1. ansible
The ansible command runs ad-hoc tasks (single modules) against hosts in the inventory.
| Command Name | Description | Example |
|---|---|---|
ansible <host-pattern> -m ping | Ping all hosts to check connectivity. | ansible all -m ping |
ansible <host-pattern> -m shell -a "<command>" | Run a shell command with shell features (pipes, redirects). | ansible webservers -m shell -a "uptime" |
ansible <host-pattern> -m command -a "<command>" | Run a command without shell features. | ansible dbservers -m command -a "df -h" |
ansible <host-pattern> -m setup | Gather facts about hosts. | ansible localhost -m setup |
ansible <host-pattern> -m user -a "<args>" | Manage user accounts (create, delete, modify). | ansible all -m user -a "name=john state=present" |
ansible <host-pattern> -m copy -a "<args>" | Copy files to remote hosts. | ansible all -m copy -a "src=foo.conf dest=/etc/foo.conf" |
ansible <host-pattern> -m yum -a "<args>" | Install packages using yum. | ansible all -m yum -a "name=httpd state=latest" |
ansible <host-pattern> -m service -a "<args>" | Manage services (start, stop, restart). | ansible all -m service -a "name=httpd state=restarted" |
ansible <host-pattern> -m file -a "<args>" | Manage files and directories (create, delete, set permissions). | ansible all -m file -a "path=/tmp/testfile state=touch" |
ansible <host-pattern> -m get_url -a "<args>" | Download files from a URL. | ansible all -m get_url -a "url=https://example.com/file.tar.gz dest=/tmp/file.tar.gz" |
ansible <host-pattern> -m debug -a "<args>" | Print debug messages. | ansible all -m debug -a "msg='Hello World'" |
ansible <host-pattern> -a "<command>" | Run a shell command (default to shell module if -m omitted). | ansible all -a "uname -a" |
ansible <host-pattern> -b -m <module> -a "<args>" | Run with privilege escalation (sudo). | ansible all -b -m apt -a "name=nginx state=present" |
ansible <host-pattern> -u <user> -m <module> | Run as a specific user. | ansible all -u admin -m ping |
ansible <host-pattern> --list-hosts | List hosts matching the pattern. | ansible all --list-hosts |
ansible <host-pattern> --limit <subset> -m <module> | Limit execution to a subset of hosts. | ansible all --limit dbservers -m ping |
ansible <host-pattern> --check -m <module> -a "<args>" | Run in dry-run mode (check changes without applying). | ansible all --check -m yum -a "name=git state=present" |
ansible <host-pattern> -m <module> -a "<args>" -v | Run with verbose output (add -vv or -vvv for more). | ansible all -m command -a "ls -l /tmp" -v |
ansible <host-pattern> -m raw -a "<command>" | Run raw commands (no Python required on remote). | ansible all -m raw -a "uptime" |
2. ansible-playbook
The ansible-playbook command runs complex, multi-step playbooks written in YAML.
