This tutorial contains notes about Ansible.

1. Ansible

Ansible is an open source tool for automated software provisioning and application deployment.

Ansible allows to execute predefined tasks via SSH on remote or local machines. Ansible is simple to use and does not require a server/client architecture. You can execute it from your local machine while the remote machines don’t need an Ansible installation.

2. Installation and configuration of Ansible

2.1. Installation

Ansible is available for all major Linux distributions. You can install it with your package manager. Under Ubuntu you can enter this:

sudo apt install ansible

The Ansible version available through the systems package manager might be outdated. To run the latest Ansible version you can install it through the Python package manager pip. At the time of this writing Ansible supports Python 2.x.

pip install ansible

If you decide to install Ansible through pip make sure to delete your system Ansible installation. Otherwise you might run into some problems.

2.2. Configuration

For the usage of Ansible you need to configure the machines to which you want to connect.

You can define host groups in the global configuration file /etc/ansible/hosts.

The following configuration would define a group named test with two hosts from a local network:


Besides the global host file, you can reference other host files on the command line with -i /path. This has the advantage that you can put these files under version control and share them with others.

3. Executing ad-hoc commands

The easiest way to get started with Ansible is by executing ad-hoc commands. Create a directory for your ansible files and save this into a file called hosts:


If you changed the SSH port on a host you can specify it like this:


This host might be for example a:

  • web server

  • VM

  • container

It is also possible to execute your command on your local machine. This is useful for testing or in case you do not have a remote machine available.

For example, to execute the Unix uptime command via Ansible, you could use following commands.

# ansible -i <host file> <group> -m <module> -a <module arguments>
ansible -i hosts test_group -m shell -a "uptime"

# output should look something like this: | SUCCESS | rc=0 >>
 21:56:49 up  3:04,  2 users,  load average: 0.00, 0.00, 0.00

# using localhost:
ansible localhost -m shell -a "uptime"

You can specify the user on the remote machine by passing in the --become-user <username> parameter. Otherwise, your local user is used. To gain administrator (sudo) rights for your command add --become. If the remote user needs a password for sudo access, additionally add --ask-become-password.

4. Playbooks

Playbooks are Ansible configuration files that specify the tasks to be performed. Task can be synchronously or asynchronously. By default, tasks are executed synchronously and sequentially in the order they are defined in the Playbook.

It is possible to switch host groups between tasks.

Playbooks are written in YAML format. To do a syntax check on a Playbook without executing it, start it with the --syntax-check parameter:

ansible-playbook my_playbook.yml --syntax-check

Ansible comes with a sizable number of modules that we can use in our playbooks to do common tasks.

Here is an example playbook with three tasks:

- hosts: test (1)
    - name: Ensure sudo group exists
      group: (2)
        name: sudo (3)
        state: present (4)
    - name: Ensure test user exists
      user: (5)
        name: test
        state: present
    - name: Add test user to sudo group
      user: (6)
        name: test
        groups: sudo
        append: yes
1 we define the host group on which this playbook is executed
2 we use the Ansible group module to add a new user group
3 each module defines a specific set of variables by which it can be configured, here we specify the name of the group
4 check if user exists and create him if he is missing
5 we use the user module to create a new user
6 we add our new test user to the sudo group

It is possible to have multiple task blocks with different settings in one playbook. The next example works on multiple hosts:

- hosts: dbserver
    - name: fetch backup
        src: /backup/
        dest: /tmp/fetched
- hosts: storageserver
    - name: upload backup

4.1. Dry run

Many Ansible modules support a test run without persisting any actual changes. Such runs are called dry runs. To trigger a dry run execute with the --check parameter. To see the changes that would be made add --diff. This parameter can also be used in a regular run.

ansible-playbook my_playbook.yml --check --diff

5. Ansible resources