// Configuration management without the complexity.
ANSIBLE CHANGED HOW WE THINK ABOUT SERVERS.
Imagine managing thousands of servers with a simple, human-readable language—no agents to install, no complex infrastructure. Ansible connects to your servers over SSH and ensures they're configured exactly as specified.
WHY ANSIBLE?
Ansible is agentless. You install it on one machine, and it manages all your servers via SSH. No daemon, no agent, no additional ports—just SSH and Python. Simple, powerful, and declarative.
Click a lesson to begin
What is Ansible? Installing and your first commands.
BeginnerManaging inventory and running ad-hoc commands.
BeginnerYAML syntax, tasks, and your first playbook.
Beginnerfile, copy, command, shell, service modules.
IntermediateVariables, facts, and registered variables.
IntermediateWhen conditions and loops in playbooks.
IntermediateCreating reusable roles and Ansible Galaxy.
IntermediateJinja2 templating and variables in templates.
IntermediateEncrypting data and security best practices.
AdvancedBlocks, rescue, always, and debugging.
Advancedmolecule, ansible-lint, and CI/CD integration.
AdvancedAWX, collections, and production architectures.
AdvancedAnsible was created by Michael DeHaan in 2012 and later acquired by Red Hat. It has become one of the most popular automation tools due to its simplicity and agentless architecture.
Unlike Puppet or Chef, Ansible doesn't require agents on managed nodes. It uses SSH to connect to servers and push configurations, making it incredibly easy to get started.
Ansible uses YAML for playbooks, making them human-readable and easy to understand. This "batteries included" approach means you can start simple and scale up.
Automation for everyone. Simple, powerful, agentless.
Ansible is an open-source automation tool that handles configuration management, application deployment, and IT orchestration. It's designed to be simple, powerful, and agentless.
# On Ubuntu/Debian sudo apt update sudo apt install ansible # On RHEL/CentOS sudo yum install ansible # Check version ansible --version
1. What makes Ansible agentless?
The inventory is a list of hosts that Ansible manages. It can be a simple file or a dynamic script.
[webservers] web1.example.com web2.example.com [databases] db1.example.com db2.example.com [all:vars] ansible_user=ubuntu
Quick one-liner commands for testing:
# Ping all hosts ansible all -m ping # Check disk space ansible all -a "df -h" # Copy file to all webservers ansible webservers -m copy -a "src=/tmp/file dest=/tmp/" # Install package ansible all -m apt -a "name=vim state=present"
1. What module pings hosts?
Playbooks are YAML files that define your automation tasks:
---
- name: My first playbook
hosts: webservers
become: yes
tasks:
- name: Install nginx
apt:
name: nginx
state: present
- name: Start nginx service
service:
name: nginx
state: started
enabled: yes
ansible-playbook site.yml
1. What directive runs tasks with sudo?
Ansible ships with thousands of modules. Here are the most common:
- name: Create a directory
file:
path: /tmp/mydir
state: directory
mode: '0755'
- name: Create a symlink
file:
src: /tmp/file
dest: /tmp/link
state: link
- name: Copy file with permissions
copy:
src: /local/file.conf
dest: /etc/app/file.conf
owner: app
group: app
mode: '0644'
- name: Run command command: /usr/bin/myapp --version - name: Run shell command shell: cat /etc/os-release
1. What module creates files, directories, and symlinks?
---
- name: Using variables
hosts: all
vars:
app_port: 8080
app_user: myapp
tasks:
- name: Create user
user:
name: "{{ app_user }}"
- name: Configure app
template:
src: app.conf.j2
dest: /etc/app/config.conf
Facts are system information collected by Ansible:
# Display all facts
ansible all -m setup
# Filter facts
ansible all -m setup -a "filter=ansible_*_mb"
# Access in playbook
- debug:
msg: "{{ ansible_distribution }}"
- name: Run command and register output
command: /usr/bin/myapp status
register: app_status
- name: Display output
debug:
msg: "{{ app_status.stdout }}"
1. What stores command output for later use?
Run tasks conditionally based on variables or facts:
- name: Install Apache on Debian
apt:
name: apache2
state: present
when: ansible_os_family == "Debian"
- name: Install Apache on RedHat
yum:
name: httpd
state: present
when: ansible_os_family == "RedHat"
- name: Create multiple users
user:
name: "{{ item }}"
state: present
with_items:
- alice
- bob
- charlie
- name: Install multiple packages
apt:
name: "{{ item }}"
state: present
with_items:
- vim
- git
- curl
1. What keyword makes a task conditional?
Roles organize playbooks into reusable components with a standard directory structure:
roles/
common/
defaults/
main.yml
handlers/
main.yml
tasks/
main.yml
templates/
files/
---
- name: Deploy webserver
hosts: webservers
roles:
- common
- nginx
- php
--- nginx_port: 80 nginx_user: www-data nginx_workers: 4
1. Where are default role variables defined?
Ansible uses Jinja2 for templating. Templates end in .j2:
server {
listen {{ nginx_port }};
server_name {{ domain_name }};
user {{ nginx_user }};
worker_processes {{ nginx_workers }};
{% if ssl_enabled %}
ssl_certificate {{ ssl_cert_path }};
ssl_certificate_key {{ ssl_key_path }};
{% endif %}
location / {
root {{ document_root }};
index index.html index.htm;
}
}
- name: Configure nginx
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart nginx
{{ my_variable | default('fallback') }}
{{ my_string | upper }}
{{ my_string | lower }}
{{ my_list | join(',') }}
1. What file extension do Ansible templates use?
Ansible Vault encrypts sensitive data like passwords and keys:
# Create new encrypted file ansible-vault create secrets.yml # Encrypt existing file ansible-vault encrypt secrets.yml # Decrypt file ansible-vault decrypt secrets.yml # Edit encrypted file ansible-vault edit secrets.yml # Change password ansible-vault rekey secrets.yml
# Require vault password at runtime ansible-playbook site.yml --ask-vault-pass # Use vault password file ansible-playbook site.yml --vault-password-file ~/.vault_pass
1. What command creates an encrypted file?
Blocks group tasks and allow error handling:
- name: Handle errors
block:
- name: Try this
debug:
msg: "This might fail"
- name: This too
command: /usr/bin/failing-command
rescue:
- name: Handle failure
debug:
msg: "Something went wrong"
always:
- name: Always run
debug:
msg: "This always runs"
- name: This might fail command: /usr/bin/risky-command ignore_errors: yes
- debug:
msg: "Hello"
- debug:
var: my_variable
- debug:
msg: "{{ ansible_failed_task.name }} failed"
1. What runs even if a block fails?
Molecule tests Ansible roles in containers:
# Install molecule pip install molecule # Initialize new role with molecule molecule init role my-role # Run tests cd my-role molecule test # Run different scenarios molecule converge molecule verify
Lints playbooks for best practices:
# Install ansible-lint pip install ansible-lint # Lint a playbook ansible-lint site.yml # With custom rules ansible-lint site.yml -R rules/
# GitHub Actions example
- name: Test Ansible
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Lint
run: ansible-lint site.yml
- name: Test
run: molecule test
1. What tests Ansible roles in containers?
AWX provides a web UI and REST API for Ansible:
Collections organize Ansible content:
# Install collection
ansible-collection install community.postgresql
# Use in playbook
- name: Install PostgreSQL
community.postgresql.postgresql_db:
name: mydb
state: present
1. What provides a web UI for Ansible?