Ansible - Playbook


Playbook is the language of Ansible.

A playbook is a list of play.

Playbooks are:

  • kept in source control

Playbooks can be used to manage remote machines:

  • configurations (push out or assure that the configurations are in sync)
  • deployments

They can :

  • sequence multi-tier rollouts involving rolling updates,
  • delegate actions to other hosts,
  • interacting with monitoring servers and load balancers along the way.


Playbooks are expressed in YAML format

  - Task11
  - Task12
  - Task21
  - Task22



Each playbook is composed of one or more ‘plays’ in a list.

A play map a group of hosts to some well defined roles, represented by tasks.

Plays run in the order specified: top to bottom.

By composing a playbook of multiple plays, it is possible to orchestrate multi-machine deployments. For instance:

  • running certain steps on all machines in the webservers group,
  • then certain steps on the database server group,
  • then more commands back on the webservers group,
  • etc.


- hosts: all # one or more group or host patterns
  order: sorted # Host order: value can be 'inventory' ie as is in the inventory file, reverse_inventory, sorted (alpha), reverse_sorted, shuffle (random)
  remote_user: yourname # or root This property was called user before Ansible 1.4
  become: yes # optional
  become_user: postgres # optional
  gather_facts: False


  • --- separates play
  • host defines the target machines: one or more groups or host patterns, separated by colons that should match hosts in the inventory. all is a group that means all hosts in the inventory file.
  • remote_user, become and become_user are connection variable
    • remote_user defines the default logging remote user (The remote user can also be defined for a task)
    • become and become_user defines user escalation mechanism
  • gather_facts defines if fact must be gathered


A task is a call to an ansible module with arguments. See Ansible PlayBook - Task


Variable definition

includes, imports, and roles

import statement in Playbook

All include task are dynamic (ie included at runtime) whereas import tasks are included at start time.


Include with variable

include module

Example to loop over several domains and get the certificates by passing the variable letsencrypt_domain

- name: Get the Ovh certificate
  with_items: "{{ovh_domains}}"
  include: certbot_certonly_ovh.yml letsencrypt_domain: '{{ item }}'
  tags: nginx-cert-ovh

Import with variable


- name: Compile and copy
  import_tasks: nginx_compile_dynamic_module.yml
    nginx_dynamic_library_name: ''
    nginx_dynamic_library_source_path: '{{ nginx_build_base_dir }}/{{ nginx_pagespeed_archive_dir_name }}'


Two plays:

- hosts: webservers
  remote_user: root

  - name: ensure apache is at the latest version
      name: httpd
      state: latest
  - name: write the apache config file
      src: /srv/httpd.j2
      dest: /etc/httpd.conf

- hosts: databases
  remote_user: root

  - name: ensure postgresql is at the latest version
      name: postgresql
      state: latest
  - name: ensure that postgresql is started
      name: postgresql
      state: started


Check Syntax

ansible-playbook --syntax-check 

Pre-processing ? Filters / Function



at the command line with ansible-playbook

ansible-playbook [options] playbook.yml [playbook2 ...]
  • –ask-become-pass (-K).
  • –verbose

If you run a become playbook and the playbook seems to hang, it’s probably stuck at the privilege escalation prompt. Just kill it.

hosts with failed tasks are taken out of the rotation for the entire playbook.

  • execute a playbook using a parallelism level of 10
ansible-playbook playbook.yml -f 10


The ansible-pull is a small script that will checkout a repo of configuration instructions from git, and then run ansible-playbook against that content.

Docker Run

  • Ansible Playbook can be used to install an application inside docker

Example from webserver-simple

# From a image with Ansible installed
FROM ansible/centos7-ansible:stable

# Add playbooks to the Docker image
ADD ansible /srv/example/
WORKDIR /srv/example

# Run Ansible to configure the Docker image
RUN ansible-playbook site.yml -c local

# Other Dockerfile directives are still valid
EXPOSE 22 3000 80
ENTRYPOINT ["/usr/local/bin/apachectl", "-DFOREGROUND"]


On the localhost:

ansible-playbook playbook.yml --connection=local
# or
ansible-playbook playbook.yml -i hosts.ini


localhost ansible_connection=local

see Ansible - Connection

Documentation / Reference

Powered by ComboStrap