More Frequent use Modules - In usage group order
|
Handling Files and Directories
|
file Module:
|
- name: Change file ownership, group and permissions
file:
path: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
- name: Create a secure file
file:
path: /work
owner: root
group: root
mode: '0600'
- name: Create a symbolic link
file:
src: /file/to/link/to
dest: /path/to/symlink
owner: foo
group: foo
state: link
- name: Create two hard links
file:
src: '/tmp/{{ item.src }}'
dest: '{{ item.dest }}'
state: link
with_items:
- { src: x, dest: y }
- { src: z, dest: k }
- name: Touch a file, add/remove some permissions
file:
path: /etc/foo.conf
state: touch
mode: u+rw,g-wx,o-rwx
- name: Create a directory if it does not exist
file:
path: /etc/some_directory
state: directory
mode: '0755'
- name: Recursively change ownership of a directory
file:
path: /etc/foo
state: directory
recurse: yes
owner: foo
group: foo
|
copy Module:
|
# Copy a file and set owner, group and permissions
- copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mde: 0644
# Copy a new file, backing up the original if it differs from the copied version
- copy:
src: /mine/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
backup: yes
# Copy using the 'content' for inline data
- copy:
content: '# This file was moved to /etc/other.conf'
dest: /etc/mine.conf'
# Copy all files in a directory to destination
- copy:
src={{ item }}
dest=/destination/
with_fileglob:
- /files/*
|
template Module:
|
- name: Template a file to /etc/files.conf
template:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mde: 0644
|
synchronize Module:
|
- name: Synchronization of src on the control machine to dest on the remote hosts
synchronize:
src: some/relative/path
dest: /some/absolute/path
- name: Synchronization using rsync protocol (push)
synchronize:
src: some/relative/path/
dest: rsync://somehost.com/path/
|
lineinfile Module:
|
# Find a pattern and replace it in a file
- lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
# Find a pattern and remove it in a file
- lineinfile:
path: /etc/sudoers
state: absent
regexp: '^%wheel'
# Find a pattern and replace it and change the owner, group and permissions of the file
- lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
line: '127.0.0.1 localhost'
owner: root
group: root
mode: 0644
# Search for a pattern and replace it if found, otherwise insert line after second pattern
- lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: 'Listen 8080'
# Search for a pattern and replace it if found, otherwise insert line before second pattern
- lineinfile:
path: /etc/services
regexp: '^# port for http'
insertbefore: '^www. *80/tcp'
line: '# port for http by default'
|
replace Module:
|
# Find a pattern and replace it in a file and make a backup of original file
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
backup: yes
# Replace after the expression till the end of the file
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
after: 'Start after line.*'
backup: yes
# Replace before the expression till the begin of the file
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
before: 'Start before line.*'
backup: yes
# Replace between the expressions
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
after: 'Start after line.*'
before: 'Start before line.*'
backup: yes
|
blockinfile Module:
|
- name: Insert/Update "Match User" configuration block in /etc/ssh/sshd_config
blockinfile:
path: /etc/ssh/sshd_config
block: |
Match User ansible-agent
PasswordAuthentication no
- name: Insert/Update eth0 configuration stanza in /etc/network/interfaces
blockinfile:
path: /etc/network/interfaces
block: |
iface eth0 inet static
address 192.0.2.23
netmask 255.255.255.0
- name: Insert/Update configuration using a local file and validate it
blockinfile:
block: "{{ lookup('file', './local/ssh_config') }}"
dest: /etc/ssh/ssh_config
backup: yes
validate: /usr/sbin/sshd -T -f %s
- name: Insert/Update HTML surrounded by custom markers after <body> line
blockinfile:
path: /var/www/html/index.html
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
insertafter: "<body>"
block: |
<h1>Welcome to {{ ansible_hostname }}</h1>
<p>Last updated on {{ ansible_date_time.iso8601 }}</p>
- name: Remove HTML as well as surrounding markers
blockinfile:
path: /var/www/html/index.html
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
block: ""
- name: Add mappings to /etc/hosts
blockinfile:
path: /etc/hosts
block: |
{{ item.ip }} {{ item.name }}
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.name }}"
with_items:
- {name: host1, ip: 10.10.1.10 }
- {name: host2, ip: 10.10.1.11 }
- {name: host3, ip: 10.10.1.12 }
|
Handling Packages and Services
|
yum Module:
|
- name: ensure PACKAGE is at the latest version
yum:
name: PACKAGE
state: latest
# state can be latest, present or absent.
|
package Module:
|
- name: ensure PACKAGE is at the latest version
package:
name: PACKAGE
state: latest
# state can be latest, present or absent.
|
service Module:
|
- name: ensure SERVICE is running
service:
name: SERVICE
state: started
enabled: yes
# state can be started, stopped, restarted, or reloaded.
# enabled can be yes or no.
|
systemd Module:
|
- name: ensure SERVICE is running
systemd:
name: SERVICE
state: started
enabled: yes
# state can be started, stopped, restarted, or reloaded.
# enabled can be yes or no.
|
Command Execution
|
command Module:
|
- name: return motd to registered var
command: cat /etc/motd
register: mymotd
- name: Run the command if the specified file does not exist.
