Ansible 101 for configuration management

Ansible is a tool for configuration management over SSH. I gave it a try recently and it has proven to be very useful since I need manage a set of servers. Here I would like to briefly introduce Ansible to you.


Ansible is written in Python, on macOS it can be installed with

$ brew install ansible

Getting read for using Ansible

SSH keys

Since Ansible talks with your machines with SSH, it’s recommended that SSH keys are preconfigured on target machines for password-less login. Use ssh-copy-id <user>@<host> to copy your public key over.

Inventory file

Inventory file contains the machines which you would like to manage. By default, Ansible will look for the inventory file located at /etc/ansible/hosts. You can also create the file in any directory and specify it when running Ansible with -i <path>, or specify the path in your ansible.cfg file with

inventory = /path/to/your/inventory/file

A simple inventory file is given below.

You can create groups in inventory file



If the host only has a static IP, it can be given an alias

example ansible_host=

You can specify the connection user with ansible_user ansible_user=webuser

Variables can also be set for hosts http_port=8080

Host key checking

When you connect to a server through SSH for the first time, you are asked whether you want to add that host to the known_hosts file. When you use Ansible and you never connect to some of the hosts, you will be prompted to confirm the host key. If you are sure there won’t be any security issues, you can disable host key checking by adding the following to /etc/ansible/ansible.cfg or ~/.ansible.cfg or /your/current/directory/ansible.cfg (searched by Ansible in the reverse order).

host_key_checking = False

Ad-hoc commands

Ansible can be used for executing ad-hoc commands. This can be used to send the same command to a group of hosts in your inventory at once.

Suppose we have a group called cluster in our inventory file, we can send a command to reboot all hosts in that group with

$ ansible cluster -a "/sbin/reboot"

To send to all hosts in the inventory, change cluster to all. If you want to specify a user, use the -u <user> option. To get root privilege, add -b.

Besides commands, Ansible can also execute Ansible modules. Ansible has a list of modules that does all kinds of tasks. These modules accept parameters that changes the behavior of those modules. For example, we want to copy a file from the control machine to the hosts, we can use

$ ansible all -m copy -a "src=~/.zshrc dest=~/.zshrc"


Although ad-hoc commands are pretty handy, you want to use the playbook feature for actual configuration management tasks. Playbook is a file that specifies a collection of tasks to be executed sequentially in order to achieve a goal, say setting up web server on the machines.

Playbook is written in YAML so it’s very easy to write one. Below is an example

- hosts: cluster

      - name: Stop & disable firewall service

In the above example, the cluster group is targeted and a task using the systemd module is included to stop and disable the firewalld deamon. To run a playbook use

$ ansible-playbook disable-firewall.yml

This is pretty much the most simple playbook you could write. Playbook can achieve much more than that. For example, you can use loops and variables in your playbook. Checkout the references for more information.


comments powered by Disqus