Quick Summary: Ansible is an open-source automation tool that lets you configure servers, deploy applications, and orchestrate complex workflows from a single control machine β without installing agents on managed servers. It uses SSH for communication and YAML for configuration, making it the most approachable automation tool for Linux administrators in 2026.
What Is Ansible?
Ansible is an agentless automation platform created by Michael DeHaan and acquired by Red Hat in 2015. Unlike tools like Puppet or Chef that require agent software on every managed server, Ansible connects via standard SSH and executes tasks remotely. This agentless architecture means you can start automating within minutes β if you can SSH to a server, you can automate it with Ansible.
Ansible uses YAML (Yet Another Markup Language) for its configuration files called playbooks, making them human-readable even for people who have never used automation tools before.
Why Choose Ansible?
| Feature | Ansible | Puppet | Chef |
|---|---|---|---|
| Agent required | No (agentless, SSH) | Yes (puppet-agent) | Yes (chef-client) |
| Language | YAML (declarative) | Puppet DSL | Ruby DSL |
| Learning curve | Low | Medium | High |
| Architecture | Push-based | Pull-based | Pull-based |
| Idempotent | Yes | Yes | Yes |
| Community | Very large | Large | Medium |
Installing Ansible
Ansible runs on the control node (your workstation or a management server). Managed servers need only SSH access and Python.
- Debian/Ubuntu:
sudo apt install ansible - RHEL/AlmaLinux/Rocky:
sudo dnf install ansible-core - Via pip (any system):
pip3 install ansible - Verify:
ansible --version
Key Concepts
| Concept | Description |
|---|---|
| Control Node | Machine where Ansible runs (your workstation) |
| Managed Nodes | Servers being configured (require SSH + Python) |
| Inventory | File listing managed servers and groups |
| Playbook | YAML file defining automation tasks |
| Task | Single action (install package, copy file, etc.) |
| Module | Built-in function for specific operations |
| Role | Reusable collection of tasks, files, and variables |
| Handler | Task triggered by changes (e.g., restart service after config change) |
Creating Your First Inventory
The inventory file defines which servers Ansible manages. Create /etc/ansible/hosts or a project-specific inventory file:
- Define server groups with meaningful names:
[webservers],[databases],[monitoring] - List servers by hostname or IP under each group
- Set variables per host or per group (SSH user, port, Python path)
- Use
[all:vars]for variables that apply to every server
Testing Connectivity
After creating your inventory, test that Ansible can connect to all servers:
ansible all -m pingβ Ping all servers in inventoryansible webservers -m pingβ Ping only the webservers group
Writing Your First Playbook
Playbooks are YAML files that describe automation tasks. A basic playbook structure includes:
- Target hosts β Which servers to configure
- Become (sudo) β Whether to run tasks with elevated privileges
- Tasks β Ordered list of actions to perform
Common Modules for Server Administration
| Module | Purpose | Example Use |
|---|---|---|
apt / dnf | Package management | Install nginx, update all packages |
copy | Copy files to remote | Deploy configuration files |
template | Deploy Jinja2 templates | Dynamic config with variables |
service | Manage system services | Start, stop, restart, enable |
user | Manage user accounts | Create users, set SSH keys |
file | Manage files and directories | Set permissions, create dirs |
firewalld / ufw | Manage firewall rules | Open ports, allow services |
cron | Manage cron jobs | Schedule automated tasks |
command / shell | Run arbitrary commands | Custom scripts (use sparingly) |
Practical Playbook Examples
1. Secure Server Initial Setup
A playbook that performs initial server hardening:
- Update all packages to latest versions
- Install essential security tools (fail2ban, unattended-upgrades)
- Configure SSH with hardened settings
- Set up firewall rules
- Create admin user with SSH key
2. Web Server Deployment
A playbook that sets up a web server:
- Install web server package (NGINX or Apache)
- Deploy virtual host configuration from template
- Copy website files to document root
- Enable and start the service
- Open firewall ports 80 and 443
Variables and Templates
Variables make playbooks reusable across different environments:
- Inventory variables β Set per host or group in inventory file
- Playbook variables β Defined in the playbook
vars:section - External variable files β Loaded with
vars_files: - Ansible Vault β Encrypt sensitive variables (passwords, API keys):
ansible-vault encrypt vars/secrets.yml
Roles: Reusable Automation
Roles organize complex automation into reusable components. A role bundles tasks, handlers, templates, files, and variables into a standard directory structure:
tasks/main.ymlβ The main list of taskshandlers/main.ymlβ Handlers triggered by taskstemplates/β Jinja2 template filesfiles/β Static files to copyvars/main.ymlβ Role variablesdefaults/main.ymlβ Default variable values
Ansible Galaxy provides thousands of community roles: ansible-galaxy install geerlingguy.nginx
Ansible Best Practices
- Use roles for anything reusable across projects
- Use Ansible Vault for all sensitive data β never store passwords in plain text
- Test in staging before running on production β use
--checkfor dry runs - Use tags to selectively run parts of playbooks:
ansible-playbook site.yml --tags "nginx" - Keep inventory organized by environment:
inventories/production/,inventories/staging/ - Version control your playbooks β treat infrastructure as code
- Use handlers to restart services only when configuration actually changes
Frequently Asked Questions
Does Ansible require agent software on managed servers?
No. Ansible is agentless β it connects via SSH and requires only Python on the managed server. Most Linux distributions include Python by default, so Ansible works immediately without installing anything on managed servers.
What is the difference between Ansible and Terraform?
Ansible is a configuration management tool β it configures and manages existing servers (install packages, deploy apps, set up services). Terraform is an infrastructure provisioning tool β it creates and destroys cloud resources (VMs, networks, storage). Many teams use both: Terraform to create infrastructure, then Ansible to configure it.
How do I handle sensitive data like passwords?
Use Ansible Vault to encrypt sensitive variable files: ansible-vault encrypt secrets.yml. Run playbooks with --ask-vault-pass or --vault-password-file. Never commit unencrypted passwords to version control.
Can Ansible manage Windows servers?
Yes. Ansible manages Windows servers via WinRM (Windows Remote Management) instead of SSH. Windows modules include win_package, win_service, win_copy, and more. The control node must still be Linux or macOS.
Related Resources
- Ansible Automation: From Zero to Production β Complete eBook
- Linux Automation with Cron, Systemd & Scripts β Complementary automation
- Browse all 205+ free IT cheat sheets
