Avatar

Fanourios Chatziathanasiou

Backend Developer

HomeProjectsWork HistoryBlogContact

Socials

LinkedIn

Ansible Basics: Setup, Directories and Managing Secrets

thumbnail

Ansible is an open-source automation tool used for configuration management, application deployment, and orchestration. It helps automate repetitive tasks and ensure your servers are always in the desired state.

What is Ansible?

Ansible automates the management of servers and applications. It allows you to define your infrastructure in code, making it easier to manage servers, install software, deploy applications, and perform system updates.

What Does Ansible Do?

  • Configuration Management: Ensures all servers are configured consistently.
  • Application Deployment: Automates the process of deploying code to servers.
  • Orchestration: Coordinates tasks across multiple servers to ensure everything works together.
  • Provisioning: Automatically sets up new servers with required software and settings.

Key Ansible Concepts

1. Playbooks

A playbook is a YAML file that defines the tasks you want Ansible to perform on your servers. It lists the "what" (actions to be taken) and "where" (which servers to act on).

2. Inventory

The inventory file lists all the servers that Ansible will manage. It can be a simple text file where each server is listed by IP address or hostname.

3. Roles

Roles are a way to organize related tasks, files, and variables into reusable and modular units. This helps structure complex configurations.

Example directory structure for a role:

4. Tasks

A task is a single action that Ansible performs. Tasks can be things like installing a package, copying a file, or starting a service.

5. Variables

Variables make your playbooks more flexible. Instead of hardcoding values, you can define variables and use them across your playbooks.

Example of defining a variable (vars.yml):

6. Templates

Templates allow you to dynamically generate configuration files using Jinja2 templating. This helps create custom configurations at runtime.

Example template (nginx.conf.j2):

7. Handlers

Handlers are special tasks that only run when notified by other tasks. For example, you can notify a handler to restart a service if a configuration file changes.

Example handler (handlers.yml):

8. Group Vars

Group vars are a way to define variables that apply to a specific group of hosts (servers). Instead of setting variables in individual playbooks or tasks, you can organize them by group. This is useful when different groups of servers (e.g., web servers, database servers) need different settings.

Group vars are typically placed in a directory called group_vars and are named after the groups defined in your inventory file.

For example, if your inventory file defines a group of web_servers and db_servers, you can create two files:

  • group_vars/web_servers.yml
  • group_vars/db_servers.yml

In each file, you can define variables specific to that group.

Example group_vars/web_servers.yml:

Example group_vars/db_servers.yml:

These variables can then be accessed in your playbooks like this:

Managing Secrets in Ansible

Sometimes you need to manage sensitive data, like API keys or passwords, in Ansible. It's important to encrypt this data to keep it secure. Ansible provides a tool called Ansible Vault for encrypting secrets.

How to Encrypt Secrets

You can encrypt sensitive data using the ansible-vault command. For example:

ansible-vault encrypt secrets.yml

This command encrypts the secrets.yml file. When you run the playbook, you will need to provide a password to decrypt it.

How to Decrypt Secrets

To decrypt a file, use:

ansible-vault decrypt secrets.yml

This will decrypt the file and display the original content.

Using Encrypted Secrets in Playbooks

You can reference encrypted variables directly in your playbooks. For example, if your vault contains the variable db_password, you can use it like this:

To run the playbook that includes encrypted variables, you would use:

ansible-playbook --ask-vault-pass playbook.yml

Example Directory Structure for a Simple Ansible Project

ansible_project/
  ├── inventory/           # Inventory file with servers
  ├── playbooks/           # Playbook files
  │    └── setup.yml
  ├── roles/               # Directory for reusable roles
  │    └── nginx/
  ├── vars/                # Variables for your playbooks
  ├── group_vars/          # Group vars for different server groups
  │    ├── web_servers.yml
  │    └── db_servers.yml
  └── ansible.cfg          # Optional configuration file for Ansible

Conclusion

Ansible is a powerful tool for automating the management and configuration of servers. By organizing your tasks, variables, and playbooks into clear and reusable structures, you can automate complex processes efficiently. Understanding group vars is key to managing multiple types of servers with different configurations, ensuring a clean and scalable setup for your infrastructure.

With Ansible, you can streamline your operations, ensure consistency, and spend less time on repetitive tasks. Plus, encrypting sensitive data ensures your secrets remain secure when managing your infrastructure.

2025 — Built by Fanourios Chatziathanasiou