command: /usr/bin/make_database.sh arg1 arg2 creates=/path/to/database
# You can also use the 'args' form to provide the options.
- name: Change the working directory to somedir/ and only run when /path/to/database doesn't exist.
command: /usr/bin/make_database.sh arg1 arg2
args:
chdir: somedir/
creates: /path/to/database
- name: safely use templated variable to run command.
command: cat {{ myfile|quote }}
register: myoutput
# Multiple Commands
- command: "{{ item }} chdir=/src/package/"
with_items:
- ./configure
- /usr/bin/make
- /usr/bin/make install
|
shell Module:
|
- name: Execute the command in remote shell.
shell: somescript.sh >> somelog.txt
- name: Change the working directory to somedir/ before executing the command.
shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
# You can also use the 'args' form to provide the options.
- name: This command will change the working directory to somedir/ and will only run when somedir/somelog.txt doesn't exist.
shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
creates: somelog.txt
- name: Run a command that uses non-posix shell-isms (in this example /bin/sh doesn't handle redirection and wildcards together but bash does)
shell: cat < /tmp/*txt
args:
executable: /bin/bash
- name: Run a command using a templated variable (always use quote filter to avoid injection)
shell: cat {{ myfile|quote }}
# You can use shell to run other executables to perform actions inline
- name: Run expect to wait for a successful PXE boot via out-of-band CIMC
shell: |
set timeout 300
spawn ssh admin@{{ cimc_host }}
expect "password:"
send "{{ cimc_password }}\n"
expect "\n{{ cimc_name }}"
send "connect host\n"
expect "pxeboot.n12"
send "\n"
exit 0
args:
executable: /usr/bin/expect
delegate_to: localhost
# Disabling warnings
- name: Using curl to connect to a host via SOCKS proxy (unsupported in url). Ordinarily this would throw a warning.
shell: curl --socks5 localhost:9000 http://www.ansible.com
args:
warn: no
|
More Frequent use Modules - In alphabet order
|
B
|
blockinfile Module:
|
- name: Insert/Update "Match User" configuration block in /etc/ssh/sshd_config
blockinfile:
path: /etc/ssh/sshd_config
block: |
Match User ansible-agent
PasswordAuthentication no
- name: Insert/Update eth0 configuration stanza in /etc/network/interfaces
blockinfile:
path: /etc/network/interfaces
block: |
iface eth0 inet static
address 192.0.2.23
netmask 255.255.255.0
- name: Insert/Update configuration using a local file and validate it
blockinfile:
block: "{{ lookup('file', './local/ssh_config') }}"
dest: /etc/ssh/ssh_config
backup: yes
validate: /usr/sbin/sshd -T -f %s
- name: Insert/Update HTML surrounded by custom markers after <body> line
blockinfile:
path: /var/www/html/index.html
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
insertafter: "<body>"
block: |
<h1>Welcome to {{ ansible_hostname }}</h1>
<p>Last updated on {{ ansible_date_time.iso8601 }}</p>
- name: Remove HTML as well as surrounding markers
blockinfile:
path: /var/www/html/index.html
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->" block: ""
- name: Add mappings to /etc/hosts
blockinfile:
path: /etc/hosts
block: |
{{ item.ip }} {{ item.name }}
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.name }}"
with_items:
- {name: host1, ip: 10.10.1.10 }
- {name: host2, ip: 10.10.1.11 }
- {name: host3, ip: 10.10.1.12 }
|
C
|
command Module:
|
- name: return motd to registered var
command: cat /etc/motd
register: mymotd
- name: Run the command if the specified file does not exist.
command: /usr/bin/make_database.sh arg1 arg2
creates=/path/to/database
# You can also use the 'args' form to provide the options.
- name: Change the working directory to somedir/ and only run when /path/to/database doesn't exist.
command: /usr/bin/make_database.sh arg1 arg2
args:
chdir: somedir/
creates: /path/to/database
- name: safely use templated variable to run command.
