Just moozing

Before you can check your notes, you must make them…

Ansible introduction

leave a comment »

In this blog post, I will go though what ansible is and what it can be used for.

Ansible is a provisioning tool like puppet (I wrote a puppet primer some time ago). They are similar, and like other provisioning tools, they are designed to roll out configurations in a systematic manner.

A key difference between ansible and puppet, is the software installed ansible-logoon your device. Puppet works in a client/server manner using their specific protocol. Ansible uses SSH and (mostly) relies on python on the client device.

Ansible basics

Fundamental ansible concepts:

  • Inventory file: Contains a list of server and how to connect to them. (official docs)
  • Playbook: The actual configurations to perform. (official docs)

Playbooks can be controlled using variables. Some are built-in, others are defined in the playbook. You can also use multiple files using roles and imports.

You are able to make playbooks, that does the same across different operating systems, based on conditions from the built-in variables.

Roles can be shared and reused through the ansible galaxy.


Example configuration

I made an ansible configuration to vagrantify an openbsd server. The corresponding blog post is here.

The playbook from the vagrantify project contains examples of user handling, file upload and changing line in configuration files.


Interesting applications

In general, provisioning and making playbooks is a very good tool for “making notes” on how something works for reproducility purposes.

Other ideas and projects


At least some Juniper devices support provisioning using ansible. see here and here.


I have worked with VPSes at digital ocean using vagrant, and since vagrant supports ansible provisioning, it seems like a good match.


I have made an ansible playbook to set up a dual router using CARP, virtual IP adresses, pfsync, firewall rules and so on.

Webserver or similar

If you want to deploy multiple servers with very similar configuration, use ansible to lock them down and version control it.


The critical security controls always require a lot of tweaks to the security settings. This makes it a good candidate for provisioning. Also, provisioning is mentioned in CSC #3-10.


Having multiple machines to monitor, often requires manual configuration of the monitoring system. Using provisioning, that could be automated.


Maybe not “super”, but a variation on the theme of identical servers is to combine multiple physical machines in a cluster. A cheap version could be to combine a bunch of raspberry pis.


Closing comment

Provisioning is a really useful tool, and an integral part of devops.






Written by moozing

August 14, 2015 at 12:00

Posted in Tech

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: