Ansible Complete Tutorial 2025 - Configuration Management

🚀 Why Ansible in 2025?

Ansible remains the #1 agentless automation tool with 75% enterprise adoption. Perfect for configuration management, application deployment, and orchestration - all without installing agents!

Quick Stats:

✅ 80% faster server provisioning
✅ Zero downtime deployments
✅ Salary Impact: Ansible skills add ₹4-10 LPA

📦 Installation in 1 Minute

# Ubuntu/Debian
sudo apt update
sudo apt install ansible

# Mac
brew install ansible

# Verify
ansible --version

🎯 Your First Playbook

Create first-playbook.yml:

---
- name: My First Ansible Playbook
  hosts: all
  become: yes

  tasks:
    - name: Update apt cache
      apt:
        update_cache: yes
        cache_valid_time: 3600

    - name: Install Nginx
      apt:
        name: nginx
        state: present

    - name: Start Nginx service
      service:
        name: nginx
        state: started
        enabled: yes

    - name: Create custom index page
      copy:
        content: "Hello from Ansible 2025!"
        dest: /var/www/html/index.nginx-debian.html

🔧 Run Your Playbook

# Create inventory file
echo "server1 ansible_host=your-server-ip" > hosts

# Run playbook
ansible-playbook -i hosts first-playbook.yml -u ubuntu -k

📁 Core Concepts

1. Inventory: List of managed hosts
2. Playbook: YAML automation scripts
3. Modules: Reusable units (apt, copy, service)
4. Roles: Reusable playbook components
5. Facts: System information gathering

🏗️ Real Example: Full Stack Deployment

Complete Application Stack:

---
- name: Deploy Application Stack
  hosts: webservers
  become: yes

  vars:
    app_version: "2.0.0"
    app_port: 8080

  tasks:
    - name: Install dependencies
      apt:
        name: "{{  item  }} "
        state: present
        update_cache: yes
      loop:
        - python3
        - python3-pip
        - git
        - nginx
        - postgresql

    - name: Clone repository
      git:
        repo: "https://github.com/app/repo.git"
        dest: /opt/myapp
        version: "{{  app_version  }} "
        force: yes

    - name: Install Python requirements
      pip:
        requirements: /opt/myapp/requirements.txt
        virtualenv: /opt/myapp/venv

    - name: Create application user
      user:
        name: appuser
        system: yes
        shell: /bin/bash

    - name: Set directory permissions
      file:
        path: /opt/myapp
        owner: appuser
        group: appuser
        recurse: yes

    - name: Copy systemd service file
      template:
        src: myapp.service.j2
        dest: /etc/systemd/system/myapp.service
      notify: Restart application

    - name: Configure Nginx reverse proxy
      template:
        src: nginx.conf.j2
        dest: /etc/nginx/sites-available/myapp
      notify: Reload Nginx

    - name: Enable Nginx site
      file:
        src: /etc/nginx/sites-available/myapp
        dest: /etc/nginx/sites-enabled/myapp
        state: link

  handlers:
    - name: Restart application
      systemd:
        name: myapp
        state: restarted
        daemon_reload: yes

    - name: Reload Nginx
      service:
        name: nginx
        state: reloaded

🔄 Roles: Professional Structure

Create Reusable Role:

# Create role structure
ansible-galaxy init webserver-role

# Directory structure created:
webserver-role/
  ├── tasks/main.yml        # Main task list
  ├── handlers/main.yml     # Service handlers
  ├── templates/            # Jinja2 templates
  ├── files/                # Static files
  ├── vars/main.yml         # Variables
  ├── defaults/main.yml     # Default variables
  ├── meta/main.yml         # Role metadata
  └── README.md             # Documentation

Use Role in Playbook:

---
- name: Configure Web Servers
  hosts: webservers
  become: yes

  roles:
    - role: webserver-role
      vars:
        nginx_port: 80
        app_env: production

    - role: monitoring-role
    - role: security-role

Example Role Tasks (tasks/main.yml):

---
# webserver-role/tasks/main.yml
- name: Install Nginx
  apt:
    name: nginx
    state: present

- name: Copy Nginx configuration
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
  notify: Restart Nginx

- name: Ensure Nginx is running
  service:
    name: nginx
    state: started
    enabled: yes

🔐 Security Best Practices

Secure SSH Configuration:

---
- name: Harden SSH Security
  hosts: all
  become: yes

  tasks:
    - name: Disable root login
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin no'
      notify: Restart SSH

    - name: Disable password authentication
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PasswordAuthentication'
        line: 'PasswordAuthentication no'
      notify: Restart SSH

    - name: Change SSH port
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^Port'
        line: 'Port 2222'
      notify: Restart SSH

  handlers:
    - name: Restart SSH
      service:
        name: sshd
        state: restarted

Ansible Vault for Secrets:

# Create encrypted file
ansible-vault create secrets.yml

# Edit encrypted file
ansible-vault edit secrets.yml

# Encrypt existing file
ansible-vault encrypt vars.yml

# Decrypt file
ansible-vault decrypt secrets.yml

# Run playbook with vault
ansible-playbook playbook.yml --ask-vault-pass

# Use vault password file
ansible-playbook playbook.yml --vault-password-file ~/.vault_pass

Example Encrypted Variables:

# secrets.yml (encrypted)
---
db_password: "SuperSecretPass123!"
api_key: "sk-1234567890abcdef"
aws_access_key: "AKIAIOSFODNN7EXAMPLE"

# Use in playbook
- name: Configure database
  postgresql_user:
    name: appuser
    password: "{{  db_password  }} "
  vars_files:
    - secrets.yml

📊 Career Impact 2025

Junior Level

Salary: ₹8-14 LPA

Mid-Level

Salary: ₹15-25 LPA

Senior Level

Salary: ₹25-40 LPA

🎓 Learning Path

Day 1-3: Basics

Basics & ad-hoc commands

Week 1: Fundamentals

Playbooks & modules

Week 2: Intermediate

Variables, facts, templates

Week 3: Advanced

Roles & best practices

Week 4: Expert

Advanced (AWS/GCP modules, Tower)

💡 Pro Tips 2025

✅ Use ansible all -m setup to gather system facts
✅ Always use become: yes for sudo tasks
✅ Tag tasks for selective execution: --tags "deploy"
✅ Use handlers for service restarts (avoid unnecessary restarts)
✅ Test with --check (dry-run) before running
✅ Use --diff to see what changes will be made
✅ Implement idempotency - playbooks should be safe to run multiple times
✅ Use ansible-lint to check playbook quality
✅ Store inventory in version control (Git)
✅ Use dynamic inventory for cloud environments
✅ Leverage delegate_to for running tasks on specific hosts
✅ Use serial for rolling updates

⚠️ Common Mistakes to Avoid

❌ Not using version control for playbooks
❌ Hardcoding values instead of using variables
❌ Ignoring idempotency principles
❌ Not testing playbooks in staging first
❌ Storing secrets in plain text
❌ Not using roles for reusability
❌ Running playbooks without --check first
❌ Not documenting playbook purpose and usage

🚀 Common Use Cases

Practical Examples:

# 1. User Management
- name: Create DevOps user
  user:
    name: devops
    groups: sudo,docker
    shell: /bin/bash
    create_home: yes
    state: present

# 2. File Management
- name: Deploy configuration
  copy:
    src: app.conf
    dest: /etc/app/app.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

# 3. Package Management
- name: Install web server
  yum:
    name: httpd
    state: latest
  when: ansible_os_family == "RedHat"

- name: Install web server (Debian)
  apt:
    name: apache2
    state: latest
  when: ansible_os_family == "Debian"

# 4. Service Control
- name: Manage Nginx service
  systemd:
    name: nginx
    state: restarted
    enabled: yes
    daemon_reload: yes

# 5. Conditional Execution
- name: Install Docker (Ubuntu only)
  apt:
    name: docker.io
    state: present
  when:
    - ansible_distribution == "Ubuntu"
    - ansible_distribution_version >= "20.04"

# 6. Loop Through Items
- name: Create multiple directories
  file:
    path: "{{  item  }} "
    state: directory
    mode: '0755'
  loop:
    - /opt/app/logs
    - /opt/app/data
    - /opt/app/config

# 7. Template Configuration
- name: Deploy Nginx config from template
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    validate: 'nginx -t -c %s'
  notify: Reload Nginx

✅ Quick Start Checklist

Week 1-2:

☐ Install Ansible on control node
☐ Create inventory file with hosts
☐ Write first playbook
☐ Run ad-hoc commands
☐ Learn 10 common modules
☐ Practice with variables

Week 3-4:

☐ Create reusable roles
☐ Implement Ansible Vault
☐ Use templates (Jinja2)
☐ Set up handlers
☐ Integrate with CI/CD
☐ Build 3 real projects

🎯 Real-World Project Ideas

1. LAMP Stack Automation: Deploy complete Linux, Apache, MySQL, PHP stack with one playbook
2. Docker Cluster Setup: Install and configure Docker Swarm across multiple nodes
3. Kubernetes Cluster: Automate K8s cluster deployment with kubeadm
4. Security Hardening: Create playbook to harden Ubuntu/CentOS servers (CIS benchmarks)
5. Monitoring Stack: Deploy Prometheus, Grafana, and exporters automatically
6. CI/CD Pipeline: Set up Jenkins with all plugins and jobs via Ansible
7. Database Replication: Configure MySQL/PostgreSQL master-slave replication
8. Load Balancer Setup: Deploy and configure HAProxy or Nginx load balancers

🎯 Next Steps

Practice: Automate your home lab
Certification: Red Hat Certified Specialist
Advanced: Learn Ansible Tower/AWX
Cloud: Master AWS/GCP modules

Begin today: Your first automation is ansible all -m ping away!

Remember: Ansible makes the complex simple - start automating repetitive tasks today!