Ansible playbook directives and modules reference
Complete reference for Ansible playbook keywords, common modules, and inventory configuration options.
Ansible playbook directives and modules reference
Complete reference for Ansible playbook keywords, common modules, and inventory configuration options.
Ansible Playbook Keywords
| Keyword | Description | Example |
|---|---|---|
hosts | Target hosts or groups from the inventory. | hosts: webservers |
become | Escalate privileges (run as root via sudo). | become: true |
become_user | User to escalate to. Default: root. | become_user: postgres |
vars | Define variables for the play. | vars: {http_port: 80} |
vars_files | Load variables from external YAML files. | vars_files: [vars/main.yml] |
tasks | List of tasks to execute in order. | tasks: [{name: ..., apt: ...}] |
handlers | Tasks triggered by
notify— run once at end of play. | handlers: [{name: Reload Nginx, service: ...}] |
roles | List of roles to apply to the play. | roles: [nginx, certbot] |
serial | Number or percentage of hosts to process at once (rolling updates). | serial: 2 |
gather_facts | Whether to collect host facts before running tasks. Default: true. | gather_facts: false |
Common Ansible Modules
| Module | Description | Example |
|---|---|---|
apt | Manage packages on Debian/Ubuntu. | apt: name=nginx state=present update_cache=true |
yum/
dnf | Manage packages on RHEL/CentOS/Fedora. | dnf: name=nginx state=present |
service | Manage systemd/init services. | service: name=nginx state=started enabled=true |
copy | Copy files from control node to managed nodes. | copy: src=files/app.conf dest=/etc/app.conf |
template | Render Jinja2 templates and deploy to managed nodes. | template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf |
file | Set file/directory permissions, ownership, create/delete. | file: path=/var/log/app state=directory owner=app |
user | Manage user accounts. | user: name=deploy shell=/bin/bash groups=sudo |
ufw | Manage UFW firewall rules. | ufw: rule=allow port=22 proto=tcp |
command | Run a raw command (not through shell). Not idempotent. | command: /opt/app/migrate.sh |
shell | Run a command through the shell. Not idempotent. | shell: cat /etc/hosts \| grep myhost |
lineinfile | Ensure a specific line exists in a file. | lineinfile: path=/etc/hosts line="10.0.0.1 myhost" |
git | Clone or update a Git repository. | git: repo=https://github.com/user/app dest=/opt/app version=main |