| Command Name | Description | Example |
|---|---|---|
ansible-playbook <playbook.yml> | Run a playbook. | ansible-playbook site.yml |
ansible-playbook -i <inventory> <playbook.yml> | Specify a custom inventory file. | ansible-playbook -i inventory.yml site.yml |
ansible-playbook -l <host-group> <playbook.yml> | Limit execution to a specific host group. | ansible-playbook -l webservers site.yml |
ansible-playbook -u <user> <playbook.yml> | Run as a specific user. | ansible-playbook -u deployer site.yml |
ansible-playbook -b <playbook.yml> | Run with privilege escalation (sudo). | ansible-playbook -b site.yml |
ansible-playbook -k <playbook.yml> | Prompt for SSH password. | ansible-playbook -k site.yml |
ansible-playbook -K <playbook.yml> | Prompt for privilege escalation password. | ansible-playbook -K site.yml |
ansible-playbook --check <playbook.yml> | Run in dry-run mode. | ansible-playbook --check site.yml |
ansible-playbook --diff <playbook.yml> | Show differences when files are modified. | ansible-playbook --diff site.yml |
ansible-playbook --start-at-task="<task-name>" <playbook.yml> | Start execution at a specific task. | ansible-playbook --start-at-task="Install packages" site.yml |
ansible-playbook -e <var=value> <playbook.yml> | Set extra variables. | ansible-playbook -e var=value site.yml |
ansible-playbook -e @<vars-file> <playbook.yml> | Load extra variables from a YAML file. | ansible-playbook -e @vars.yml site.yml |
ansible-playbook --tags "<tag1,tag2>" <playbook.yml> | Run tasks with specific tags. | ansible-playbook --tags "setup,install" site.yml |
ansible-playbook --skip-tags "<tag>" <playbook.yml> | Skip tasks with specific tags. | ansible-playbook --skip-tags "test" site.yml |
ansible-playbook --step <playbook.yml> | Run tasks interactively, prompting for each. | ansible-playbook --step site.yml |
ansible-playbook -v <playbook.yml> | Run in verbose mode (add -vv or -vvv for more). | ansible-playbook -v site.yml |
ansible-playbook --syntax-check <playbook.yml> | Check playbook syntax without execution. | ansible-playbook --syntax-check site.yml |
ansible-playbook --list-hosts <playbook.yml> | List hosts targeted by the playbook. | ansible-playbook --list-hosts site.yml |
ansible-playbook --list-tasks <playbook.yml> | List all tasks in the playbook. | ansible-playbook --list-tasks site.yml |
ansible-playbook --list-tags <playbook.yml> | List all tags in the playbook. | ansible-playbook --list-tags site.yml |
ansible-playbook --flush-cache <playbook.yml> | Clear fact cache before running. | ansible-playbook --flush-cache site.yml |
ansible-playbook --forks <number> <playbook.yml> | Set number of parallel processes. | ansible-playbook --forks 20 site.yml |
3. ansible-galaxy
The ansible-galaxy command manages roles and collections (install, create, list, remove).
| Command Name | Description | Example |
|---|---|---|
ansible-galaxy install <role> | Install a role from Ansible Galaxy. | ansible-galaxy install geerlingguy.nginx |
ansible-galaxy install -r <requirements-file> | Install multiple roles from a requirements file. | ansible-galaxy install -r requirements.yml |
ansible-galaxy list | List installed roles. | ansible-galaxy list |
ansible-galaxy remove <role> | Remove an installed role. | ansible-galaxy remove geerlingguy.nginx |
ansible-galaxy init <role-name> | Scaffold a new role. | ansible-galaxy init myrole |
ansible-galaxy collection install <collection> | Install a collection from Ansible Galaxy. | ansible-galaxy collection install community.general |
ansible-galaxy collection install -r <requirements-file> | Install collections from a requirements file. | ansible-galaxy collection install -r collections/requirements.yml |
ansible-galaxy collection list | List installed collections. | ansible-galaxy collection list |
ansible-galaxy collection init <namespace.collection> | Scaffold a new collection. | ansible-galaxy collection init my_namespace.my_collection |
ansible-galaxy role search <keyword> | Search roles by keyword. | ansible-galaxy role search nginx |
ansible-galaxy collection search <keyword> | Search collections by keyword. | ansible-galaxy collection search kubernetes |
ansible-galaxy role info <role> | Show details for a specific role. | ansible-galaxy role info geerlingguy.nginx |
ansible-galaxy collection info <collection> | Show details for a specific collection. | ansible-galaxy collection info community.general |
4. ansible-vault
The ansible-vault command encrypts, decrypts, and manages sensitive data.
