What is Ansible and how does it work?25 September 2022 · Filed in Platform Infrastructure
Configuration management gives your servers roles and profiles.
Ansible provides a way to write code to configure your servers and environments in a repeatable way.
Having multiple environments, this enables development to be the same as production, so you know that software tested in development will work exactly the same, regardless of which environment it is install in, including production.
Ansible is idempotent and can be used in an immutable way, allowing the servers to build themselves at boot up so that we can scale fast and recover quickly from failure.
A simple playbook
You can start with a very basic all in one file playbook.
This includes an inventory, vars and tasks.
The above snippet,
- defines the inventory
- defines some vars or variables
- updates your server with the current patches and security fixes
- creates a user and adds them to the
wheelgroup enabling sudo
- enables passwordless (ssh key) login for the user
- Then logs in using that newly created user to disable root login over SSH
- Finally defines a handler to refresh sshd config by restarting
In a bigger project, you would use Ansible’s Roles to define a series of tasks (like above) that are related.
For instance you would normally have a
common role, together with some personality specific roles like
Each role has a well defined directory structure
common/ # this hierarchy represents a "role" tasks/ # main.yml # <-- tasks file can include smaller files handlers/ # main.yml # <-- handlers file templates/ # <-- files for use with the template resource ntp.conf.j2 # <------- templates end in .j2 files/ # bar.txt # <-- files for use with the copy resource foo.sh # <-- files for use with the script resource vars/ # main.yml # <-- variables associated with this role defaults/ # main.yml # <-- default lower priority variables meta/ # main.yml # <-- role dependencies library/ # roles can also include custom modules
Ansible also has the concept of inventories, which enable you to build and categorise a list of servers, which in turn will have the roles run on them. This is normal where there is a ‘controller’ or ‘controltower’ to ensure the servers are configured regularly on a schedule.
We use the inventory to run the ansible locally, where the server reads the
tags from a cloud providers meta data, to
understand what role it should configure itself with.
In this way we can build a short lived immutable server, that configures itself on boot, by downloading the Ansible code, combining with configuration tags and running the playbook against itself.
If you found this useful, subscribe to updates and look out for my YouTube channel content.
Want to know more? Come ask me questions. You can find me on Slack.Previous Post: How to deal with Imposter syndrome? Next Post: How would you like your container served? Tags: ansible · devops · servers