Ansible Training - Configuration Management & Automation

Overview

Ansible is an open-source automation platform that simplifies configuration management, application deployment, and task automation. Using a simple, human-readable language (YAML), Ansible enables you to describe your infrastructure as code and automate complex IT workflows without requiring agents on managed nodes.

Ansible Fundamentals

Understanding Ansible's architecture and core concepts is essential for effective automation.

Architecture - Control node, managed nodes, agentless communication via SSH
Ad-hoc Commands - Quick tasks with ansible command-line
Modules - Built-in modules for files, packages, services, cloud, and more
YAML Syntax - Writing readable automation code

Inventories

Inventories define the hosts and groups that Ansible manages, supporting both static and dynamic inventory sources.

Static Inventory - INI and YAML format host definitions
Dynamic Inventory - AWS, Azure, GCP, and custom inventory scripts
Host Groups - Organizing hosts for targeted automation
Host Variables - Per-host and per-group variable definitions

                        
# inventory.yml - Dynamic inventory example
all:
  children:
    webservers:
      hosts:
        web1.example.com:
          http_port: 80
        web2.example.com:
          http_port: 8080
      vars:
        ansible_user: deploy
        
    databases:
      hosts:
        db1.example.com:
        db2.example.com:
      vars:
        ansible_user: dbadmin
        
    production:
      children:
        webservers:
        databases:
                        
                    

Playbooks

Playbooks are Ansible's configuration, deployment, and orchestration language, allowing you to describe desired state and automate complex workflows.

Plays & Tasks - Organizing automation into logical units
Conditionals - when, changed_when, failed_when directives
Loops - Iterating with loop, with_items, with_dict
Handlers - Triggered actions on change notifications

                        
# webserver-playbook.yml
---
- name: Configure web servers
  hosts: webservers
  become: yes
  vars:
    http_port: 80
    app_name: myapp
    
  tasks:
    - name: Install Nginx
      apt:
        name: nginx
        state: present
        update_cache: yes
      notify: Restart Nginx
      
    - name: Copy Nginx configuration
      template:
        src: templates/nginx.conf.j2
        dest: /etc/nginx/sites-available/{{ app_name }}
        owner: root
        group: root
        mode: '0644'
      notify: Restart Nginx
      
    - name: Enable site configuration
      file:
        src: /etc/nginx/sites-available/{{ app_name }}
        dest: /etc/nginx/sites-enabled/{{ app_name }}
        state: link
      notify: Restart Nginx
      
    - name: Ensure Nginx is running
      service:
        name: nginx
        state: started
        enabled: yes
        
  handlers:
    - name: Restart Nginx
      service:
        name: nginx
        state: restarted
                        
                    

Roles

Roles provide a way to organize playbooks into reusable components with a standardized file structure.

Role Structure - tasks, handlers, templates, files, vars, defaults, meta
Ansible Galaxy - Installing and sharing community roles
Role Dependencies - Meta requirements and role composition
Tags - Selective task execution within roles

                        
# Role directory structure
roles/
└── webserver/
    ├── tasks/
    │   ├── main.yml
    │   ├── install.yml
    │   └── configure.yml
    ├── handlers/
    │   └── main.yml
    ├── templates/
    │   └── nginx.conf.j2
    ├── files/
    │   └── index.html
    ├── vars/
    │   └── main.yml
    ├── defaults/
    │   └── main.yml
    └── meta/
        └── main.yml
                        
                    

Variables & Templates

Variables and Jinja2 templates enable dynamic and flexible automation across different environments.

Variable Precedence - Understanding the 22 levels of precedence
Jinja2 Templates - Dynamic configuration file generation
Filters - Data transformation and manipulation
Facts - System information gathered from managed nodes

Ansible Vault

Ansible Vault provides encryption for sensitive data like passwords, keys, and credentials within your automation code.

Encrypting Files - ansible-vault create, edit, encrypt, decrypt
Vault IDs - Multiple passwords for different environments
Encrypted Variables - Inline encryption of sensitive values
Best Practices - Secure secret management workflows

AWX / Ansible Tower

AWX (open-source) and Ansible Tower (enterprise) provide web-based UI, REST API, and enterprise features for Ansible automation.

Web Interface - Visual job management and scheduling
RBAC - Role-based access control for teams
Job Scheduling - Automated and recurring job execution
API Integration - REST API for CI/CD integration

Best Practices

Follow these best practices for maintainable and scalable Ansible automation.

Idempotency - Ensure playbooks can run multiple times safely
Directory Structure - Organize with roles and environments
Testing - Use Molecule for role testing and validation
Version Control - Keep all automation code in Git

Ansible