**Ansible** is an open source automation engine that handles configuration management, application deployment, and task orchestration across thousands of nodes using agentless SSH-based execution. It is the glue that ties a hyperscaler stack together — installing packages, templating config files, rolling out updates, and wiring services to each other. --- ### First Principle: Configuration that isn't codified will drift. Drift becomes incidents. Ansible playbooks declare the desired state of every system — which packages are installed, which services are running, which config files contain which values. Running the same playbook twice is safe (idempotent). This means you can re-run against an entire fleet after a security patch and know exactly what changed. --- ### Key Considerations - **Agentless**: Ansible connects over SSH (or WinRM for Windows) — no agent to install or maintain on managed nodes. - **Playbooks & Roles**: Playbooks are YAML files that describe sequences of tasks. Roles are reusable collections of tasks, variables, templates, and files. - **Idempotency**: Most Ansible modules are idempotent — running them when the desired state already exists is a no-op. - **Inventory**: Ansible operates against inventories — static files or dynamic inventory scripts that define which hosts belong to which groups. - **OpenStack Integration**: The `openstack.cloud` collection provides Ansible modules for every major [[OpenStack]] API — provisioning instances, networks, volumes, and security groups as code. - **vs [[Salt]]**: Ansible wins on simplicity and ubiquity. [[Salt]] wins on real-time event-driven operations and better performance at very large scale. --- ### How It Fits ``` [[OpenTofu]] provisions bare infrastructure → Ansible configures OS, services, and config files → [[ArgoCD]] keeps application state in sync with Git ``` [[OpenTofu]] | [[Salt]] | [[ArgoCD]] | [[OpenStack]] | [[Kubernetes]] | [[Open Source Hyperscaler MoC]]