From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it - how to get started.

Ansible is an agentless automation system written in Python. It can be used for automating machine deployments, configuration management, or orchestrating continuous delivery.

The automation jobs are written in YAML as a series of interactions with the target hosts performed via SSH by default. Ansible requires no databases nor central runtime servers.


USE flags

USE flags for app-admin/ansible Model-driven deployment, config management, and command execution framework


Install app-admin/ansible:

root #emerge --ask app-admin/ansible

Additional software


Environment variables



  • ~/ansible.cfg or ~/.ansible.cfg - Local (per user) configuration file.
  • /etc/ansible.cfg - Global (system wide) configuration file.

Ansible configuration file location is resolved in the following order: ANSIBLE_CONFIG variable, ansible.cfg file in the current directory, ~/.ansible.cfg file, lastly /etc/ansible/ansible.cfg.

Since Ansible 2.12 (core), a configuration file can be generated by Ansible. To generate an example config file (a "disabled" one with all default settings, commented out):

user $ansible-config init --disabled > .ansible.cfg

Also, to generate a more complete file by including existing plugins:

user $ansible-config init --disabled -t all > .ansible.cfg

For previous versions, please visit Ansible GitHub page, select a branch (release), navigate to examples folder, click the ansible.cfg file, click the 'raw' button and download a copy of ansible.cfg. For example, for Ansible 2.9 please visit

To show the current Ansible configuration, use:

user $ansible-config view
FILE ~/.ansible.cfgSample basic configuration
# Basic default values:
inventory = $HOME/ansible/hosts

# Uncomment this to disable SSH key host checks
#host_key_checking = False

# Default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root

# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
ask_vault_pass = True
ansible_vault_password_file = $HOME/ansible/vault.yml


Ansible inventory holds aliases for all managed hosts organized in groups. The default inventory file name is hosts. It is expected to reside in the ~/ansible directory.

With ansible_user and ansible_port it is possible to override the target host's default connection port (22/TCP by default) and remote user. The ansible_host variable specifies the host/IP when it differs from the inventory alias.

The first two lines explicitly set the Ansible Python interpreter for all hosts in the inventory. Ansible attempts to detect the Python interpreter [1] but setting it explicitly makes the process safer.

Example inventory describing two host groups ("servers" and "workstations") configured to use the /usr/bin/python3.7 Python interpreter:

FILE ~/ansible/hostsSample inventory file
myserver02 ansible_user=larry
myserver03 ansible_host=
evapc ansible_user=larry ansible_port=9000
joepc ansible_user=larry
mypc ansible_user=larry ansible_connection=local


By default, Ansible assumes SSH keys (leveraging ssh-agent or similar) being used to connect to the managed hosts.

It is also possible to use username and password, although this method requires encryption prior storing the credentials. Ansible provides the ansible-vault tool enabling manipulation with encrypted data.

Create an Ansible vault file for the credentials. Invoking the ansible-vault asks for a passphrase. This passphrase is used to encrypt and decrypt content of the ~/ansible/vault.yml file:

user $ansible-vault create ~/ansible/vault.yml

The vault file contains the credentials used to authenticate to the managed hosts:

FILE ~/ansible/vault.ymlExample of ansilbe-vault credentials
username: larry
password: gentoo linux rocks and I am a cow

Content of the encrypted ~/ansible/vault.yml file:

user $less ~/ansible/vault.yml

Gentoo-specific roles

The Gentoo Ansible project, though now marked as "OBSOLETE", contains over 40 Ansible roles created specifically for Gentoo.

Using Portage via Ansible

It is possible to run portage on an Ansible managed host using the portage module in Ansible's community.general collection.


Check if Ansible can manage remote machine with given user:

user $ansible evapc -u larry -m ping

Get info from remote machine, what can be used later in Ansible playbooks:

user $ansible evapc -u larry -m setup

Run emerge --sync on evapc under larry via sudo:

user $ansible evapc -s -u larry -m command -a "emerge --sync"
Option Description
-u Specifies the user, if absent Ansible will search in your inventory file for default user associated to the given host, if not any it will use the default specified in the /etc/ansible/ansible.cfg file, if there is no such an entry it will use the current username.
-m Specifies the module to be invoked.
-a Specifies the arguments to passed to the module.

The ansible-doc command can be used to read module documentation. For example, to list available modules:

user $ansible-doc -l

To print out info about the ping module:

user $ansible-doc ping

Ad-hoc commands

Although Ansible provides means for composing and running complex configurations using Ansible playbooks, there is always a possibility to execute an one-off task.

For example, restarting all hosts in a host group named "workstations" can be performed as simply as:

user $ansible workstations -a '/sbin/reboot'

The previous example used the default Ansible module called "command". There is also module providing shell capabilities named "shell". It can be invoked as:

user $ansible workstations -m shell -a 'date >> /tmp/stamp.log'



  • Puppet — a configuration management system written in Ruby.
  • Rex — a configuration automation framework written in Perl known for its shallow learning curve and ease of extensibility
  • Sparrow an automation framework written in Raku.
  • dsh — a shell that allows parallel execution of remote commands across large numbers of servers
  • Chef
  • Salt

External resources