HON95-wiki/config/automation/ansible.md

---

title: Ansible breadcrumbs:

• title: Configuration
• title: Automation --- {% include header.md %}

Ad Hoc Usage

• Run module for host: ansible all -i <host>, -m <module> [-a <module-arg>]
  • The comma after the host is required to treat it as a host list literal instead of an inventory file name.
  • Use -i localhost, --connection=local to run locally.
• Get facts (with optional filter): ansible all -i <host>, -m setup -a 'filter=ansible_os_*' (example fact filter)

Playbooks

• Basic: ansible-playbook <playbook>
• Specify inventory file: ansible-playbook -i <hosts> <playbook>
• Limit which groups/hosts to use (comma-separated): ansible-playbook -l <group|host> <playbook>
• Limit which tasks to run using tags (comma-separated): ansible-playbook -t <tag> <playbook>
• Use Vault password file: ansible-playbook --vault-password-file <file> <...>

Vault

• Use file for password: Just add the password as the only line in a file.
• Encrypt, prompt for secret, using password file: ansible-vault encrypt_string --vault-password-file ~/.ansible_vault/stuff
• To avoid leaking secrets in logs and stuff, use no_log in tasks handling secrets.

Configuration

Example /etc/ansible/ansible.cfg or ~/.ansible.cfg:

[defaults]
# Change to "auto" if this path causes problems
interpreter_python = /usr/bin/python3
host_key_checking = false

{% include footer.md %}