Install software
- name: Install EPEL repo
become: true
ansible.builtin.dnf:
name: epel-release
state: present
update_cache: true
Create a directory
- name: Create dnf-automatic.timer.d directory for the override
become: true
ansible.builtin.file:
path: /etc/systemd/system/dnf-automatic.timer.d/
state: directory
owner: root
group: root
mode: 0755
Upload a file
- name: Upload sysctl config
become: true
ansible.builtin.copy:
src: 99-sysctl.conf
dest: "/etc/sysctl.d/"
owner: root
group: root
mode: 0600
Upload a folder
Create a file
- name: Set the time to trigger updates
become: true
ansible.builtin.copy:
content: |
[Timer]
OnCalendar=*-*-* 01:30
dest: '/etc/systemd/system/dnf-automatic.timer.d/override.conf'
owner: root
group: root
mode: 0644
notify:
- Reload systemd ## Call a handler
Include tasks
- name: Include do-something task
ansible.builtin.include_tasks:
file: do-something.yml
apply:
become: true
become_user: "RunAsThisUserName"
Templates
- name: Update sshd configuration safely, avoid locking yourself out
ansible.builtin.template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0600
validate: /usr/sbin/sshd -t -f %s
backup: yes
Conditionals
With a variable called rol and a possible value of server or client, you can do the following. Source
{# style 1 - long form #}
{% if filepath == '/var/opt/tomcat_1' %}
{% set tomcat_value = tomcat_1_value %}
{% else %}
{% set tomcat_value = tomcat_2_value %}
{% endif %}
{# style 2 - short form #}
{% set tomcat_value = tomcat_1_value if (filepath == '/var/opt/tomcat_1') else tomcat_2_value %}
{# style 3 - with ternary filter #}
{% set tomcat_value = (filepath == '/var/opt/tomcat_1')|ternary(tomcat_1_value, tomcat_2_value) %}
<Server port={{ tomcat_value }} shutdown="SHUTDOWN">
systemd
Configure services
Restart service
- name: Restart service crond
become: true
ansible.builtin.systemd_service:
state: restarted
daemon_reload: true
name: crond
daemon reload
- name: Reload systemd
become: true
ansible.builtin.systemd_service:
daemon_reload: true
- name: Reload systemd for your user
ansible.builtin.systemd_service:
daemon_reload: yes
scope: user
- name: Reload systemd for another user
become: true
become_user: "username"
ansible.builtin.systemd_service:
daemon_reload: true
scope: "user"
loops
loop
Loops are prefered over with_<lookup>.
- name: Add several users
ansible.builtin.user:
name: "{{ item }}"
state: present
groups: "wheel"
loop:
- testuser1
- testuser2
loop_control:
pause: 3
with_
Multiple examples in the Ansible loops documentation
Can be used with the following lookups
Example to create users ^2
- name: Creating users with_items
hosts: localhost
tasks:
- name: Create user
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
state: present
with_items:
- { name: joe, uid: 1010 }
- { name: george, uid: 1011 }
- { name: ravi, uid: 1012 }
loop over dictionaries
Using the lookup filter ^1
- name: Validate Services
hosts: myhosts
vars:
services:
nginx:
state: started
enabled: yes
httpd:
state: stopped
enabled: no
mysqld:
state: started
tasks:
- name: Ensure services are correct
service:
name: "{{ item.key }}"
state: "{{ item.value.state }}"
enabled: "{{ item.value.enabled | default('yes') }}"
loop: "{{ lookup('dict', services) }}"
Using the dict2items filter ^1
- name: Create user accounts from a dictionary
hosts: myhosts
vars:
users_dict:
mjordan:
uid: 1001
groups: "dev"
mmathers:
uid: 1002
groups: "prod"
tasks:
- name: Create user accounts
user:
name: "{{ item.key }}"
uid: "{{ item.value.uid }}"
groups: "{{ item.value.groups }}"
loop: "{{ users_dict | dict2items }}"
Control
Error handling
Error handling in Ansible's Doc
Ignore errors
- name: Do not count this as a failure
ansible.builtin.command: /bin/false
ignore_errors: true