Ansible Documentation
What is Ansible?
Ansible is an open-source IT automation tool developed by Red Hat. It uses a simple, human-readable language (YAML) to describe automation jobs called playbooks. Unlike other configuration management tools, Ansible is agentless — it communicates with remote hosts over SSH (Linux) or WinRM (Windows), requiring no extra software installed on the target machines.
Key Features
- 🚀 Agentless - No agent software needed on managed nodes
- 📝 Simple YAML Syntax - Human-readable playbooks
- 🔁 Idempotent - Running the same playbook multiple times has the same result
- 🔧 Extensible - Thousands of built-in modules and community collections
- 🔐 Secure - Uses SSH for communication, supports Vault for secrets
- 📦 Reusable - Roles allow sharing and reusing automation logic
Architecture Overview
Control Node
The machine where Ansible is installed and playbooks are run from. Can be any Linux/macOS machine. Windows is not supported as a control node.
Managed Nodes
The remote servers or devices that Ansible manages. No Ansible installation required — only Python and SSH access needed.
Inventory
A list of managed nodes (hosts and groups). Can be a static file (INI or YAML) or dynamically generated from cloud providers, CMDB, etc.
Playbooks
YAML files describing the desired state of managed nodes. Contains a list of plays, each targeting a group of hosts and executing a series of tasks.
Modules
Units of code executed by Ansible on managed nodes. Over 3,000 built-in modules cover everything from files and packages to cloud APIs and databases.
Roles
A structured way to organize playbooks, variables, files, templates, and handlers into reusable, shareable units of automation.
Installation
Install on Ubuntu/Debian
# Update apt and add Ansible PPA
sudo apt update
sudo apt install -y software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
# Install Ansible
sudo apt install -y ansible
# Verify installation
ansible --versionInstall on RHEL/CentOS/Rocky Linux
# Enable EPEL repository
sudo dnf install -y epel-release
# Install Ansible
sudo dnf install -y ansible
# Verify installation
ansible --versionInstall via pip (All platforms)
# Install pip if not present
sudo apt install -y python3-pip # Debian/Ubuntu
sudo dnf install -y python3-pip # RHEL/CentOS
# Install Ansible via pip
pip3 install ansible
# Install specific version
pip3 install ansible==8.0.0
# Install Ansible community collections
ansible-galaxy collection install community.generalVerify Installation
ansible --version
# ansible [core 2.16.x]
# ...
ansible-playbook --version
ansible-galaxy --versionInventory Configuration
Static Inventory (INI format)
# /etc/ansible/hosts or ./inventory/hosts
[webservers]
web1.example.com
web2.example.com ansible_user=ubuntu
[dbservers]
db1.example.com ansible_host=192.168.1.10 ansible_port=22
db2.example.com
[loadbalancers]
lb1.example.com
# Group of groups
[production:children]
webservers
dbservers
loadbalancers
# Variables for a group
[webservers:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/id_rsa
http_port=80Static Inventory (YAML format)
# inventory/hosts.yml
all:
children:
webservers:
hosts:
web1.example.com:
ansible_user: ubuntu
web2.example.com:
ansible_user: ubuntu
http_port: 8080
dbservers:
hosts:
db1.example.com:
ansible_host: 192.168.1.10
ansible_user: postgres
vars:
db_port: 5432
loadbalancers:
hosts:
lb1.example.com:Test Inventory Connectivity
# Ping all hosts
ansible all -m ping
# Ping specific group
ansible webservers -m ping
# List all hosts in inventory
ansible all --list-hosts
# Show inventory in graph format
ansible-inventory --graphAnsible Configuration
ansible.cfg
# ansible.cfg
[defaults]
inventory = ./inventory/hosts.yml
remote_user = ubuntu
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
retry_files_enabled = False
stdout_callback = yaml
gathering = smart
# Performance tuning
forks = 20
pipelining = True
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = TrueAd-hoc Commands
Run single tasks quickly without writing a full playbook:
Basic Syntax
ansible <host-pattern> -m <module> -a "<arguments>"Common Ad-hoc Commands
# Ping all hosts
ansible all -m ping
# Run a shell command
ansible webservers -m shell -a "uptime"
# Get system facts
ansible web1.example.com -m setup
# Copy a file
ansible webservers -m copy -a "src=/local/file dest=/remote/file"
# Install a package (apt)
ansible webservers -m apt -a "name=nginx state=present" -b
# Install a package (yum/dnf)
ansible dbservers -m dnf -a "name=postgresql state=present" -b
# Start and enable a service
ansible webservers -m service -a "name=nginx state=started enabled=yes" -b
# Restart a service
ansible webservers -m service -a "name=nginx state=restarted" -b
# Create a directory
ansible all -m file -a "path=/opt/myapp state=directory owner=ubuntu mode=0755" -b
# Fetch a file from remote
ansible web1 -m fetch -a "src=/var/log/nginx/error.log dest=/tmp/logs/"
# Reboot hosts
ansible production -m reboot -bCore Concepts Summary
- Inventory - Defines the hosts and groups Ansible manages
- Playbooks - YAML automation scripts describing desired state
- Tasks - Individual units of work within a play
- Modules - Pre-built code blocks for specific operations
- Variables - Dynamic values used in playbooks and templates
- Handlers - Tasks triggered only when notified by other tasks
- Templates - Jinja2-based dynamic configuration files
- Roles - Structured, reusable collections of automation logic
- Vault - Encrypted storage for secrets and sensitive data
- Galaxy - Community hub for sharing roles and collections
ansible-playbook --check (dry-run) and --diff flags before applying changes in production to preview what will be modified.
Next Steps
Continue learning with our detailed guides:
- Playbooks - Write powerful automation scripts with tasks, variables, and handlers
- Roles & Modules - Organize and reuse automation with roles and built-in modules