gather_facts: true # Collect system info
|
|
|
|
vars:
|
|
my_var: value
|
|
|
|
vars_files:
|
|
- vars/secrets.yml
|
|
|
|
pre_tasks:
|
|
- name: Pre-task
|
|
ansible.builtin.debug:
|
|
msg: "Running before main tasks"
|
|
|
|
roles:
|
|
- role_name
|
|
|
|
tasks:
|
|
- name: Main task
|
|
ansible.builtin.debug:
|
|
msg: "Main task"
|
|
|
|
handlers:
|
|
- name: Handler name
|
|
ansible.builtin.service:
|
|
name: service
|
|
state: restarted
|
|
|
|
post_tasks:
|
|
- name: Post-task
|
|
ansible.builtin.debug:
|
|
msg: "Running after main tasks"
|
|
```
|
|
|
|
## Task Options
|
|
|
|
```yaml
|
|
tasks:
|
|
- name: Task with common options
|
|
ansible.builtin.command: /bin/command
|
|
become: true # Privilege escalation
|
|
become_user: www-data # Run as specific user
|
|
when: condition # Conditional execution
|
|
register: result # Store output
|
|
ignore_errors: true # Continue on failure
|
|
changed_when: false # Override change detection
|
|
failed_when: result.rc != 0 # Custom failure condition
|
|
tags:
|
|
- deploy
|
|
- config
|
|
notify: Handler name # Trigger handler
|
|
```
|
|
|
|
## Loops
|
|
|
|
```yaml
|
|
# Simple loop
|
|
- name: Install packages
|
|
ansible.builtin.apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- nginx
|
|
- python3
|
|
|
|
# Loop with dict
|
|
- name: Create users
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
groups: "{{ item.groups }}"
|
|
loop:
|
|
- { name: 'user1', groups: 'admin' }
|
|
- { name: 'user2', groups: 'users' }
|
|
|
|
# Loop over dict
|
|
- name: Process items
|
|
ansible.builtin.debug:
|
|
msg: "{{ item.key }}: {{ item.value }}"
|
|
loop: "{{ my_dict | dict2items }}"
|
|
|
|
# Loop with index
|
|
- name: With index
|
|
ansible.builtin.debug:
|
|
msg: "{{ index }}: {{ item }}"
|
|
loop: "{{ my_list }}"
|
|
loop_control:
|
|
index_var: index
|
|
```
|
|
|
|
## Conditionals
|
|
|
|
```yaml
|
|
# Simple when
|
|
- name: Only on Ubuntu
|
|
ansible.builtin.apt:
|
|
name: package
|
|
when: ansible_distribution == "Ubuntu"
|
|
|
|
# Multiple conditions
|
|
- name: Complex condition
|
|
ansible.builtin.command: /bin/something
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- ansible_distribution_version is version('20.04', '>=')
|
|
|
|
# Or conditions
|
|
- name: Or condition
|
|
ansible.builtin.command: /bin/something
|
|
when: condition1 or condition2
|
|
|
|
# Check variable
|
|
- name: If defined
|
|
ansible.builtin.debug:
|
|
msg: "{{ my_var }}"
|
|
when: my_var is defined
|
|
```
|
|
|
|
## Blocks
|
|
|
|
```yaml
|
|
- name: Block example
|
|
block:
|
|
- name: Task 1
|
|
ansible.builtin.command: /bin/task1
|
|
|
|
- name: Task 2
|
|
ansible.builtin.command: /bin/task2
|
|
|
|
rescue:
|
|
- name: Handle failure
|
|
ansible.builtin.debug:
|
|
msg: "Block failed"
|
|
|
|
always:
|
|
- name: Always run
|
|
ansible.builtin.debug:
|
|
msg: "Cleanup"
|
|
```
|
|
|
|
## Handlers
|
|
|
|
```yaml
|
|
tasks:
|
|
- name: Update config
|
|
ansible.builtin.template:
|
|
src: config.j2
|
|
dest: /etc/app/config
|
|
notify:
|
|
- Restart service
|
|
- Reload config
|
|
|
|
handlers:
|
|
- name: Restart service
|
|
ansible.builtin.service:
|
|
name: app
|
|
state: restarted
|
|
|
|
- name: Reload config
|
|
ansible.builtin.service:
|
|
name: app
|
|
state: reloaded
|
|
```
|
|
|
|
Handlers run once at end of play, even if notified multiple times.
|
|
|
|
## Including Tasks
|
|
|
|
```yaml
|
|
# Include tasks file
|
|
- name: Include tasks
|
|
ansible.builtin.include_tasks: tasks/setup.yml
|
|
|
|
# Import tasks (static)
|
|
- name: Import tasks
|
|
ansible.builtin.import_tasks: tasks/setup.yml
|
|
|
|
# Include with variables
|
|
- name: Include with vars
|
|
ansible.builtin.include_tasks: tasks/deploy.yml
|
|
vars:
|
|
environment: production
|
|
```
|
|
|
|
## Tags
|
|
|
|
```yaml
|
|
tasks:
|
|
- name: Tagged task
|
|
ansible.builtin.command: /bin/command
|
|
tags:
|
|
- deploy
|
|
- always # Always runs regardless of tag selection
|
|
|
|
- name: Never runs by default
|
|
ansible.builtin.command: /bin/command
|
|
tags: never # Only runs when explicitly tagged
|
|
```
|
|
|
|
Run with tags:
|
|
```bash
|
|
ansible-playbook playbook.yml --tags "deploy"
|
|
ansible-playbook playbook.yml --skip-tags "slow"
|
|
```
|
|
|
|
## Check Mode
|
|
|
|
```yaml
|
|
# Force check mode behavior
|
|
- name: Always runs in check
|
|
ansible.builtin.command: /bin/command
|
|
check_mode: false # Runs even in check mode
|
|
|
|
- name: Never runs in check
|
|
ansible.builtin.command: /bin/command
|
|
check_mode: true # Only runs in check mode
|
|
```
|
|
|
|
## Delegation
|
|
|
|
```yaml
|
|
# Run on different host
|
|
- name: Update load balancer
|
|
ansible.builtin.command: /bin/update-lb
|
|
delegate_to: loadbalancer
|
|
|
|
# Run locally
|
|
- name: Local action
|
|
ansible.builtin.command: /bin/local-command
|
|
delegate_to: localhost
|
|
|
|
# Run once for all hosts
|
|
- name: Single execution
|
|
ansible.builtin.command: /bin/command
|
|
run_once: true
|
|
```
|