⏱️4 min read · 805 words
Ansible é a ferramenta líder de gerenciamento e automação de configuração em 2026, usada por 70% das equipes DevOps para provisionamento de servidores, implantação de aplicativos e automação de infraestrutura. Ao contrário do Puppet ou Chef, o Ansible não tem agente – ele usa SSH e YAML. Este guia cobre manuais, funções, inventário e padrões de produção.
📋 Table of Contents
Por que Ansible?
- Sem agente— nenhum software para instalar em nós gerenciados (usa SSH)
- Sintaxe YAML– legível por humanos, fácil de entender
- Idempotente— correr duas vezes é seguro; só muda o que precisa ser mudado
- Enorme biblioteca de módulos— Mais de 7.000 módulos para nuvem, rede, sistema operacional e aplicativos
- Funciona com nuvem— gerencie AWS, GCP, Azure junto com VMs
Instalação e configuração
# Install Ansible
pip install ansible
# Or via package manager
brew install ansible # macOS
sudo apt install ansible # Ubuntu/Debian
# Verify
ansible --version
# Generate SSH key for managed nodes
ssh-keygen -t ed25519 -C "ansible@myserver"
ssh-copy-id user@192.168.1.100Inventário
# inventory.ini — list of managed hosts
[webservers]
web1.example.com
web2.example.com
192.168.1.10
[databases]
db1.example.com ansible_user=postgres ansible_port=22
[all:vars]
ansible_python_interpreter=/usr/bin/python3
ansible_ssh_private_key_file=~/.ssh/ansible_key# inventory.yml — YAML format (preferred)
all:
vars:
ansible_user: ubuntu
ansible_ssh_private_key_file: ~/.ssh/ansible_key
children:
webservers:
hosts:
web1.example.com:
app_port: 8000
web2.example.com:
app_port: 8001
databases:
hosts:
db1.example.com:
postgres_version: "16"
monitoring:
hosts:
monitor.example.com:Seu primeiro manual
# site.yml — configure web servers
---
- name: Configure web servers
hosts: webservers
become: true # sudo
vars:
app_name: myapp
app_port: 8000
nginx_version: "1.24"
tasks:
- name: Update apt cache
apt:
update_cache: yes
cache_valid_time: 3600
- name: Install required packages
apt:
name:
- nginx
- python3-pip
- git
state: present
- name: Create app user
user:
name: "{{ app_name }}"
system: yes
shell: /bin/bash
- name: Deploy application code
git:
repo: https://github.com/mycompany/myapp.git
dest: /srv/{{ app_name }}
version: main
force: yes
notify: restart app
- name: Install Python dependencies
pip:
requirements: /srv/{{ app_name }}/requirements.txt
virtualenv: /srv/{{ app_name }}/venv
- name: Configure nginx
template:
src: nginx.conf.j2
dest: /etc/nginx/sites-available/{{ app_name }}
mode: '0644'
notify: reload nginx
- name: Enable nginx site
file:
src: /etc/nginx/sites-available/{{ app_name }}
dest: /etc/nginx/sites-enabled/{{ app_name }}
state: link
handlers:
- name: restart app
systemd:
name: "{{ app_name }}"
state: restarted
- name: reload nginx
systemd:
name: nginx
state: reloadedExecutando manuais
# Run playbook
ansible-playbook site.yml -i inventory.yml
# Run with verbose output
ansible-playbook site.yml -i inventory.yml -v
# Dry run (check mode)
ansible-playbook site.yml -i inventory.yml --check
# Run specific tags only
ansible-playbook site.yml -i inventory.yml --tags nginx
# Limit to specific hosts
ansible-playbook site.yml -i inventory.yml --limit web1.example.com
# Pass extra variables
ansible-playbook site.yml -i inventory.yml --extra-vars "app_version=1.2.3"
# Ad-hoc commands
ansible webservers -i inventory.yml -m ping
ansible all -i inventory.yml -m command -a "uptime"
ansible databases -i inventory.yml -m apt -a "name=postgresql state=latest" --becomeFunções — Configuração Reutilizável
# Create role structure
ansible-galaxy role init nginx
# roles/nginx/
# tasks/main.yml
# handlers/main.yml
# templates/
# files/
# vars/main.yml
# defaults/main.yml
# meta/main.yml# roles/nginx/tasks/main.yml
---
- name: Install nginx
apt:
name: nginx
state: present
notify: Start nginx
- name: Copy nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Reload nginx
# roles/nginx/defaults/main.yml
---
nginx_worker_processes: auto
nginx_worker_connections: 1024
nginx_keepalive_timeout: 65
# Use role in playbook:
# - name: Setup servers
# hosts: webservers
# roles:
# - nginx
# - myappAnsible Vault — Gerenciamento de segredos
# Encrypt a file
ansible-vault encrypt group_vars/production/vault.yml
# Decrypt to edit
ansible-vault edit group_vars/production/vault.yml
# Run playbook with vault
ansible-playbook site.yml --ask-vault-pass
ansible-playbook site.yml --vault-password-file ~/.vault_pass
# Encrypt a single variable
ansible-vault encrypt_string 'mysecretpassword' --name 'db_password'Ansible para AWS
# Provision EC2 instance
- name: Launch EC2 instance
amazon.aws.ec2_instance:
name: "web-{{ env }}"
image_id: ami-0c55b159cbfafe1f0
instance_type: t3.medium
security_groups: [web-sg]
vpc_subnet_id: "{{ subnet_id }}"
key_name: my-keypair
tags:
Environment: "{{ env }}"
Project: myapp
wait: yes
register: ec2
- name: Add to dynamic inventory
add_host:
hostname: "{{ ec2.instances[0].public_ip_address }}"
groups: just_createdO Ansible em 2026 continua sendo a ferramenta de automação mais prática para equipes que precisam de um gerenciamento de infraestrutura poderoso sem agentes complexos ou infraestrutura de servidor. Comece com manuais simples, extraia funções reutilizáveis, use o Vault para segredos e integre-o ao seu pipeline de CI/CD para implantações totalmente automatizadas.
🔗 Share this article
✍️ Leave a Comment