Skip to content

Instantly share code, notes, and snippets.

@nntrn
Last active June 11, 2021 23:50
Show Gist options
  • Save nntrn/932add3d60cbb393b487070f9396ea25 to your computer and use it in GitHub Desktop.
Save nntrn/932add3d60cbb393b487070f9396ea25 to your computer and use it in GitHub Desktop.
ansible
# source:
# https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/
# Ping hosts
ansible <HOST_GROUP> -m ping
# Display gathered facts
ansible <HOST_GROUP> -m setup | less
# Filter gathered facts
ansible <HOST_GROUP> -m setup -a "filter=ansible_distribution*"
# Copy SSH key manually
ansible <HOST_GROUP> -m authorized_key -a "user=root key='ssh-rsa AAAA...XXX == root@hostname'"
# Modify file using lineinfile
ansible all -m lineinfile -a "dest=/etc/group regexp='^(users:x:100:)(.*)' line='\1ldapusername,\2' state=present backrefs=yes"
# Specifying a user:
ansible-playbook playbooks/atmo_playbook.yml --user atmouser
# Using a specific SSH private key:
ansible -m ping hosts --private-key=~/.ssh/keys/id_rsa -u centos
# Passing arguments:
ansible-playbook playbooks/atmo_playbook.yml -e "ATMOUSERNAME=atmouser"
# Limit to one host
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit "host1"
# Limit to multiple hosts
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit "host1,host2"
# Negated limit. NOTE: Single quotes MUST be used to prevent bash interpolation.
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit 'all:!host1'
# Limit to host group
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit 'group1'
# Limit to all tags matching install
ansible-playbook playbooks/PLAYBOOK_NAME.yml --tags 'install'
# Skip any tag matching sudoers
ansible-playbook playbooks/PLAYBOOK_NAME.yml --skip-tags 'sudoers'
# This can be done like this:
ansible-playbook playbooks/PLAYBOOK_NAME.yml --flush-cache
# Check for bad syntax:
ansible-playbook playbooks/PLAYBOOK_NAME.yml --syntax-check
# One can run in dry-run mode like this:
ansible-playbook playbooks/PLAYBOOK_NAME.yml --check
# Using raw module to run command similar to running directly via SSH:
ansible -m raw -s -a "yum install libselinux-python -y" new-atmo-images
# Manually flushing controller's redis cache
ansible localhost -m redis -a "command=flush flush_mode=all" -c local
# https://docs.ansible.com/ansible/latest/user_guide/vault.html#vault
# to encrypt the string 'foobar' using the only password stored
# in 'a_password_file' and name the variable 'the_secret':
ansible-vault encrypt_string --vault-password-file a_password_file 'foobar' --name 'the_secret'
# To encrypt the string 'foooodev', add the vault ID label 'dev' with the 'dev' vault
# password stored in 'a_password_file', and call the encrypted variable 'the_dev_secret'
ansible-vault encrypt_string --vault-id dev@a_password_file 'foooodev' --name 'the_dev_secret'
# To encrypt the string 'letmein' read from stdin, add the vault ID 'dev' using the 'dev'
# vault password stored in a_password_file, and name the variable 'db_password':
echo -n 'letmein' | ansible-vault encrypt_string --vault-id dev@a_password_file --stdin-name 'db_password'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment