Ansible - Playbook

Card Puncher Data Processing


Playbook is the language of Ansible.

A playbook is a list of play.

Playbooks are:

  • kept in source control

Playbooks can be used to manage remote machines:

  • configurations (push out or assure that the configurations are in sync)
  • deployments

They can :

  • sequence multi-tier rollouts involving rolling updates,
  • delegate actions to other hosts,
  • interacting with monitoring servers and load balancers along the way.


Playbooks are expressed in YAML format

  - Task11
  - Task12
  - Task21
  - Task22



Each playbook is composed of one or more ‘plays’ in a list.

A play map a group of hosts to some well defined roles, represented by tasks.

Plays run in the order specified: top to bottom.

By composing a playbook of multiple plays, it is possible to orchestrate multi-machine deployments. For instance:

  • running certain steps on all machines in the webservers group,
  • then certain steps on the database server group,
  • then more commands back on the webservers group,
  • etc.


- hosts: all # one or more group or host patterns
  order: sorted # Host order: value can be 'inventory' ie as is in the inventory file, reverse_inventory, sorted (alpha), reverse_sorted, shuffle (random)
  remote_user: yourname # or root This property was called user before Ansible 1.4
  become: yes # optional
  become_user: postgres # optional
  gather_facts: False


  • --- separates play
  • host defines the target machines: one or more groups or host patterns, separated by colons that should match hosts in the inventory. all is a group that means all hosts in the inventory file.
  • remote_user, become and become_user are connection variable
    • remote_user defines the default logging remote user (The remote user can also be defined for a task)
    • become and become_user defines user escalation mechanism
  • gather_facts defines if fact must be gathered


A task is a call to an ansible module with arguments. See Ansible PlayBook - Task


Variable definition

includes, imports, and roles

import statement in Playbook

All include task are dynamic (ie included at runtime) whereas import tasks are included at start time.


Include with variable

include module

Example to loop over several domains and get the certificates by passing the variable letsencrypt_domain

- name: Get the Ovh certificate
  with_items: "{{ovh_domains}}"
  include: certbot_certonly_ovh.yml letsencrypt_domain: '{{ item }}'
  tags: nginx-cert-ovh

Import with variable


- name: Compile and copy
  import_tasks: nginx_compile_dynamic_module.yml
    nginx_dynamic_library_name: ''
    nginx_dynamic_library_source_path: '{{ nginx_build_base_dir }}/{{ nginx_pagespeed_archive_dir_name }}'


Two plays:

- hosts: webservers
  remote_user: root

  - name: ensure apache is at the latest version
      name: httpd
      state: latest
  - name: write the apache config file
      src: /srv/httpd.j2
      dest: /etc/httpd.conf

- hosts: databases
  remote_user: root

  - name: ensure postgresql is at the latest version
      name: postgresql
      state: latest
  - name: ensure that postgresql is started
      name: postgresql
      state: started


Check Syntax

ansible-playbook --syntax-check 

Pre-processing ? Filters / Function



at the command line with ansible-playbook

ansible-playbook [options] playbook.yml [playbook2 ...]
  • –ask-become-pass (-K).
  • –verbose

If you run a become playbook and the playbook seems to hang, it’s probably stuck at the privilege escalation prompt. Just kill it.

hosts with failed tasks are taken out of the rotation for the entire playbook.

  • execute a playbook using a parallelism level of 10
ansible-playbook playbook.yml -f 10


The ansible-pull is a small script that will checkout a repo of configuration instructions from git, and then run ansible-playbook against that content.

Docker Run

  • Ansible Playbook can be used to install an application inside docker

Example from webserver-simple

# From a image with Ansible installed
FROM ansible/centos7-ansible:stable

# Add playbooks to the Docker image
ADD ansible /srv/example/
WORKDIR /srv/example

# Run Ansible to configure the Docker image
RUN ansible-playbook site.yml -c local

# Other Dockerfile directives are still valid
EXPOSE 22 3000 80
ENTRYPOINT ["/usr/local/bin/apachectl", "-DFOREGROUND"]


On the localhost:

ansible-playbook playbook.yml --connection=local
# or
ansible-playbook playbook.yml -i hosts.ini


localhost ansible_connection=local

see Ansible - Connection

Documentation / Reference

Discover More
Card Puncher Data Processing
Ansible - Connection

Connection parameters to hosts are given through variable. ... The playbook defines ramon as connection user. At the command line, we set the connection user to lola but the connection...
Card Puncher Data Processing
Ansible - Facts (Remote System Env)

Facts are variable that contains environment information from the remote systems (ie current host (inventory_hostname)) ansible_facts contains any facts gathered or cached for the inventory_hostname...
Card Puncher Data Processing
Ansible - Function

function in Ansible are tasks that includes other playbook and can pass variable. Include_tasks is done at runtime while import_tasks is done at start time If you have a conditional (such as...
Card Puncher Data Processing
Ansible - Group (Host Properties)

A host can have one or more group (tag). A group may have also have a group. See Groups don’t really survive outside of inventory and host matching because variables are defined to a specific host...
Card Puncher Data Processing
Ansible - Host (system)

A host may have zero or more than one group (ie webserver and a dbserver). In a inventory file as playbook variable. Example Variable that are defined on the group level can be defined:...
Card Puncher Data Processing
Ansible - Inventory

inventory is a file that define the following entity: the hosts the group of host the child relationship between group and variables (connection variable,...). The preferred practice in Ansible...
Card Puncher Data Processing
Ansible - Role

Roles is the reusable unit of Ansible. You may think of it as a function. It: helps make playbook content self-contained works well with things like git submodules for sharing content with others....
Card Puncher Data Processing
Ansible - ansible-pull

ansible-pull is command line client that runs playbook in a pull way (ie on the localhost) whereas ansible-playbook will run them in a push way. It is a small script that will checkout a repo of configuration...
Card Puncher Data Processing
Ansible PlayBook - Task

A task is a call to an ansible module with arguments located in a play list. Variables can be used in arguments to modules. Tasks are executed top to bottom one at a time, against matched by the...
Linux - secure linux (SELinux)

SELinux is a kernel-level policy mechanisms. Alternatively, this can be done during the installation. Manually: Disable secure linux by editing the /etc/selinux/config file, making sure the SELINUX...

Share this page:
Follow us:
Task Runner