Ansible is an open-source IT automation engine, which can remove drudgery from your work life, and will also dramatically improve the scalability, consistency, and reliability of your IT environment.

  • uses SSH to push commands

  • no-client software (agent) needed

  • yaml based environment description (playbooks)


  • source


  • pip install ansible


  • curate /etc/ansible/hosts - inventory on

  • make sure you can access each and every host via SSH

  • perform ad-hoc commands - ad-hoc commands on

    • ansible -m ping all

    • ansible all -a "/bin/uname -a"

    • ansible atlanta -a "/sbin/reboot" -f 10

    • ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"

  • curate playbooks

Example playbook

# basic setup for all our containers
- hosts: container
  become: true
  - include_tasks: ../ubuntu/basics.yml
  - include_tasks: ../ubuntu/monit.yml
  - include_tasks: ../ubuntu/certificates.yml
  - include_tasks: ../ubuntu/update_packages.yml

Example task

- name: set timezone to Europe/Berlin
    name: Europe/Berlin
- name: Install basic Applications
    name: ['git', vim', 'curl', 'tree', 'htop', 'pv', 'stress', 'wget', 'build-essential', 'ruby', 'rsync', 'ufw', 'mosh', 'unattended-upgrades']
    state: latest
- name: ufw allow ssh
  command: ufw allow proto udp from to any port 22
- name: ufw allow mosh
  command: ufw allow proto udp from to any port 60001
- name: Generate locales (EN)
  command: locale-gen en_US.UTF-8
- name: Generate locales (DE)
  command: locale-gen de_DE.UTF-8
- name: Setup unattended-upgrades
  command: dpkg-reconfigure -plow unattended-upgrades --default-priority
- name: Copy unattended-upgrade settings to client
  copy: src=../files/unattended-upgrades/10periodic dest=/etc/apt/apt.conf.d/10periodic owner=root group=root mode=0644