Ansible Cheatsheet

Top commands.

Overview

Ansible is the agentless config-management tool that runs over SSH. Five primitive surfaces cover almost every operational use: agentless connectivity, declarative idempotent playbooks, inventory grouping, built-in modules for common tasks, and reusable roles plus collections for sharing patterns across the team.

• Agentless. SSH-based; no agent install on managed hosts. Fleet management starts with credentials, not bootstrapping.
• Declarative playbooks. Tasks declare desired state. Reruns are safe because operations are idempotent.
• Inventory. Hosts grouped logically. Operations target precisely instead of broadly.
• Modules plus roles. Built-in modules handle common operations; roles and collections share reusable patterns across teams.

The approach

Five idioms carry most of the operational weight. Memorising them moves the team from copy-pasted Stack Overflow snippets to confident playbook authoring.

• ansible-playbook --check. Dry-run mode shows what would change. Test before applying.
• ansible-playbook --diff. Diff mode shows file content changes. Reviewable transparency on every run.
• --limit. Run on a host subset. Gradual rollout instead of fleet-wide blast.
• --tags plus ansible-vault. Run subsets of tasks for fast iteration; encrypt secrets so plaintext never enters source control.

Why this compounds

Each playbook captures operational knowledge in a reviewable artefact. The team’s reusable library grows; new team members inherit the patterns instead of reinventing them; manual SSH commands stop being how production gets touched.

• Reproducible operations. Playbooks replace manual SSH. State stays consistent across hosts.
• Shareable knowledge. Roles and collections capture patterns. New hires inherit the discipline.
• Audit trail. Playbooks in git produce a complete history of what changed and why.
• Year-one investment, year-two habit. First year builds patterns. By year two, Ansible is the default for any host operation.