Johngai’s Tech Forge

Crafting the Future with AI and IoT

A Fast Start with Ansible: Managing Your Servers Like a Pro

Ansible offers a streamlined, agentless way to manage your infrastructure — whether you’re operating in a cloud datacenter or orchestrating a smart homelab. In this guide, we’ll walk through setting up your Ansible project, securing secrets with Vault, verifying connection health, and executing your first playbooks across multiple inventories.

Project Overview: idc35manager

This setup is designed to manage a mix of cloud and physical servers using Ansible, with plans to integrate tools like Pulumi in the future.

Directory structure:

idc35manager/
├── inventory/
│   ├── home.yaml
│   └── hkidc35.yaml
├── group_vars/
│   └── all/
│       └── vault.yaml
├── playbooks/
│   └── ping_all_servers.yaml
├── scripts/
│   └── ping_all.sh
├── ansible.cfg

Vault: Securing Your Passwords

Ansible Vault allows you to securely encrypt sensitive variables.

# Encrypt a secrets file
ansible-vault encrypt group_vars/all/vault.yaml

# Edit an encrypted file
ansible-vault edit group_vars/all/vault.yaml

A typical vault.yaml might include:

home_pcn100_password: "example-password"
home_vm_password: "example-password"
hkidc35_weizy_password: "example-password"
hkidc35_weizy2_password: "example-password"
hkidc35_weizy3_password: "example-password"

To avoid typing the password each time, create:

echo "your_password" > ~/.vault_pass.txt
chmod 600 ~/.vault_pass.txt

However, a proper solution is to save passwords in a yml file, then encrypt it with ansible-vault, you can use the encrpted passwords with --ask-vault-pass option in your commands. You may also need to use extra-vars to specify the vault file if necessary. --extra-vars "@group_vars/all/vault.yaml"

But the right way to do it is to save passwords in a yml file and then encrypt them using Ansible-Vault. You can then use the encrypted passwords in your commands by using the --ask-vault-pass option. If required, you might additionally need to provide the vault file using extra-vars. --extra-vars "@group_vars/all/vault.yaml" 

ansible-vault encrypt group_vars/all/vault.yaml

Inventory Structure & Configuration

Each inventory file (e.g. home.yaml, hkidc35.yaml) defines groups, hosts, SSH parameters, and Python interpreter paths.

Be sure to set the correct interpreter per environment:

# Example: home.yaml
all:
  vars:
    ansible_host: ngai.myddns.me
    ansible_connection: ssh
    ansible_python_interpreter: /usr/bin/python3

physical:
  hosts:
    pcn100:
      ansible_user: pc
      ansible_password: "{{ home_pcn100_password }}"
      ansible_port: 60000

virtual:
  hosts:
    vm_pcaiserver_serverk8s:
      ansible_user: weizy
      ansible_password: "{{ home_vm_password }}"
      ansible_port: 60000

CLI Commands You’ll Use All the Time

▶️ Test server groups:

ansible -i inventory/home.yaml physical -m ping --ask-vault-pass
ansible -i inventory/home.yaml all -m ping --ask-vault-pass

▶️ List all parsed hosts:

ansible-inventory -i inventory/hkidc35.yaml --list --ask-vault-pass

Writing Your First Playbook

Example: playbooks/helloworldplaybook.yaml

- name: My first playbook
  hosts: localhost
  connection: local
  gather_facts: false

  tasks:
    - name: Say hello
      ansible.builtin.ping:
        data: "Hello World"

Run it:

ansible-playbook -i inventory/localhost.ini playbooks/helloworldplaybook.yaml

Multi-Inventory: Ping All Hosts

Create playbooks/ping_all_servers.yaml:

- name: Ping all hosts in all inventories
  hosts: all
  gather_facts: false

  tasks:
    - name: Ping each host
      ansible.builtin.ping:

Run it across both inventories:

ansible-playbook \
  -i inventory/home.yaml \
  -i inventory/hkidc35.yaml \
  playbooks/ping_all_servers.yaml \
  --vault-password-file ~/.vault_pass.txt

Or script it with scripts/ping_all.sh:

#!/bin/bash
ansible-playbook \
  -i inventory/home.yaml \
  -i inventory/hkidc35.yaml \
  playbooks/ping_all_servers.yaml \
  --vault-password-file ~/.vault_pass.txt

Common Issues & Fixes

❌ Python interpreter not found?

Make sure to match each host’s actual Python path. Avoid hardcoding /usr/bin/python3.12 unless it’s guaranteed. /usr/bin/python3 is better.

❌ Vault variables undefined?

Ensure:

  • group_vars/all/vault.yaml exists
  • Variable names match those used in inventory/*.yaml
  • File is encrypted with ansible-vault

❌ Can’t parse inventory?

Make sure .yaml files do not require the plugin: key unless you’re using dynamic plugins. Static inventories like yours should work as-is.

Wrap-Up

With the right structure and secure credentials in place, you’re ready to scale your Ansible usage. From home servers to remote datacenters, Ansible gives you an elegant, repeatable workflow to automate everything.

Want to extend this? Try:

  • Adding GitHub Actions CI
  • Using roles for reuse
  • Integrating Pulumi for provisioning

Happy automating!

Leave a comment