// A dumbasses guide to configuration management at scale with Ansible -----------------

So, you've finally decided to step the fuck up and get a handle on those 500+ devices that are sitting on your network that the last guy didn't update for years, and there's a million different versions of "quick_fix_final_for_realsies_this_time.sh" sitting on each machine.

The great thing about Ansible is it lets you tame the beast, no longer are you SSHing into each machine to do the same mundane task, or pushing config updates to your machines by getting the PFY to CTRL+C CTRL+V into your aforementioned quick_fix_final_for_realsies_this_time.sh

Getting set up/detective work

I won't sit here and lie to you, this is the worst part, it took me about 6 months of near constant effort (learning from absolute nothing, with minimal support, except for the one other sysadmin who was amazing, love you Rob <3)

The first thing you want to do is establish what your machines have in common:

- Operating System, Windows (I'm so sorry), some rando Linaro build you got shouldered with (no I'm not salty, it's just not ok to be using EOL kernels in 2025)

- Software, this comes down to usage of the specific machines, in my case this was easy, as all of the machines I manage are embedded devices that (bar some) perform the same functions

- Configuration, this means hardware as well, for instance, do you use different Modems between different versions? Are the different CPU architectures? Are there differences in the way that the permissions on these units work? Do you even have access to that information(if not, start learning bud)

Setting up your Ansible environment

So, you've got a handle on what you're working with, now it's time to get your Ansible environment set up, this is the easy part, I promise.

First, you'll need to install Ansible, this is as simple as running:

sudo apt install ansible (debian/ubuntu)
sudo yum install ansible (centos/rhel)
sudo dnf install ansible (fedora)
sudo pacman -S ansible (arch)
Windows users, idk go download winRAR

Oh, and make sure you have python3 installed too

Inventorys, what are they, who am I, who are you?

Inventorys are the backbone of your Ansible setup, they're the list of machines you're going to be managing, and the groups they're in, this is where you can get as granular as you want, or as broad as you want.

I prefer to use YAML to structure out my inventory, at least at work, because I have a lot of different types of machines, as I'm sure you will too

If you think that's a bunch of nerd shit though, you can always do the next bit as just a line by line text file

Your inventory contains information about your hosts, for me this means their Tailscale domain names, but this can be IP addresses, for me it also contains the paths to each ones private keys, but equally this can be a password too (it's 2025 get with the times)

When you're specifying this information, try and group your hosts as best you can, because this will make managing them a lot easier.

Imagine I have 4 types of machine and they're all running some form of debian:

- Type one is connected to the internet via a cellular modem

- Type two is connected to the internet via an ethernet connection, but has the same CPU architecture as Type one

- Type three is connected to the internet via a cellular modem as well but has a different CPU architecture 😱

- Type four is connected to the internet via a different modem, and has a different architecture, the same as type three

So, I'd structure my inventory like this:

all:
  children:
    cellular:
      children:
        type_1_modem:
          hosts:
            type_one:
              ansible_host:
                        type_one.tailscale(or the machines IP)
              ansible_user: crabman
              ansible_ssh_private_key_file: /path/to/private/key
            type_three:
              ansible_host:
                        type_three.tailscale(or the machines IP)
              ansible_user: crabman
              ansible_ssh_private_key_file: /path/to/private/key
        type_2_modem:
          hosts:
            type_four:
              ansible_host:
                        type_four.tailscale(or the machines IP)
              ansible_user: crabman
              ansible_ssh_private_key_file: /path/to/private/key
    ethernet:
      hosts:
        type_two:
          ansible_host:
                        type_two.tailscale(or the machines IP)
          ansible_user: crabman
          ansible_ssh_private_key_file: /path/to/private/key

Now, you can see that I've grouped my machines by their connection type, and then by their CPU architecture, this is going to make it a lot easier to manage these machines, because I can now run commands on all machines that are connected via a modem, or all machines that have the same CPU architecture, or even all machines that are connected via a modem and have the same CPU architecture.

Actually doing stuff to machines (teehee)

Let's just start with a real simple test of one host

ansible MACHINE_IP -m ping

This is just going to check to see if the machine can actually accept your Ansible control node (oh yeah, they're called control nodes the servers that do stuff), and if you can run a very basic reply script

Posted: The year 2056, everyone was eaten by Grok AI after it realised it could weaponise the US postal system (infinite ants glitch)