Ansible is an open-source IT automation tool that lets you configure systems, deploy applications, and orchestrate infrastructure using simple, human-readable configuration files — without installing any agent software on the machines you manage.
Ansible is an agentless automation platform developed by Red Hat. It uses SSH (or WinRM for Windows) to connect to remote hosts and execute tasks defined in files called Playbooks. Because no agent is required on managed nodes, setup is minimal and the attack surface is small.
Manual server configuration is slow, error-prone, and hard to reproduce. Ansible enforces consistency by codifying infrastructure as version-controlled YAML files, enabling teams to apply the same configuration to hundreds of servers in minutes. This principle is known as Infrastructure as Code (IaC).
An Inventory is a list of managed hosts, grouped logically (e.g., web servers, databases). A Playbook is a YAML file containing one or more Plays, each targeting a host group and running ordered Tasks. Tasks call Modules — small, idempotent units of work such as 'apt', 'copy', or 'service' — that perform a single action on the remote host.
When you run a Playbook, the Ansible control node reads the inventory, connects to each target host over SSH, and pushes temporary Python scripts (compiled from modules) to the remote machine. These scripts execute, report their result back, and are then deleted. The entire process is stateless and requires only Python on the managed node.
Ansible modules are designed to be idempotent, meaning running the same Playbook multiple times produces the same end state without unintended side effects. For example, the 'apt' module installs a package only if it is not already present. Always rely on built-in modules rather than raw shell commands, since shell commands are not inherently idempotent and can cause drift.
Organise reusable logic into Roles, which are a standardised directory structure for grouping tasks, variables, templates, and handlers. Store sensitive values like passwords using Ansible Vault, which encrypts secrets at rest within your repository. Avoid using 'become: yes' (sudo) globally — apply privilege escalation only to tasks that genuinely require it to follow the principle of least privilege.
© RM Full Stack & AI Engineer · All guides · Roadmaps · Open the app