Jump to: navigation, search

Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.

Ansible’s goals are foremost those of simplicity and maximum ease of use. It also has a strong focus on security and reliability, featuring a minimum of moving parts, usage of OpenSSH for transport (with an accelerated socket mode and pull modes as alternatives), and a language that is designed around auditability by humans – even those not familiar with the program.

Useful links:


Ansible uses ssh to issue the needed commands. For Ansible to work we need to add our public key to the target machines' authorized_keys to ensure passwordless login.

Ansible, by default, relies on the existence of an inventory file /etc/ansible/hosts of the form:


Ansible needs python2 to run properly, so in case you have both python2 and python3 installed on the remote host, you need to force the use of python2 by appending ansible_python_interpreter=python2 to the corresponding remote host. i.e. if we need to force it for idea.tolabaki.gr:

idea.tolabaki.gr ansible_python_interpreter=python2

To avoid the creation of such inventory files we can directly use Ansible to target a specific host with:

$ ansible all -i srv1.tolabaki.gr, -a "/bin/echo hello"

or multiple hosts with:

$ ansible all -i srv1.tolabaki.gr,idea.tolabaki.gr -a "/bin/echo hello"

Playbooks & Roles[edit]

Please check code.tolabaki.gr for the available playbooks and roles.


Each playbook (*.yml in the main directory) needs to define its target hosts. This is done with -hosts:, i.e., ldap.yml defines that its hosts are the ldap_clients (group). That said, to enable ldap authentication on a set of machines we need to modify the inventory file (/etc/ansible/hosts by default) to include a ldap_clients group. e.g.


By convention we use the playbooks name followed by '_clients' for clients and by '_server' for servers. Note that we do not use plural for servers since we usually deploy a single server per service.


A very nice set of roles can be found here.