Skip to content
BankyBluePrints.com

Ansible Automation

Overview

Section titled “Overview”

Ansible is an agentless automation tool for configuration management, provisioning, and deployment. It connects over SSH/WinRM and uses YAML playbooks to describe desired state.

  • Simple, readable playbooks and roles
  • Works across Linux and Windows hosts
  • Huge module ecosystem (cloud, databases, OS, networking)

Key concepts

Section titled “Key concepts”
  • Inventory: hosts and groups to target
  • Playbooks: YAML files that run tasks against hosts
  • Roles: reusable structure for tasks/vars/templates/handlers
  • Modules: idempotent units of work (apt, yum, win_package, user, service)
  • Variables: group_vars/host_vars and injected vars

Inventory example

Section titled “Inventory example”
[web]
web01 ansible_host=10.0.0.10
web02 ansible_host=10.0.0.11


[db]
db01 ansible_host=10.0.1.10

Linux deployment playbook

Section titled “Linux deployment playbook”
---
- name: Deploy web app (Linux)
  hosts: web
  become: true
  tasks:
    - name: Ensure Node.js is present
      apt:
        name: nodejs
        state: present
        update_cache: true
    - name: Sync site files
      synchronize:
        src: ./dist/
        dest: /var/www/site/
    - name: Ensure service is running
      systemd:
        name: nginx
        state: started
        enabled: true

Windows deployment playbook

Section titled “Windows deployment playbook”
---
- name: Deploy web app (Windows)
  hosts: windows
  vars:
    ansible_connection: winrm
  tasks:
    - name: Install IIS
      win_feature:
        name: Web-Server
        state: present
    - name: Copy site files
      win_copy:
        src: ./dist/
        dest: C:\\inetpub\\wwwroot\\

CI integration (GitLab CI example)

Section titled “CI integration (GitLab CI example)”
ansible_deploy:
  stage: deploy
  image: alpine:3.19
  before_script:
    - apk add --no-cache python3 py3-pip openssh-client
    - pip install ansible==9.5.1
  script:
    - ansible-playbook -i inventory.ini playbooks/deploy.yml --limit web
  rules:
    - if: "$CI_COMMIT_BRANCH == 'main'"

See more: ./ansible/introduction, ./ansible/windows-deployment, ./ansible/linux-deployment, ./ansible/gitlab-ci-integration

Best practices

Section titled “Best practices”
  • Keep playbooks idempotent and test with —check
  • Use roles for reuse and structure
  • Separate inventories per environment; inject secrets via CI/CD variables
  • Prefer modules over raw shell where possible