Ansible Sysadmin Ad-Hoc Tasks
This lesson covers the ad-hoc commands that experienced Ansible practitioners reach for every day. These are practical, immediately applicable commands for package management, file operations, service control, user management, and information gathering — the core tasks of any sysadmin role.
Package Management
Install a package on all web servers:
ansible webservers -i inventory.ini -m apt -a "name=nginx state=present" -b
Remove a package:
ansible webservers -i inventory.ini -m apt -a "name=nginx state=absent" -b
Update the package cache and upgrade all packages:
ansible all -i inventory.ini -m apt -a "update_cache=yes upgrade=dist" -b
On RHEL/CentOS systems, replace the apt module with yum or dnf. The arguments remain identical — same module interface, different underlying package manager.
Service Management
Start, stop, restart, and check the status of services:
ansible webservers -i inventory.ini -m service -a "name=nginx state=started" -b ansible webservers -i inventory.ini -m service -a "name=nginx state=stopped" -b ansible webservers -i inventory.ini -m service -a "name=nginx state=restarted" -b ansible webservers -i inventory.ini -m service -a "name=nginx enabled=true state=started" -b
The enabled=true argument ensures the service starts automatically on system boot — a common omission that causes puzzling failures after server reboots.
File Operations
Copy a file to managed nodes:
ansible all -i inventory.ini -m copy -a "src=/local/path/file.conf dest=/etc/app/file.conf owner=root mode=0644" -b
Create a directory:
ansible all -i inventory.ini -m file -a "path=/var/app/logs state=directory owner=www-data mode=0755" -b
Delete a file:
ansible all -i inventory.ini -m file -a "path=/tmp/old-config.conf state=absent" -b
Fetch a file from a managed node back to the control node:
ansible web01 -i inventory.ini -m fetch -a "src=/var/log/nginx/error.log dest=/local/logs/ flat=yes"
Running Shell Commands
The command module runs a command without a shell (no pipes, redirects, or environment variables):
ansible all -i inventory.ini -m command -a "uptime" ansible all -i inventory.ini -m command -a "df -h" ansible all -i inventory.ini -m command -a "free -m"
The shell module runs commands through a shell, enabling pipes and redirects:
ansible all -i inventory.ini -m shell -a "ps aux | grep nginx | wc -l"
Prefer command over shell when you do not need shell features — it is faster and avoids shell injection risks.
User and Group Management
Create a user:
ansible all -i inventory.ini -m user -a "name=deploy shell=/bin/bash groups=sudo state=present" -b
Set a user's password (use an encrypted hash, never a plaintext password):
ansible all -i inventory.ini -m user -a "name=deploy password={{ 'mypassword' | password_hash('sha512') }}" -bCreate a group:
ansible all -i inventory.ini -m group -a "name=webadmins state=present" -b
Gathering System Information
Display disk usage on all hosts:
ansible all -i inventory.ini -m command -a "df -h /"
Check memory on all hosts:
ansible all -i inventory.ini -m command -a "free -m"
Show kernel version:
ansible all -i inventory.ini -m command -a "uname -r"
Find a specific fact with setup module:
ansible all -i inventory.ini -m setup -a "filter=ansible_memory_mb"
Rebooting Managed Nodes
The reboot module gracefully reboots nodes and waits for them to come back online before reporting success:
ansible all -i inventory.ini -m reboot -b
This is significantly safer than running sudo reboot via the shell module, which can leave Ansible hanging if the connection closes before the success response is returned.
Running Commands in Parallel
By default, Ansible runs against five hosts simultaneously. Increase parallelism with the -f (forks) flag:
ansible all -i inventory.ini -m ping -f 20
This runs the ping against twenty hosts in parallel. Be careful with high fork counts for operations that generate significant load on managed nodes or the control node.
Try This: Sysadmin Scenario
Your manager has just informed you that all web servers need the curl package installed, the Nginx service must be confirmed running, and a file called MAINTENANCE_COMPLETE.txt should be placed in /tmp/ with today's date as its content. Complete all three tasks using three ad-hoc commands. Do not use a playbook — this is a speed drill in ad-hoc command syntax.
Summary
Ad-hoc commands cover the full range of daily sysadmin operations: package installation, service management, file operations, user management, and information gathering. The command and shell modules provide escape hatches for arbitrary commands when no dedicated module exists. Parallelism through the forks setting allows efficient operation against large fleets. Mastering these commands builds the practical instinct that makes playbook writing feel natural.