Ansible + Real World App

Image for post
Image for post
“Colorful software or web code on a computer monitor” by Markus Spiske on Unsplash

What Is Ansible?

is an open source software that automates software provisioning, configuration management, and application deployment.

The Keys Features of Ansible


There is no software or agent to be installed on the client that communicates back to the server.


No matter how many times you call the operation, the result will be the same.

Simple and extensible

Ansible is written in Python and uses YAML for playbook language, both of which are considered relatively easy to learn.

Get Started

Installing and Running Ansible

# ubuntu 
sudo apt-get install ansible
brew install ansible

For other OS check this link

Ansible Architecture


small programs that do some work on the server, so for example instead of running this command

sudo apt-get install htop

we can use apt module and install htop

- name: Install htop
apt: name=htop

Using module give you the ability to know if it’s installed or not.


Plugins are pieces of code that augment Ansible’s core functionality. Ansible ships with a number of handy plugins, and you can easily write your own.

Host inventories

To provide a list of hosts, we need to provide an inventory list. This is in the form of a hosts file.

In its simplest form, our hosts file could contain a single line:  ansible_ssh_user=ubuntu


Ansible playbooks are a way to send commands to remote computers in a scripted way. Instead of using Ansible commands individually to remotely configure computers from the command line, you can configure entire complex environments by passing a script to one or more systems.


file contains set of variables for example db username and password.


Roles are a way to group multiple tasks together into one container to do the automation in very effective manner with clean directory structures


Handlers are lists of tasks, not really any different from regular tasks, that are referenced by a globally unique name, and are notified by notifiers. If nothing notifies a handler, it will not run. Regardless of how many tasks notify a handler, it will run only once, after all of the tasks complete in a particular play.


If you have a large playbook it may become useful to be able to run a specific part of the configuration without running the whole playbook.

Creating ubuntu Lightsail instance

Image for post
Image for post
Go to Lightsail Dashboard and click create Instance
Image for post
Image for post
Choose your favourite OS
Image for post
Image for post
Choose Add launch script which run once you created your instance , Don’t forget to get ssh-key

Installing Ansible prerequisites on our VPS

sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt-get update
sudo apt-get install -y python2.7 python3 python-pip
Image for post
Image for post
Add this sh commands to install Ansible requirements
Image for post
Image for post
Now you have your lighsail image up and running

Now we have our instance up and running lets start build our Ansible Project.

Adding instance ssh-key to git access keys

you have to add your server to your github ssh keys by login to your instance

Building our hosts and ansible.cfg



Define a Role in Ansible

so i am using Ping module to just verify my host is working then i am going to update all packages and install two modules git and htop

Define a Handler

Installing PHP Modules

so to trigger handler in ansible we have to use notify: Restart PHP-FPM, handlers names should be unique — i have defined php as a tag so for example if you wanna run only this task from your play book you can run only this task by running your command with — tags=”php” which will only execute this task

Installing Nginx

Adding Nginx default config file


it’s recommended approach to use ansible-vault to encrypt and decrypt your vars

How to use Ansible-vault

Create vault secret file which contains encryption key which encrypts your var

touch .vault_pass.txt
echo 'YOUR_CONFIG_PASS' > .vault_pass.txt

Encrypt your vars

ansible-vault encrypt group_vars/vars.yml --vault-password-file .vault_pass.txt

Decrypt your vars

ansible-vault decrypt group_vars/vars.yml --vault-password-file .vault_pass.txt

Creating MySql DB, UserName and Password

mysql_user and mysql_pass are defined inside vars.yml

Clone our code base

repo_git_url and app_work_dir are defined inside vars.yml

Generating .env

Ansible uses Jinja2 templating to enable dynamic expressions and access to variables, lets create Template env.conf file

Lets define role to move this template to our application dir

Creating PlayBook

as we see i defines aws as host for this playbook, and sudo yes give you the ability to execute command as sudo user, we have vars_files where we store our vars ,we have set of roles each role does specific task and finally we have handlers which contain all project handlers

Run Your Playbook

#ansible-playbook playbookName
ansible-playbook code-deploy.yml
# run with specific tags
ansible-playbook playbook.yml --tags="env-files,php"
#if you are using ansible-valut
ansible-playbook code-deploy.yml --vault-password-file .vault_pass.txt

The Complete Project structure

├── ansible.cfg
├── code-deploy.yml
├── files
│ └── dump.sql
├── group_vars
│ └── vars.yml
├── handlers
│ └── main.yml
├── hosts.ini
├── logs
│ └── ansible-log.log
├── roles
│ ├── bootstrap-app
│ │ └── tasks
│ │ └── main.yml
│ ├── code-deploy
│ │ ├── tasks
│ │ │ ├── config-files.yml
│ │ │ └── main.yml
│ │ └── templates
│ │ └── env.conf
│ ├── misc
│ │ └── tasks
│ │ └── main.yml
│ ├── mysql
│ │ └── tasks
│ │ ├── config.yml
│ │ └── main.yml
│ ├── nginx
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── nginx.conf
│ ├── php
│ │ └── tasks
│ │ └── main.yml
│ └── redis
│ └── tasks
│ └── main.yml
├── scripts
│ ├──
│ └──
└── site.yml

Github Repo which contains the Complete Source Code.

This website up and running using this code base.

Written by

Software Engineer @

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store