A Comprehensive Guide to Ansible Automation from Basics to Advanced

Hello everyone, I am Vince, a veteran in operations with 10 years of experience.

In an era where hundreds of servers are managed daily, manual operations have become a thing of the past. After introducing Ansible, the operations team of a certain e-commerce platform reduced deployment time from hours to minutes, and fault recovery efficiency improved fivefold. This is the power of automated operations!

01 Why Choose Ansible? The Breakthrough Path for Operations Engineers

The Three Core Advantages of Ansible:

• Agentless Architecture: Directly connect to hosts via SSH without the need to install a client

• Declarative Language: YAML syntax is intuitive and easy to understand, with a gentle learning curve

• Modular Design: Over 2000 official modules cover mainstream operational scenarios

02 Quick Start in Ten Minutes: From Installation to Your First Playbook

Environment Setup (Ubuntu Example)

sudo apt update
sudo apt install ansible -y

Configure the Host Inventory (/etc/ansible/hosts)

[web_servers]
web1 ansible_host=192.168.1.101
web2 ansible_host=192.168.1.102
[db_servers]
db1 ansible_host=192.168.1.201

SSH Key Configuration (Passwordless Login)

ssh-keygen -t rsa
ssh-copy-id user@web1

Your First Playbook: Deploying Nginx (nginx.yml)

- name: Deploy Nginx Cluster
  hosts: web_servers
  become: yes
  tasks:
    - name: Update APT Cache
      apt: update_cache=yes
    - name: Install Nginx
      apt: name=nginx state=present
    - name: Enable Nginx Service
      service:
        name: nginx
        state: started
        enabled: yes

Execute Command:<span>ansible-playbook nginx.yml</span>

03 Core Skill Advancement: Template Configuration and Intelligent Triggering

Dynamic Configuration Generation (Jinja2 Template)

Create Template File<span>nginx.conf.j2</span>:

server {
    listen {{ nginx_port }};
    server_name {{ server_name }};
    location / {
        root /var/www/{{ app_name }};
    }
}

Playbook Call:

- name: Configure Nginx
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/sites-available/default
  vars:
    nginx_port: 8080
    server_name: "example.com"
    app_name: "myapp"
  notify: restart nginx

Handler Intelligent Trigger Mechanism

handlers:
  - name: restart nginx
    service:
      name: nginx
      state: restarted

Key Point: Automatically trigger service restart after configuration file modification to avoid redundant operations

04 Enterprise-Level Practice: Automated Deployment of LAMP Environment

- name: Deploy LAMP Environment
  hosts: web_servers
  become: yes
  tasks:
    - name: Install Apache
      apt: name=apache2 state=present
    - name: Install MySQL
      apt:
        name:
          - mysql-server
          - mysql-client
        state: present
    - name: Install PHP
      apt:
        name:
          - php
          - libapache2-mod-php
          - php-mysql
        state: present
    - name: Configure Virtual Host
      template:
        src: apache_vhost.j2
        dest: /etc/apache2/sites-available/000-default.conf
      notify: restart apache
  handlers:
    - name: restart apache
      service: name=apache2 state=restarted

Best Practices:

1. Use<span>block</span> module to group tasks

2. Add<span>tags</span> for partial execution

3. Combine<span>register</span> to capture command output

05 Cloud Operations: Dynamic Inventory Practice

AWS Dynamic Inventory Configuration (inventory_aws.yml):

plugin: aws_ec2
regions:
  - us-east-1
  - ap-northeast-1
filters:
  tag:Environment: production

Execute Command:<span>ansible-playbook -i inventory_aws.yml deploy.yml</span>

Advantages of Dynamic Inventory:

• Automatically discover newly added hosts

• Group management based on tags

• Real-time synchronization of cloud environment changes

06 Performance Tuning and Security Practices

Performance Optimization Techniques:

# ansible.cfg
[defaults]
forks = 50
host_key_checking = False
pipelining = True

Security Hardening Solutions:

1. Use Ansible Vault to encrypt sensitive data<span>ansible-vault encrypt vars/secrets.yml</span>

2. Restrict Playbook execution permissions

3. Regularly rotate SSH keys

4. Enable SSH certificate authentication

07 Learning Path Planning: From Novice to Expert

Step-by-Step Growth Path:

1. Basic Stage (1 week)

• Master 20 core modules

• Write basic Playbooks

Advanced Stage (2 weeks)

• Role encapsulation

• Custom module development

Expert Stage (1 month)

• Performance tuning

• Integration with K8s/Terraform

Recommended Learning Resources:

• Official Documentation: docs.ansible.com

• Practical Course: “Ansible Automation Configuration Management”

• Open Source Project: ansible/awx

– End –

For more insightful articles, scan the QR code to follow us directly

After following, reply with 1 to receive the Operations Interview Guide

Scan the group QR code below

Let’s learn operational knowledge togetherFor more valuable articles, please check↓ Building a Kubernetes Cluster from 0 to 1: A Quick Deployment Guide

The more experienced you are in operations, the more you fear these actions: Lessons learned over ten years

Build smaller, faster, and safer containers with Docker multi-stage builds

Reduce build failure rates by 38%: The dual-engine secret of bank-level CI/CD

A practical review of a P0 failure in the payment chain: How to recover the system from a K8s crash in 15 minutes?Ten years in operations: From “firefighter” to system builder, how I supported a systematic sky?Is Wei Shen from Peking University transitioning to Linux operations: Is it a downgrade or an adaptation issue?When jstack meets top: A cross-department hunt for 100% CPU usage

The truth about operations interviews: You lose in the invisible “architectural gap”