| Command Name | Description | Example |
|---|---|---|
ansible-vault create <file> | Create a new encrypted file. | ansible-vault create secrets.yml |
ansible-vault edit <file> | Edit an encrypted file in-place. | ansible-vault edit secrets.yml |
ansible-vault view <file> | View contents of an encrypted file. | ansible-vault view secrets.yml |
ansible-vault encrypt <file> | Encrypt a plaintext file. | ansible-vault encrypt file.yml |
ansible-vault decrypt <file> | Decrypt an encrypted file to plaintext. | ansible-vault decrypt secrets.yml |
ansible-vault rekey <file> | Change the password of an encrypted file. | ansible-vault rekey secrets.yml |
ansible-vault encrypt_string '<string>' --name '<var-name>' | Encrypt a string for use in playbooks. | ansible-vault encrypt_string 'supersecret' --name 'my_secret' |
ansible-vault encrypt --vault-password-file <file> <file> | Encrypt a file using a password file. | ansible-vault encrypt --vault-password-file ~/.vault_pass.txt secrets.yml |
ansible-vault decrypt --vault-password-file <file> <file> | Decrypt a file using a password file. | ansible-vault decrypt --vault-password-file ~/.vault_pass.txt secrets.yml |
ansible-playbook --ask-vault-pass <playbook.yml> | Prompt for vault password during playbook execution. | ansible-playbook --ask-vault-pass site.yml |
ansible-playbook --vault-password-file <file> <playbook.yml> | Use a password file for vault during playbook execution. | ansible-playbook --vault-password-file ~/.vault_pass.txt site.yml |
5. ansible-doc
The ansible-doc command displays documentation for modules and plugins.
| Command Name | Description | Example |
|---|---|---|
ansible-doc <module-name> | Show documentation for a specific module. | ansible-doc ping |
ansible-doc -l | List all available modules. | ansible-doc -l |
ansible-doc -s <module-name> | Show minimal argument specification for a module. | ansible-doc -s file |
ansible-doc -M <path> <module-name> | Show documentation for a module in a custom library directory. | ansible-doc -M ./library custom_module |
ansible-doc -t lookup <plugin-name> | Show documentation for a lookup plugin. | ansible-doc -t lookup file |
ansible-doc --playbook-dir=<path> | Specify playbook directory context for documentation. | ansible-doc --playbook-dir=./roles/ |
ansible-doc --json | Output module documentation in JSON format. | ansible-doc --json |
6. ansible-inventory
The ansible-inventory command manages and displays inventory information.
| Command Name | Description | Example |
|---|---|---|
ansible-inventory --list | List all hosts and groups in JSON format. | ansible-inventory --list |
ansible-inventory --graph | Display inventory as a graph. | ansible-inventory --graph |
ansible-inventory --host <hostname> | Show variables for a specific host. | ansible-inventory --host webserver1 |
ansible-inventory -i <inventory-file> --list | List inventory from a specific file. | ansible-inventory -i hosts.ini --list |
ansible-inventory -i <inventory-file> --graph | Display graph from a specific inventory file. | ansible-inventory -i inventory.yml --graph |
ansible-inventory -i <dynamic-inventory> --list | List inventory from a dynamic source. | ansible-inventory -i aws_ec2.yaml --list |
ansible-inventory --yaml | Output inventory in YAML format. | ansible-inventory --yaml |
ansible-inventory --vars | Include variables in the output. | ansible-inventory --vars |
ansible-inventory --export | Export inventory for external use. | ansible-inventory --export |
ansible-inventory --help | Show all available options. | ansible-inventory --help |
7. ansible-pull
The ansible-pull command runs playbooks in pull mode (nodes pull from a repository).
| Command Name | Description | Example |
|---|---|---|
ansible-pull -U <repo-url> | Pull and run playbook from a git repository. | ansible-pull -U https://github.com/example/repo.git |
ansible-pull -U <repo-url> <playbook.yml> | Pull and run a specific playbook. | ansible-pull -U https://github.com/example/repo.git playbook.yml |
ansible-pull -U <repo-url> -i <inventory> | Specify inventory (e.g., localhost). | ansible-pull -U https://github.com/example/repo.git -i localhost, |
ansible-pull -U <repo-url> -d <path> | Specify checkout directory. | ansible-pull -U https://github.com/example/repo.git -d /tmp/checkout |
ansible-pull -U <repo-url> -C <branch> | Checkout a specific branch. | ansible-pull -U https://github.com/example/repo.git -C dev |
ansible-pull -U <repo-url> -e "<var=value>" | Pass extra variables. | ansible-pull -U https://github.com/example/repo.git -e "var=value" |
ansible-pull -U <repo-url> --accept-host-key | Automatically accept git SSH host keys. | ansible-pull -U https://github.com/example/repo.git --accept-host-key |
ansible-pull -U <repo-url> -v | Run in verbose mode. | ansible-pull -U https://github.com/example/repo.git -v |
8. ansible-config
The ansible-config command views and manages Ansible configuration settings.
