What do you think Ansible is? If you’ve ever wished you could control all your servers the way you control your TV with a single remote, that’s exactly what Ansible does for IT infrastructure. Instead of logging into each machine and running commands manually, Ansible lets you automate everything from one place—like magic!
Why Do We Need It?
Imagine you have 10 servers and need to install the same software on all of them. Doing it one by one would take hours. Ansible solves this by letting you write a simple set of instructions (called a playbook) and apply it to all servers at once. No agents, no complicated setup—just automation made easy.
What is Ansible?
Ansible is an open-source automation tool that helps you manage and configure multiple systems at once without having to log into each machine individually. It’s widely used for configuration management, application deployment, and orchestration.
Key Features
- Agentless: No need to install software on managed machines.
- Uses YAML: Playbooks are written in a human-readable format.
- Idempotent: Running the same playbook multiple times without changing the result after the first time.
In the key features we have mentioned managed machines. What does that exactly mean?
- Control Node (or Control Machine) This is the system where Ansible is installed and from which you run your automation tasks (playbooks, ad-hoc commands). It acts as the central point of control.
- Managed Nodes (or Managed Machine) These are the target systems that Ansible configures or automates. They don’t need Ansible installed—just connectivity (SSH or WinRM) and basic dependencies like Python.
Passwordless Authentication in Ansible
Before Ansible can manage remote servers, it meeds a way to login to them automatically.
This is where passwordless authentication becomes essential.
What is Passwordless Authentication?
Passwordless authentication means logging into the remote server without typing a password evertime.
Instead of using passwords, we use SSH key-based authentication.
A private key stays on the Ansible control node
A public key is copied to managed nodes
When ansible connects, SSH checks the key and allows access automatically.
Why does ansible need Passwordless Authentication?
Ansible is an automation tool.
Imagine this situation:
You run an Ansible playbook on 10 servers
SSH asks for a password for each server
That breaks automation.
How does it work?
1) You generate an SSH key pair on the control node
ssh-keygen
This creates:
Private key:
~/.ssh/id_rsaPublic key:
~/.ssh/id_rsa.pub
Never share your private key.
2) Copy SSH Key to managed node
Use ssh-copy-id to copy the public key:
ssh-copy-id user@remote_server_ip
Example:
ssh-copy-id ubuntu@192.168.2.10
You'll be asked for the password one last time (ubuntu user's password on 192.168.2.10).
This allows ssh-copy-id to append you public key to /home/ubuntu/.ssh/authorized_keys
After this, the server trusts your control node.
3) Test Passwordless login
ssh user@remote_server_ip
If you can login without being prompted for a password, passwordless authentication is working.
Note: Make sure remote server has password login disabled in etc/ssh/sshd_config
Ansible inventory
When working with Ansible, the inventory is the backbone of automation. It’s essentially a list of machines (hosts) that Ansible will manage. Think of it as your address book for servers.
Hosts File
In Ansible, the inventory file is often called the "hosts file"
By default, Ansible looks for this file at:
/etc/ansible/hosts
But you can also create your own custom inventory file, for example:
inventory.ini
hosts.ini
production.ini
Then run ansible like this:
ansible -i inventory.ini all -m ping
Inventory file formats
1) Basic Inventory file
192.168.2.13
192.168.2.14
This tells ansible to manage these two servers.
2) Using Hostnames Instead of IPs
web1.example.com
web2.example.com
db1.example.com
As long as DNS works, Ansible can connect using hostnames.
3) Grouped inventory
[webservers]
web1.example.com
web2.example.com
[dbservers]
db1.example.com
db2.example.com
Groups let you organize servers by role or purpose.
Now you can run tasks only on web servers or only on database servers
Example:
ansible -i inventory.ini webservers -m ping
Ansible Ad-hoc commands
Before writing full playbooks, Ansible allows you to run quick, one-line commands called ad-hoc commands.
Ad-hoc commands are perfect for:
Quick checks
Simple tasks
One-time operations
Basic syntax
ansible <hosts> -m <module> -a "<arguments>"
Examples:
#Testing the connectivity with ping
ansible -i inventory.ini all -m ping
ansible -i inventory.ini web -m shell -a "ls -ltr"
For modules please refer the official documentation of Ansible
Builtin modules
Writing your first Ansible Playbook
A playbook is a YAML file that defines which hosts to target, what tasks to run and in what order.
Playbook Structure
A basic playbook has:
Hosts
Become (optional)
Tasks
First Playbook Example
Create a file called first-playbook.yml
---
- name: Install and start Nginx on all servers
hosts: webservers
become: true
tasks:
- name: Install nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Start nginx service
service:
name: nginx
state: started
enabled: yes
Explanation
hosts: webservers - Targets the webservers group from inventory
become: true - Runs tasks with sudo
Each task has a name, uses a module and defines the desired state
Run the Playbook
ansible-playbook -i inventory.ini first-playbook.yml
This first playbook is just the beginning - automation gets easier and more powerful with every step forward.
Top comments (0)