Kernel of Truth

Ansible in Linux: What It Is, Why You Would Use It, and How

Ansible is an open-source automation tool used for configuration management, application deployment, and orchestration. It allows you to define the desired state of your systems in simple YAML files (called playbooks) and then automatically applies those changes across many machines.

Quick take

  • What it does: Automates system configuration, software installation, service management, and orchestration.
  • Why use it: Saves time, reduces human error, ensures consistency across environments (dev, test, prod).
  • How it works: Uses SSH (or WinRM for Windows) to connect to hosts, then pushes out instructions defined in YAML playbooks.
  • Who can use it: System administrators, DevOps engineers, security teams, and anyone managing multiple servers.

Setting up an Ansible control node

We’ll start with a blank Ubuntu Server box (e.g. 22.04 LTS). This machine will act as your Ansible control node.

# Update and install Ansible
sudo apt update
sudo apt install -y ansible sshpass

# Confirm installation
ansible --version

Create a dedicated user for Ansible operations (optional but good practice):

sudo adduser ansible
sudo usermod -aG sudo ansible

Switch to that user and generate SSH keys:

su - ansible
ssh-keygen -t ed25519 -C "ansible@control"

Copy the public key to any target hosts you want to manage:

ssh-copy-id ansible@192.168.0.102

You can now connect without passwords:

ssh ansible@192.168.0.102

Inventory: telling Ansible about your hosts

Create an inventory file to list your managed nodes.

# /etc/ansible/hosts or a project-specific hosts.ini

[webservers]
192.168.0.102 ansible_user=ansible

[dbservers]
192.168.0.103 ansible_user=ansible

Test connectivity:

ansible all -i hosts.ini -m ping

You should see pong responses from each host.

Deploying a LAMP stack with Ansible

Now let’s create a playbook to turn a vanilla Ubuntu server into a full LAMP stack.

---
- name: Configure LAMP stack on Ubuntu
  hosts: webservers
  become: true
  tasks:
    - name: Ensure apt cache is up to date
      apt:
        update_cache: yes

    - name: Install Apache
      apt:
        name: apache2
        state: present

    - name: Install MySQL server
      apt:
        name: mysql-server
        state: present

    - name: Install PHP and modules
      apt:
        name:
          - php
          - libapache2-mod-php
          - php-mysql
        state: present

    - name: Enable and start Apache
      service:
        name: apache2
        state: started
        enabled: true

    - name: Enable and start MySQL
      service:
        name: mysql
        state: started
        enabled: true

    - name: Create a PHP info page
      copy:
        dest: /var/www/html/info.php
        content: "<?php phpinfo(); ?>"

Save this as lamp.yml.

Run it:

ansible-playbook -i hosts.ini lamp.yml

Once complete, you can test by visiting:

http://192.168.0.102/info.php

Good practices

  • Use ansible-vault for database root passwords and sensitive values.
  • Break out web, database, and PHP configs into roles for reusability.
  • Test on staging servers before running in production.

Summary

With a single control node, SSH keys, and a short YAML file, you can transform a fresh Ubuntu server into a complete LAMP stack. This demonstrates the core value of Ansible: consistency, repeatability, and minimal manual effort.

🛡️Latest Security Alerts 🛡️

1
2
3
Next

NCSC Latest
(The National Cyber Security Centre UK)