Ansible troubleshooting tips

Last updated Wed 20 Dec 2017

Setting file/directory permissions

When using the File module, the documentation warnings about missing off the leading zero for mode, but if you’re using setuid or setgid, you also need to surround the octal number with quotes, otherwise you’ll get unpredictable results.  Write it like this:

- name: Create docroot ({{ docroot }})
    path: "{{ docroot }}"
    state: directory
    owner: www-data
    group: www-data
    # the leading 2 means set group ID
    mode: "2775"
  become: true

Debugging failing Git connections

When using the Git module, if the command hangs without an error, use the --verbosecommand line switch when running the playbook, and set a low timeout for the task using async so it finishes quickly.  It might be you are connecting the wrong way (e.g. via https when you should be using SSH) or that the server’s SSL certificate needs to be approved.

More about async and poll settings

Variable expansion syntax

You have a variable called {{ current_site }}, which matches a key in {{ websites }}.  How do you write that? i.e. what’s the YML/Ansible equivalent of PHP’s {$foo}?  AnswerL use square brackets, not extra {{ }}


{{ websites[current_site].git_branch }}


Note there’s a difference between --ask-pass (for standard SSH) and --ask-become-pass(for sudo) and also that --ask-sudo-pass is deprecated.

SSH passwords in the user module need to be supplied as a hash.  MySQL DB passwords are plaintext.

Nested loops

Having everything called {{ item }} gets ambiguous/messy and you’ll get a warning.  Use loop_control and loop_var to give one list of with_items another name.  Ansible docs

Deprecation warnings

(These aren’t always very well documented.)

[defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths . This feature will
be removed in version 2.8.

Fix is to edit ansible.cfg and change the following (ie. hostfile -> inventory):

#hostfile = ./inventory/common/allhosts
inventory = ./inventory/common/allhosts

Then the error will go away.

See also:

Find where you ansible.cfg file is

run "ansible --version"

 config file = /Users/foo/.ansible.cfg

Note how on a Mac it may begin with a period (.)

AWS (Amazon Web Services) modules


  • note that although there is now an s3_sync module, it currently (Ansible v only supports push mode (i.e. uploading files TO amazon, not downloading from it to a local device).   However, you can easily use the AWS CLI command in either direction – and because it’s a sync command, it’s idempotent.
aws s3 sync [--delete] s3://mybucket/path/ /path/on/local/server/