Ansible

Automate server configuration, application deployment, and infrastructure management over SSH with Ansible playbooks on Linux.

Ansible
What Ansible Does and When to Use It
How to Install Ansible
Core Concepts of Ansible
Ansible Inventory
Ansible Playbooks
Ansible Modules
Ansible Roles
Common Tasks with Ansible
How to Run an Ad-Hoc Command with Ansible
How to Write a Basic Ansible Playbook
How to Test a Playbook Without Making Changes (Dry Run)
Ansible Troubleshooting
Related Tools and Guides

Ansible

Ansible is an agentless automation tool that manages server configuration, application deployment, and orchestration by executing tasks over SSH using declarative YAML playbooks on Linux, macOS, and Windows targets.

What Ansible Does and When to Use It

Ansible connects to remote servers via SSH (or WinRM for Windows), executes tasks defined in YAML playbooks, and enforces the desired system state. Unlike Chef or Puppet, Ansible requires no agent software on managed hosts — it pushes commands over standard SSH connections. This makes initial setup trivial: if you can SSH into a server, you can manage it with Ansible.

Ansible uses a push-based model by default. The control node (where Ansible runs) initiates connections to managed nodes (target servers). Playbooks describe the desired state — which packages to install, which services to run, which files to deploy. Ansible modules handle the implementation details and report whether changes were made (changed), already correct (ok), or failed (failed).

Ansible is not designed for real-time monitoring or event-driven responses. Use Ansible for provisioning, configuration management, and scheduled maintenance. For continuous monitoring, use tools like Prometheus or Nagios. For official documentation, see docs.ansible.com.

How to Install Ansible

Install Ansible on the control node only — managed hosts need only Python 3 and SSH.

=== "Ubuntu / Debian"

sudo apt update
sudo apt install ansible

=== "pip (any platform)"

pip install ansible

=== "RHEL / CentOS / Fedora"

sudo dnf install ansible-core

Verify the installation:

ansible --version

Core Concepts of Ansible

Ansible Inventory

The inventory file defines which hosts Ansible manages. Hosts can be listed individually or grouped. The default inventory file is /etc/ansible/hosts, but project-specific inventories are preferred. Inventory supports INI and YAML formats, static files and dynamic scripts.

Ansible Playbooks

A playbook is a YAML file that defines one or more "plays." Each play targets a group of hosts and contains a list of tasks. Each task calls an Ansible module (e.g., apt, copy, service, template) with parameters. Playbooks are idempotent — running the same playbook twice produces the same result without unintended side effects.

Ansible Modules

Modules are the units of work in Ansible. Each module performs a specific action: apt installs packages on Debian-based systems, yum or dnf on RHEL-based systems, copy transfers files, template renders Jinja2 templates, service manages systemd services. Ansible ships with thousands of built-in modules.

Ansible Roles

A role is a structured collection of tasks, handlers, variables, templates, and files organized into a standard directory layout. Roles make playbooks reusable and composable. Ansible Galaxy hosts community-contributed roles that can be installed with ansible-galaxy install.

Common Tasks with Ansible

How to Run an Ad-Hoc Command with Ansible

Ansible executes a single module on remote hosts without a playbook. Ping all hosts in the inventory to verify connectivity:

ansible all -m ping

Check disk space on web servers:

ansible webservers -a "df -h"

How to Write a Basic Ansible Playbook

A playbook installs Nginx and ensures it runs on all web servers:

---
- name: Install and start Nginx
  hosts: webservers
  become: true
  tasks:
    - name: Install Nginx package
      apt:
        name: nginx
        state: present
        update_cache: true

    - name: Start and enable Nginx service
      service:
        name: nginx
        state: started
        enabled: true

Run the playbook:

ansible-playbook -i inventory.ini site.yml

How to Test a Playbook Without Making Changes (Dry Run)

Ansible's --check flag simulates execution without modifying the target hosts. Add --diff to see what would change:

ansible-playbook --check --diff site.yml

Ansible Troubleshooting

Error / Symptom	Cause	Fix
`UNREACHABLE! host is unreachable`	SSH connection failed — wrong host, key, or port	→ Full article
`MODULE FAILURE: No module named 'apt'`	Target host lacks Python or the required module	→ Full article
`Permission denied` during task execution	`become: true` is missing or sudo is not configured on the target	→ Full article
Tasks show "changed" on every run (not idempotent)	Using `shell` or `command` modules without conditions	→ Full article

Related Tools and Guides

SSH is the transport layer Ansible uses to connect to managed hosts. See the SSH article.

systemd services are managed by Ansible's service and systemd modules. See the systemd article.