| Command Name | Description | Example |
|---|---|---|
ansible-config view | Show current configuration settings. | ansible-config view |
ansible-config list | List all configuration options and their defaults. | ansible-config list |
ansible-config dump | Dump configuration settings with their sources. | ansible-config dump |
ansible-config init --disabled > ansible.cfg | Generate a commented ansible.cfg template. | ansible-config init --disabled > ansible.cfg |
9. ansible-console
The ansible-console command provides an interactive shell for ad-hoc commands.
| Command Name | Description | Example |
|---|---|---|
ansible-console | Start interactive console for all hosts. | ansible-console |
ansible-console <host-pattern> | Limit console to a specific host group. | ansible-console webservers |
ansible-console --inventory <inventory> | Use a custom inventory file. | ansible-console --inventory inventory.yml |
ansible-console --become | Run with privilege escalation. | ansible-console --become |
ansible-console > ping | Run ping module inside console. | > ping |
ansible-console > shell <command> | Run shell command inside console. | > shell uname -a |
ansible-console > apt <args> | Run apt module inside console. | > apt name=git state=present |
ansible-console > exit | Exit the console. | > exit |
10. ansible-connection
The ansible-connection command manages connection plugins (rarely used directly).
| Command Name | Description | Example |
|---|---|---|
ansible-connection -h | Show help and available subcommands. | ansible-connection -h |
ansible-connection password | Show password subcommand (used by connection plugins). | ansible-connection password |
11. Common Ansible Modules
Below is a table of common Ansible modules with their YAML examples.
| Module Name | Description | Example (YAML) |
|---|---|---|
command | Run a command without shell features. | yaml<br>- name: List directory<br> ansible.builtin.command:<br> cmd: ls -l /tmp<br> |
shell | Run a shell command with pipes/redirects. | yaml<br>- name: Run shell with pipe<br> ansible.builtin.shell: "cat /etc/passwd | grep root"<br> |
copy | Copy files to remote hosts. | yaml<br>- name: Copy config file<br> ansible.builtin.copy:<br> src: ./nginx.conf<br> dest: /etc/nginx/nginx.conf<br> |
template | Deploy files from Jinja2 templates. | yaml<br>- name: Deploy config from template<br> ansible.builtin.template:<br> src: ./app.conf.j2<br> dest: /etc/myapp/app.conf<br> |
file | Manage files and directories (permissions, state). | yaml<br>- name: Set permissions<br> ansible.builtin.file:<br> path: /opt/foo<br> state: directory<br> mode: '0755'<br> |
service | Manage services (start, stop, restart). | yaml<br>- name: Ensure nginx is running<br> ansible.builtin.service:<br> name: nginx<br> state: started<br> |
user | Manage user accounts. | yaml<br>- name: Add user<br> ansible.builtin.user:<br> name: deploy<br> groups: sudo<br> state: present<br> |
apt | Manage packages on Debian-based systems. | yaml<br>- name: Install nginx (Debian)<br> ansible.builtin.apt:<br> name: nginx<br> state: latest<br> |
yum | Manage packages on RHEL-based systems. | yaml<br>- name: Install nginx (RHEL)<br> ansible.builtin.yum:<br> name: nginx<br> state: latest<br> |
git | Clone or manage git repositories. | yaml<br>- name: Clone a repo<br> ansible.builtin.git:<br> repo: 'https://github.com/example/project.git'<br> dest: /opt/app<br> |