Ansible is easy to mislabel as an old sysadmin tool. That misses why it is still useful.
Most developers now touch infrastructure whether they planned to or not: cloud VMs, CI runners, Docker hosts, reverse proxies, SSH access, secrets, local dev environments, staging boxes, and internal tools. The line between application work and operations keeps getting thinner.
Ansible gives developers a practical way to turn repeated setup into versioned, readable automation without jumping straight into a heavyweight platform stack. If you can read YAML, connect over SSH, and think in steps, you can automate something useful quickly.
Why Ansible still belongs in a developer toolkit
The official Ansible getting started documentation describes three core pieces: a control node where you run Ansible, an inventory that lists managed nodes, and the managed nodes Ansible controls.
That model is approachable. You do not need to install an agent on every Linux server before anything works. You can start from a laptop or control host, define an inventory, connect over SSH, and run a playbook.
For developers, the value is not abstract “DevOps.” It is removing manual work that keeps coming back. New server setup. Package installation. User creation. SSH keys. Firewall rules. Docker host preparation. Nginx configuration. Internal tool deployment. Patch routines. The first useful playbook is usually something you already did by hand twice.
What playbooks give you that shell scripts do not
Shell scripts are still useful. The problem is that they often become a pile of commands with hidden assumptions. Ansible playbooks make the desired state easier to read and review.
The official playbook guide describes playbooks as YAML automation blueprints made of plays, tasks, and modules. In practice, that means your automation says what should be true, not just which commands should run.
- name: Prepare app servers
hosts: app_servers
become: true
tasks:
- name: Install Docker
ansible.builtin.apt:
name: docker.io
state: present
update_cache: true
- name: Ensure Docker is running
ansible.builtin.service:
name: docker
state: started
enabled: trueThat is readable and safe to rerun. If Docker is already installed and enabled, Ansible reports the current state instead of blindly repeating the work. That idea, called idempotence, is one of the reasons Ansible remains useful in real environments.
What to automate first
Do not start by trying to build the perfect automation repository. Pick one system and make it repeatable.
- Bootstrap a fresh Ubuntu or Debian VPS.
- Install standard packages, Docker, UFW, fail2ban, Tailscale, or Nginx.
- Create a non-root deployment user and add SSH keys.
- Set baseline firewall rules.
- Deploy a simple internal service.
- Apply common updates across a small group of servers.
That first project teaches the concepts that matter: inventories, host groups, variables, modules, handlers, templates, facts, and rerunnable playbooks.
The weekend learning path
Saturday: install Ansible, create a small project folder, build an inventory with one test host, confirm SSH access, and run a few ad hoc commands. Keep the target disposable so you are not afraid to break it.
Sunday: write one real playbook. Use variables for usernames and package lists. Add a handler that restarts a service only when configuration changes. Use a Jinja2 template for one config file. Run the playbook, change the server manually, and rerun it to see what Ansible fixes.
Before you put anything sensitive in a repository, read the Ansible Vault documentation. Vault protects encrypted data at rest, but you still need discipline around logs, terminal output, and who can decrypt secrets.
Where Ansible fits with Terraform, Docker, and CI/CD
Tool confusion is common because infrastructure tools overlap. The clean mental model is this:
- Terraform or OpenTofu provisions cloud resources.
- Ansible configures systems and orchestrates changes after resources exist.
- Docker packages and runs application workloads.
- CI/CD triggers repeatable workflows from version control.
Ansible can provision some infrastructure, and Terraform can handle some configuration. That does not make the tools interchangeable. In many small teams, the useful handoff is simple: Terraform creates the VM, Ansible prepares the machine, Docker runs the app, and CI/CD ties the workflow together.
Beginner mistakes to avoid
- Do not use
shellfor everything. Prefer Ansible modules when a module exists. - Do not leave inventories unnamed and messy. Group hosts by role and environment early.
- Do not commit plaintext secrets. Use Vault or a real secret manager.
- Do not make manual server changes without moving them back into automation.
- Do not automate production first. Practice on disposable systems.
The goal is not to become an Ansible specialist in two days. The goal is to understand enough to stop doing fragile setup work by hand.
Bottom line
Ansible is still one of the fastest ways for developers to make infrastructure work repeatable. It is simple enough to learn over a weekend, useful enough to apply on Monday, and readable enough for mixed teams to review.
Pick one fresh VM. Write one inventory. Build one playbook. Rerun it until the result is boring. That is when automation starts paying you back.
Sources and further reading
Find more practical writing from the RodyTech archive.
RodyTech publishes practical writing on AI systems, infrastructure, and software that teams can actually ship. Use the archive paths below to keep reading by topic or browse the full library.
- Browse the full archive by publication date and topic
- Hands-on notes from real builds, deployments, and ops work
- Category paths for AI, infrastructure, developer tools, and security
No comments yet