Ansible
Ansible lets you manage hundreds of servers by writing instructions in simple text files instead of logging into each one manually. You describe the state you want (“install Nginx, copy this config file, make sure the service is running”) and Ansible makes it happen on all your servers at once. It connects over SSH, so there is nothing to install on the target servers. It is the most popular tool for automating server setup and maintenance.
Ansible is an agentless IT automation platform that uses SSH (Linux) or WinRM (Windows) to configure systems, deploy software, and orchestrate workflows. Written in Python, maintained by Red Hat.
Core concepts:
- Inventory: list of managed hosts, grouped by role or environment (INI or YAML format)
- Playbook: YAML file containing ordered lists of tasks to execute on specified hosts
- Task: a single action using a module (e.g., install a package, copy a file, restart a service)
- Module: reusable unit of work (1000+ built-in:
apt,yum,copy,template,service,docker_container) - Role: reusable, self-contained collection of tasks, templates, files, and variables (similar to a library)
- Facts: system information automatically gathered from managed hosts (OS, IP, CPU, memory)
Key properties:
- Agentless: no software installed on managed nodes; uses SSH
- Idempotent: running a playbook multiple times produces the same result. Ansible checks current state before making changes.
- Declarative: you describe the desired state, not the steps to get there
- Push-based: the control node pushes configuration to managed nodes (vs. pull-based tools like Puppet/Chef)
Ansible vs. alternatives:
| Tool | Agent | Language | Approach |
|---|---|---|---|
| Ansible | No (SSH) | YAML | Push, declarative |
| Terraform | No (API) | HCL | Push, declarative (infrastructure) |
| Puppet | Yes | Ruby DSL | Pull, declarative |
| Chef | Yes | Ruby DSL | Pull, imperative |
Ansible playbook for web server setup
# inventory.yml
all:
children:
webservers:
hosts:
web-01: { ansible_host: 10.0.1.10 }
web-02: { ansible_host: 10.0.1.11 }
databases:
hosts:
db-01: { ansible_host: 10.0.2.10 }# playbook.yml
- name: Configure web servers
hosts: webservers
become: true
tasks:
- name: Install Nginx
apt:
name: nginx
state: present
update_cache: true
- name: Deploy site config
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/sites-available/default
notify: Restart Nginx
- name: Ensure Nginx is running
service:
name: nginx
state: started
enabled: true
handlers:
- name: Restart Nginx
service:
name: nginx
state: restarted# Run the playbook
$ ansible-playbook -i inventory.yml playbook.yml
PLAY [Configure web servers] *****
TASK [Install Nginx] *************
changed: [web-01]
changed: [web-02]
TASK [Deploy site config] ********
changed: [web-01]
changed: [web-02]
PLAY RECAP ***********************
web-01: ok=3 changed=2 failed=0
web-02: ok=3 changed=2 failed=0Ansible is the most widely adopted automation tool in IT operations. It handles everything from initial server provisioning to ongoing configuration management to application deployment. In homelab environments, Ansible playbooks automate Proxmox VM creation, Docker stack deployment, and system hardening across all hosts. Enterprise teams use Ansible Tower/AWX (the web UI and API layer) for role-based access control, job scheduling, and audit logging. The “infrastructure as code” philosophy means your entire server configuration lives in version-controlled YAML files, reviewable and reproducible. Ansible Galaxy provides community-contributed roles for common tasks (Docker installation, Let’s Encrypt certificates, monitoring setup), reducing the need to write playbooks from scratch.