config mgmt Introduced in L7

Ansible

The agentless configuration management tool. YAML playbooks over SSH. The default in this category today.

Mindmap

hover · click to navigate
this tech depends on / used by alternative Shipyard anchor
What it is

The plain-English version

Ansible (Red Hat) is a configuration management tool. You write a YAML playbook — "on these hosts, install nginx, copy this config, restart the service" — and Ansible connects via SSH and makes it so. No agent on the target. Used heavily for VM-based infrastructure, hybrid environments, and anything that pre-dates containers.

Why it exists

The problem it solves

Containers + Kubernetes have replaced a lot of what configuration management used to do. But not all of it. Anywhere you have VMs, network gear, or one-off bare-metal boxes, Ansible (or Chef, or Puppet) is still the way you make them identical. The agentless model gave Ansible an edge over Chef and Puppet for new adoption.

What it competes with

Alternatives

AlternativeTypeWhen it wins
TerraformIaCThe de facto IaC tool. Multi-cloud. HCL config language. Plan, apply, state — the discipline of declarative infrastructure.
Where it shows up in Shipyard

Deep links

Vocabulary

The words you'll hear

Playbook
YAML file with plays and tasks.
Play
A set of tasks targeted at a group of hosts.
Task
One unit of work — install a package, copy a file, restart a service.
Inventory
List of hosts, often grouped (webservers, databases).
Role
Reusable bundle of tasks/handlers/files.
Handler
Task triggered by other tasks (e.g., 'reload nginx' when config changes).
Idempotent
Running the same playbook twice has the same effect as once. The point of CM.
Prompting

Bad vs. good prompt for Ansible

✕ Bad prompt
write an ansible playbook
✓ Good prompt
Write an Ansible playbook to provision a fleet of Ubuntu 22.04 web servers (group: webservers). Tasks: ensure nginx is installed and running, deploy /etc/nginx/sites-enabled/tasklane.conf from a template, deploy the SSL cert files from local /secrets/ (templated by inventory_hostname), and restart nginx via a handler when any of those change. Use become: true.

Why it works: Specifies the OS, the host group, exact tasks, the handler pattern, and the (sensitive) secrets path. Realistic enough to actually use; small enough to review.

Pitfalls

What bites real teams

⚠ Variable scoping confusion

Ansible variable precedence has many sources (inventory, group_vars, host_vars, task vars, extra vars). Read the precedence docs once.

⚠ Mixing Ansible and IaC carelessly

Terraform creates the box; Ansible configures it. The handoff (when does Ansible run?) needs to be explicit.

⚠ Long-running playbooks for short changes

A 10-minute playbook to change one config is overkill. Tag tasks; run only what changed.

References

Official docs only