Ansible 101: Automate Server Provisioning the Right Way
Ansible 101: Automate Server Provisioning the Right Way
In 2025, automation is no longer optional. Sysadmins and DevOps engineers manage fleets of servers, often across multiple data centers and cloud providers. Manual provisioning is error-prone, inconsistent, and impossible to scale. This is where Ansible comes in: a lightweight, agentless automation tool that uses SSH + YAML to orchestrate infrastructure consistently and securely.
This guide provides an advanced introduction to Ansible, showing you how to provision and configure Linux servers the right way. We’ll cover installation, inventory, playbooks, roles, idempotency, and production-ready best practices — the foundation for Infrastructure as Code (IaC).
🔹 Step 1: Install Ansible
On Ubuntu/Debian
sudo apt update
sudo apt install ansible -y
On RHEL/CentOS
sudo dnf install ansible-core -y
Verify:
ansible --version
In 2025, Ansible is at version 9.x, with collections replacing older monolithic modules.
🔹 Step 2: Define Inventory
The inventory lists servers managed by Ansible.
# /etc/ansible/hosts[web]
192.168.10.11 192.168.10.12
[db]
192.168.10.20
[all:vars]
ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_rsa
Dynamic inventories are supported via plugins for AWS, GCP, and Proxmox.
🔹 Step 3: Run Ad-Hoc Commands
Quick test:
ansible all -m ping
Install a package on all web servers:
ansible web -m apt -a "name=nginx state=present" -b
🔹 Step 4: Write Playbooks
Playbooks define repeatable automation tasks in YAML.
---
- name: Setup web servers
hosts: web
become: yes
tasks:
- name: Install Nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Ensure Nginx is running
service:
name: nginx
state: started
enabled: yes
Run:
ansible-playbook web.yml
🔹 Step 5: Use Roles for Structure
Roles allow modular, reusable playbooks:
roles/
nginx/
tasks/main.yml
templates/nginx.conf.j2
handlers/main.yml
Example task (tasks/main.yml):
- name: Copy Nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart nginx
Handler (handlers/main.yml):
- name: Restart nginx
service:
name: nginx
state: restarted
🔹 Step 6: Variables & Templates
Variables make playbooks flexible:
# group_vars/web.yml
nginx_port: 8080
Template (templates/nginx.conf.j2):
server {
listen {{ nginx_port }};
server_name _;
root /var/www/html;
}
🔹 Step 7: Ensure Idempotency
Idempotency ensures running the same playbook twice won’t reapply changes unnecessarily. For example:
- name: Create user
user:
name: deploy
shell: /bin/bash
Running this multiple times won’t recreate the user — it checks state first.
🔹 Step 8: Secrets & Vault
Encrypt credentials with Ansible Vault:
ansible-vault create secrets.yml
Use secrets in playbooks:
vars_files:
- secrets.yml
🔹 Step 9: Best Practices for Production
- Use Git for version control (IaC workflow).
- Split inventories by environment (dev, staging, prod).
- Use tags to run partial playbooks:
ansible-playbook site.yml --tags "nginx,firewall" - Integrate with CI/CD (GitHub Actions, GitLab CI).
- Lint YAML with
ansible-lint. - Test with Molecule before production runs.
🔹 Step 10: Monitoring & Debugging
- Use
-vvvfor verbose debugging. - Check facts:
ansible all -m setup - Track changes via logs in
/var/log/ansible.log(if enabled).
✅ Conclusion
Ansible simplifies server provisioning by making infrastructure declarative, repeatable, and secure. Whether you’re managing 10 VPS or a 500-node dedicated cluster, Ansible ensures consistency and reduces human error. With roles, variables, and vault integration, you can manage complex stacks (LAMP, Kubernetes, CI/CD pipelines) as code. At WeHaveServers.com, we deploy Ansible to automate customer environments, from bare-metal servers to hybrid clouds, ensuring fast, secure, and reproducible setups.
❓ FAQ
Is Ansible better than Puppet or Chef?
Yes for simplicity. Ansible is agentless and uses YAML, while Puppet/Chef require agents and DSLs. However, Puppet scales better for massive infrastructures.
Can I use Ansible with Windows servers?
Yes, Ansible supports Windows via WinRM modules.
Do I need root access on servers?
No, but you need sudo privileges to perform system-level changes.
How does Ansible compare to Terraform?
Terraform provisions infrastructure (VMs, networks). Ansible configures them. They’re complementary, not competitors.
Can I run Ansible from my laptop?
Yes. Ansible only needs Python + SSH. No central server is required unless you use AWX/Ansible Tower.
