Automation is fundamentally transforming the work of IT infrastructure teams. As systems explode in complexity, automating repetitive manual tasks is no longer a "nice to have" – it‘s essential for managing dynamic, large scale environments efficiently. That‘s why over two-thirds of organizations now leverage infrastructure-as-code techniques.
Amongst the many automation tools, Ansible has emerged as a favorite for system administrators. Let‘s examine why and how Ansible empowers sysadmins like us to easily automate common responsibilities.
Why Ansible Should Be Our Automation Tool of Choice
Analyst firm RedMonk reports that Ansible adoption amongst developers has doubled over the last five years. Meanwhile, industry surveys by SysAdmins Guild indicate that over 50% of infrastructure teams now utilize Ansible for multi-cloud automation.
What is driving such rapid growth?
For starters, Ansible requires no agents or additional software installed on the managed nodes. Instead, it connects over SSH and utilizes existing Python installations – making it quick and easy to get started. The declarative YAML format of playbooks and roles also allows us to define the automation workflows in a simple, readable manner.
Additionally, Ansible modules provide prebuilt abstraction for many common administrative tasks so we don‘t have to write custom code and scripts. Whether we need to install packages, manage services, configure networks or deploy applications – there‘s a module for it!
Now let‘s look at some of the key daily sysadmin responsibilities we can automate efficiently using Ansible…
1. Copying Files to Remote Servers
Transferring files and data across networks is undoubtedly one of our most frequent tasks. With Ansible‘s copy module, we can easily automate file operations between hosts without the hassle of scp, sftp or other manual commands.
For example, here is a playbook to copy over a new NTP configuration file from the Ansible control node to update time sync settings on all managed servers:
---
- name: Copy NTP config to nodes
hosts: all
tasks:
- name: Copy new ntp.conf
ansible.builtin.copy:
src: files/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644The file permissions are also adjusted in the same step to ensure correctness. By parameterizing host groups, we can selectively target subsets of servers as needed.
2. Managing Packages and Software
Installing packages and dependencies consumes considerable time during provisioning. With Ansible, we simply define the required package state and the correct package manager handles the rest. No need to write separate commands for yum, apt, dnf etc.
Here‘s a playbook to install vim and uninstall git on a group of RHEL and Debian servers:
---
- hosts: rhel
tasks:
- name: Install vim editor
ansible.builtin.package:
name: vim
state: latest
- hosts: debian
tasks:
- name: Remove git
ansible.builtin.package:
name: git
state: absentThe playbooks remain idempotent so making repeated changes is not an issue. Ansible manages dependencies seamlessly in the background.
Now let us explore some other automation opportunities…
Streamlining Common Sysadmin Responsibilities
Beyond copying files or managing software, there are many other administrative tasks we execute daily across infrastructure environments and applications. Ansible provides a wide repertoire of modules to help simplify everything ranging from user management to storage allocation.
Let me walk through some frequent use cases:
3. Configuring Cron Jobs
Scheduling jobs with cron is a common requirement. With Ansible‘s cron module, we can easily load additional cron jobs without needing direct server access.
For example, here is a playbook to schedule a log archival job to run every Saturday evening on all servers:
- cron:
name: "Weekly Log Archive"
minute: "0"
hour: "20"
weekday: "6"
job: "/usr/local/bin/archive_script weekly > /dev/null 2>&1"The crontab file gets updated instantly without needing manual edits across each node.
4. Managing Services
Starting, stopping or restarting services is effortless with Ansible instead of running init scripts or systemctl commands directly.
Here is an example to restart the ufw firewall, stop the sshd service and ensure nginx starts on system boot across infrastructure nodes:
tasks:
- service:
name: ufw
state: restarted
- service:
name: sshd
state: stopped
- service:
name: nginx
enabled: yesThe service module handles converting init systems and distro specific service names for us.
5. Creating Users and Groups
Another frequent task is user and permissions management. Ansible provides easy mechanisms to add/modify user accounts and group policies.
Below creates a developer group, sets up an account for Alice with her public SSH key and removes inactive user Bob:
- group:
name: developers
state: present
- user:
name: alice
groups: developers
ssh_key: "ssh-rsa AAAB...alice@host"
- user:
name: bob
state: absentWe can also set passwords, UID/GID ranges, shell access and other parameters as needed in a standardized manner.
6. Configuring Networks
Network infrastructure requires frequent reconfigurations as endpoints get added, settings change etc. This gets exponentially more challenging across different cloud providers and data centers.
Ansible allows us to define and manage network properties declaratively, without needing to access individual routers, switches, load balancers and firewalls. For example:
- name: Configure site border firewall
community.network.edgeos_config:
provider:
host: edge01
username: admin
password: "{{eos_pwd}}"
src: firewall.cfg
- name: Set VLAN on switch
community.network.edgeswitch_vlan:
vlan_id: 100
name: prod
state: presentWe can easily version these network configs in source control as well.
7. Deploying Kubernetes
Container orchestrators like Kubernetes (k8s) are complex beasts to deploy and operate at scale. Thankfully, Ansible provides robust modules and roles to fully automate k8s lifecycle management.
For instantiating a minimally viable k8s cluster:
- hosts: masters, workers
roles:
- kubernetes.core
- kubernetes-apps/cluster_bootstrapAdditional integrations allow us to then manage infrastructure, policies, storage, networks and applications across the k8s stack.
This showcases only a subset of the 200+ modules and many roles Ansible provides out of the box for pretty much any administrative task we routinely perform.
Now that I have convinced you of Ansible‘s capabilities, let‘s round off with some key best practices to employ…
Developing Enterprise-Grade Infrastructure Automation
While Ansible democratizes infrastructure-as-code for sysadmins, practicing caution around change management and rigor around testing, security and reliability is still imperative.
Here are some recommendations:
Use version control – Maintain all playbooks, inventories and Ansible project code in a GIT repo for change tracking and collaboration between admins and developers.
Vault secrets – Encrypt sensitive data like passwords using Ansible Vault so plaintext credentials are not compromised.
Separate environments – Logically isolate dev, test, staging and production infrastructure for governance. Limit access using Ansible Tower teams and permissions.
Validate idempotence – Test playbook runs to ensure stability and absence of unexpected changes on subsequent executions.
Continuously test – Mock infrastructure and use CI/CD pipelines to validate playbooks before deploying to production. Scan for security vulnerabilities or policy violations.
Adhering to IaC best practices requires some learning curve but pays huge dividends as we scale infrastructure and team productivity.
To summarize, automation is critical for modern system administrators to effectively oversee dynamic cloud environments and applications. Ansible provides a robust, agentless and easy to learn platform to automate just about any administrative task we encounter daily.
I encourage you to actively evaluate Ansible for leveling up both your own skills and your organization‘s DevOps maturity. Please feel free to reach out if you have any other questions!
