Configuration Management
Automate infrastructure with Ansible and other tools.
Configuration management makes servers reproducible. Instead of βSSH in and click aroundβ, you describe desired state (packages installed, services running, files present) and let tools apply it consistently across many machines.
Ansible Basics
Ansible is agentless: it uses SSH to connect and applies changes using modules.
# Install Ansible
$ pip install ansible
# Run ad-hoc command
$ ansible all -m ping
# Run playbook
$ ansible-playbook site.yml
$ pip install ansible
# Run ad-hoc command
$ ansible all -m ping
# Run playbook
$ ansible-playbook site.yml
Inventory (who are we managing?)
Inventory defines hosts and groups. Start simple with an INI inventory.
# inventory.ini
[webservers]
203.0.113.10 ansible_user=deploy
[db]
203.0.113.20 ansible_user=deploy
$ ansible -i inventory.ini all -m ping
[webservers]
203.0.113.10 ansible_user=deploy
[db]
203.0.113.20 ansible_user=deploy
$ ansible -i inventory.ini all -m ping
Sample Playbook
---
- hosts: webservers
become: yes
tasks:
- name: Install nginx
apt:
name: nginx
state: present
- name: Start nginx
service:
name: nginx
state: started
- hosts: webservers
become: yes
tasks:
- name: Install nginx
apt:
name: nginx
state: present
- name: Start nginx
service:
name: nginx
state: started
Dry runs and diffs
Use check mode to preview changes and reduce risk.
$ ansible-playbook -i inventory.ini site.yml --check --diff
Best practices for scale
- β’Idempotency: tasks should converge (running again = no changes)
- β’Roles: organize by component (nginx, app, monitoring) for reuse
- β’Variables: keep env-specific values in group_vars/host_vars
- β’Secrets: use
ansible-vault(never commit plaintext secrets) - β’Tags: allow partial runs (e.g.,
--tags nginx)
β Practice (30 minutes)
- Create an
inventory.iniand runansible -m pingagainst a test VM. - Write a playbook that installs nginx and ensures it is enabled + running.
- Run the playbook twice and confirm the second run reports βokβ with no changes.