Tagged: Ansible
13 posts · browse all tags
-
Ansible Deep Dive Part 1: What Ansible Is, and Why Agentless Still Wins
Kicking off a thirteen-part Ansible series. Part 1 covers what Ansible actually is, the push-based agentless model and why it still matters against Chef/Puppet/Salt, the control node/managed node mental model, installing Ansible, and your first ad-hoc command against a real inventory.
-
Ansible Deep Dive Part 10 Lab: Automating a Cisco and FortiGate Fleet With Ansible
Part 10, the second lab: network-specific Ansible modules against a mixed Cisco IOS and FortiGate fleet — cisco.ios facts and config, fortinet.fortios firewall policy objects, connection: network_cli vs httpapi, and a config-drift check playbook.
-
Ansible Deep Dive Part 11: Error Handling in Anger — Blocks, Rescue, and Partial Failures
Part 11: block/rescue/always for structured error handling, ignore_errors vs failed_when vs ignore_unreachable, max_fail_percentage and any_errors_fatal, and retries/until for polling a service until it's actually ready.
-
Ansible Deep Dive Part 12: Best Practices — the Style Guide I Actually Follow
Part 12: the Ansible conventions worth treating as non-negotiable — naming, idempotency discipline, directory layout, secrets, tagging restraint, testing gates, and the failure modes that show up once a project outlives its author's memory of writing it.
-
Ansible Deep Dive Part 13: Does Ansible Still Matter in an MCP/AI World?
Part 13, the closing piece: if an AI agent can SSH in and fix things itself, do playbooks, idempotency, and config management still matter? A case for yes — argued through the same MCP server that writes this very site.
-
Ansible Deep Dive Part 2: Inventory — Static, Dynamic, and Everything In Between
Part 2 of the Ansible series: INI vs YAML inventory, groups and nested groups, host_vars/group_vars, patterns and limits, and moving to dynamic inventory plugins (AWS, and a network-specific example) once static files stop scaling.
-
Ansible Deep Dive Part 3: Playbooks, Tasks, and the Idempotency Contract
Part 3: plays and tasks, modules vs shell/command, the idempotency contract that makes Ansible safe to re-run, handlers and notify, check mode and diff mode, and tags for selectively running part of a playbook.
-
Ansible Deep Dive Part 4: Variables, Facts, and Jinja2 Templating
Part 4: where variables come from, gathering and using facts, the Jinja2 syntax underneath when/template/filters, common filters worth knowing, and building real config templates for both servers and network devices.
-
Ansible Deep Dive Part 5: Roles and Ansible Galaxy — Structuring Projects That Scale
Part 5: the standard role directory layout, defaults vs vars, role dependencies, ansible-galaxy for installing community roles and collections, and requirements.yml for pinning what a project depends on.
-
Ansible Deep Dive Part 6: Variable Precedence and Ansible Vault — Secrets Done Right
Part 6: the full variable precedence ladder from role defaults to extra-vars, then Ansible Vault end to end — encrypting whole files and single strings, vault IDs for multiple secret tiers, and keeping vault passwords out of the repo entirely.
-
Ansible Deep Dive Part 7: ansible.cfg, Performance, and Scaling to Hundreds of Hosts
Part 7: the ansible.cfg precedence and the settings that actually matter, forks and the linear/free strategies, SSH pipelining and ControlPersist, fact caching, and Mitogen as the option to know about even if you don't reach for it.
-
Ansible Deep Dive Part 8: Testing Ansible — Molecule, ansible-lint, and CI Pipelines
Part 8: ansible-lint and its rule categories, Molecule for spinning up disposable Docker/VM targets and asserting real state with Testinfra, idempotency testing (running a role twice and asserting nothing changed the second time), and wiring it all into GitHub Actions.
-
Ansible Deep Dive Part 9 Lab: Zero to Production — a Three-Tier Web App From Bare Metal
Part 9, the first lab: a role-based playbook standing up a load balancer, two app servers, and PostgreSQL from bare Ubuntu boxes — vault-protected credentials, templated HAProxy/env config, notify chains, and a rolling deploy with serial.