command: cat {{ myfile|quote }}
register: myoutput
# Multiple Commands
- command: "{{ item }} chdir=/src/package/"
with_items:
- ./configure
- /usr/bin/make
- /usr/bin/make install
|
copy Module:
|
# Copy a file and set owner, group and permissions
- copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mde: 0644
# Copy a new file, backing up the original if it differs from the copied version
- copy:
src: /mine/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
backup: yes
# Copy using the 'content' for inline data
- copy:
content: '# This file was moved to /etc/other.conf'
dest: /etc/mine.conf'
# Copy all files in a directory to destination
- copy:
src={{ item }}
dest=/destination/
with_fileglob:
- /files/*
|
F
|
file Module:
|
- name: Change file ownership, group and permissions
file:
path: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
- name: Create a secure file
file:
path: /work
owner: root
group: root
mode: '0600'
- name: Create a symbolic link
file:
src: /file/to/link/to
dest: /path/to/symlink
owner: foo
group: foo
state: link
- name: Create two hard links
file:
src: '/tmp/{{ item.src }}'
dest: '{{ item.dest }}'
state: link
with_items:
- { src: x, dest: y }
- { src: z, dest: k }
- name: Touch a file, add/remove some permissions
file:
path: /etc/foo.conf
state: touch
mode: u+rw,g-wx,o-rwx
- name: Create a directory if it does not exist
file:
path: /etc/some_directory
state: directory
mode: '0755'
- name: Recursively change ownership of a directory
file:
path: /etc/foo
state: directory
recurse: yes
owner: foo
group: foo
|
L
|
lineinfile Module:
|
# FInd a pattern and replace it in a file
- lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
# FInd a pattern and remove it in a file
- lineinfile:
path: /etc/sudoers
state: absent
regexp: '^%wheel'
# Find a pattern and replace it and change the owner, group and permissions of the file
- lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
line: '127.0.0.1 localhost'
owner: root
group: root
mode: 0644
# Search for a pattern and replace it if found, otherwise insert line after second pattern
- lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: 'Listen 8080'
# Search for a pattern and replace it if found, otherwise insert line before second pattern
- lineinfile:
path: /etc/services
regexp: '^# port for http'
insertbefore: '^www. *80/tcp'
line: '# port for http by default'
|
P
|
package Module:
|
- name: ensure PACKAGE is at the latest version
package:
name: PACKAGE
state: latest
# state can be latest, present or absent.
|
R
|
replace Module:
|
# FInd a pattern and replace it in a file and make a backup of original file
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
backup: yes
# Replace after the expression till the end of the file
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
after: 'Start after line.*'
backup: yes
# Replace before the expression till the begin of the file
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
before: 'Start before line.*'
backup: yes
# Replace between the expressions
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
after: 'Start after line.*'
before: 'Start before line.*'
backup: yes
|
S
|
service Module:
|
- name: ensure SERVICE is running
service:
name: SERVICE
state: started
enabled: yes
# state can be started, stopped, restarted, or reloaded.
# enabled can be yes or no.
|
shell Module:
|
- name: Execute the command in remote shell.
shell: somescript.sh >> somelog.txt
- name: Change the working directory to somedir/ before executing the command.
shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
# You can also use the 'args' form to provide the options.
- name: This command will change the working directory to somedir/ and will only run when somedir/somelog.txt doesn't exist.
shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
creates: somelog.txt
- name: Run a command that uses non-posix shell-isms (in this example /bin/sh doesn't handle redirection and wildcards together but bash does)
shell: cat < /tmp/*txt
args:
executable: /bin/bash
- name: Run a command using a templated variable (always use quote filter to avoid injection)
shell: cat {{ myfile|quote }}
# You can use shell to run other executables to perform actions inline
- name: Run expect to wait for a successful PXE boot via out-of-band CIMC
shell: |
set timeout 300
spawn ssh admin@{{ cimc_host }}
expect "password:"
send "{{ cimc_password }}\n"
expect "\n{{ cimc_name }}"
send "connect host\n"
expect "pxeboot.n12"
send "\n"
exit 0
args:
executable: /usr/bin/expect
delegate_to: localhost
# Disabling warnings
- name: Using curl to connect to a host via SOCKS proxy (unsupported in url). Ordinarily this would throw a warning.
shell: curl --socks5 localhost:9000 http://www.ansible.com
args:
warn: no
|
synchronize Module:
|
- name: Synchronization of src on the control machine to dest on the remote hosts
synchronize:
src: some/relative/path
dest: /some/absolute/path
- name: Synchronization using rsync protocol (push)
synchronize:
src: some/relative/path/
dest: rsync://somehost.com/path/
|
systemd Module:
|
- name: ensure SERVICE is running
systemd:
name: SERVICE
state: started
enabled: yes
# state can be started, stopped, restarted, or reloaded.
# enabled can be yes or no.
|
T
|
template Module:
|
- name: Template a file to /etc/files.conf
template:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mde: 0644
|
Y
|
yum Module:
|
- name: ensure PACKAGE is at the latest version
yum:
name: PACKAGE
state: latest
# state can be latest, present or absent.
|