DevOps & CI/CD Deep Dive · 16 of 18

Ansible — Agentless Configuration as YAML

Created in 2012, acquired by Red Hat in 2015. Ansible's killer feature is "no agents" — it just SSH'es into your hosts and runs Python modules. Playbooks are YAML. Inventory is a file or dynamic plugin. The bar to start is famously low; the ceiling is enterprise-wide automation via AAP/Tower.

AgentlessYAML playbooksInventoryRolesGalaxyAAP
← Back to DevOps & CI/CD
Anatomy

The Building Blocks

Basic Concepts

  • Inventory — list of hosts (static INI/YAML or dynamic from cloud APIs).
  • Module — a unit of work (apt, file, service, copy) executed on the target.
  • Task — invocation of a module with parameters; should be idempotent.
  • Playbook — YAML file mapping plays (host group → tasks).
  • Roles — reusable, structured bundles of tasks/templates/handlers.
  • Collections — distribution unit on Ansible Galaxy; modules + roles + plugins.
  • Vault — encrypt secrets at rest within the repo.
When It Shines

The Sweet Spot

  • Configuring VMs and bare metal — exactly what it was built for.
  • Network device automation via Ansible network modules (Cisco, Arista, Juniper).
  • One-off ops tasks — patch this fleet, restart these services, rotate that key.
  • Hybrid environments where Terraform provisions and Ansible configures.
  • Air-gapped / regulated — agentless means nothing extra to certify on hosts.
Tradeoffs

What to Watch Out For

  • Slow at scale. SSH-fanout and Python on every target add up; Mitogen helps.
  • YAML + Jinja2 templates blur into a pseudo-language; complex playbooks get hard to reason about.
  • Idempotence is on you. shell and command modules don't make tasks idempotent for free.
  • Containers/K8s usually have better-fit tools (Helm/Kustomize) — using Ansible there is uphill.
  • Module signing & supply chain matter; pin collection versions.
Continue

Other DevOps & CI/CD Tools

← Pulumi Chef / Puppet → Deployment Strategies → Terraform → ↑ Back to DevOps & CI/CD