Red Hat Ansible Automation Platform · 6-Phase Deep Dive · Playbooks, Roles, Vault, AWX/AAP & CI/CD
Live Ansible progress across all teammates
Test your Ansible knowledge
Sync Ansible lab progress across devices.
Essential commands, inventory syntax, playbook patterns & Vault — quick reference
| ansible all -m ping | Test connectivity to all hosts |
| ansible web -m shell -a "uptime" | Run shell command on group |
| ansible all -m setup | Gather all facts from hosts |
| ansible all -m copy -a "src=f dest=/tmp/f" | Copy file to hosts |
| ansible all -m yum -a "name=nginx state=present" | Install package (RHEL) |
| ansible all -m apt -a "name=nginx state=present" | Install package (Debian) |
| ansible all -m service -a "name=nginx state=started" | Manage service state |
| ansible web -m command -a "whoami" -b | Run as root (-b = become) |
| ansible-playbook site.yml | Run playbook |
| ansible-playbook site.yml --check | Dry-run (no changes made) |
| ansible-playbook site.yml --diff | Show file diffs |
| ansible-playbook site.yml --tags deploy | Run only tagged tasks |
| ansible-playbook site.yml --limit web01 | Target specific host/group |
| ansible-playbook site.yml -e "env=prod" | Pass extra variable |
| ansible-playbook site.yml --list-tasks | List all tasks without running |
| ansible-playbook site.yml -v | Verbose (-vvv for more detail) |
# INI inventory [web] web01 ansible_host=10.0.0.1 web02 ansible_host=10.0.0.2 [db] db01 ansible_host=10.0.0.10 [web:vars] ansible_user=ec2-user ansible_ssh_private_key_file=~/.ssh/id_rsa # YAML inventory all: children: web: hosts: web01: ansible_host: 10.0.0.1 db: hosts: db01: ansible_host: 10.0.0.10
--- - name: Deploy nginx hosts: web become: true vars: nginx_port: 80 handlers: - name: restart nginx service: name=nginx state=restarted tasks: - name: Install nginx apt: name: nginx state: present notify: restart nginx - name: Deploy config template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf notify: restart nginx - name: Debug var debug: msg: "Port is {{ nginx_port }}"
| ansible-vault create secrets.yml | Create new encrypted file |
| ansible-vault edit secrets.yml | Edit encrypted file in-place |
| ansible-vault view secrets.yml | View decrypted content |
| ansible-vault encrypt vars.yml | Encrypt existing file |
| ansible-vault decrypt vars.yml | Decrypt file permanently |
| ansible-vault encrypt_string 'pass' --name 'db_pass' | Encrypt inline string |
| ansible-playbook site.yml --ask-vault-pass | Prompt for vault password |
| ansible-playbook site.yml --vault-password-file .vpass | Read password from file |
| ansible-galaxy init myrole | Scaffold role directory structure |
| ansible-galaxy install geerlingguy.nginx | Install role from Galaxy |
| ansible-galaxy install -r requirements.yml | Install from requirements file |
| ansible-galaxy collection install community.general | Install collection |
| ansible-galaxy list | List installed roles |
| molecule init scenario | Init Molecule test scenario |
| molecule test | Full test cycle (create→verify→destroy) |
| role defaults/ | Lowest priority — easy to override |
| inventory vars | Host/group vars from inventory |
| group_vars/all | Vars for all groups |
| group_vars/<group> | Group-specific vars |
| host_vars/<host> | Host-specific vars |
| play vars: | Vars section in playbook |
| register / set_fact | Task-registered vars |
| -e "key=val" | Extra vars — highest priority |
# Conditionals when: ansible_os_family == "RedHat" when: item in groups['web'] # Loops loop: {{ packages }} loop: {{ range(1, 4) | list }} # Register & use result - command: cat /etc/os-release register: os_info - debug: msg="{{ os_info.stdout }}" # Error handling block: - name: risky task command: /might/fail rescue: - debug: msg="Task failed, recovering" always: - debug: msg="Always runs" # delegate_to - name: run on localhost command: echo done delegate_to: localhost
You've completed all Ansible labs!