Ansible Lesson 2 – Why Configuration Management Matters | Dataplexa

Ansible Course

I. Ansible Fundamentals

1. What is Ansible 2. Why Configuration Management Matters 3. Ansible Architecture 4. Control Node and Managed Nodes 5. Installation and Setup 6. Ansible Configuration Files 7. Inventory Files Explained 8. Ansible Ad-hoc Commands 9. Ansible Modules Overview 10. Beginner Best Practices

II. Playbooks & Core Concepts

11. YAML Basics for Ansible 12. Playbooks Introduction 13. Writing Your First Playbook 14. Tasks, Handlers and Variables 15. Facts and Gathering Facts 16. Conditionals and Loops 17. Templates with Jinja2 18. File and Package Management 19. Service Management 20. User and Permission Management 21. Error Handling 22. Tags and Selective Execution 23. Roles Introduction 24. Creating and Using Roles 25. Playbook Best Practices

III. Security, Roles & Automation

26. Ansible Galaxy 27. Role Directory Structure 28. Ansible Vault 29. Managing Secrets Securely 30. Application Deployment 31. Server Hardening 32. Ansible with Docker 33. Ansible with Kubernetes 34. Troubleshooting 35. Performance Optimization

IV. Advanced Ansible & Real-World

36. Ansible at Scale 37. Ansible in CI/CD Pipelines 38. Ansible with Jenkins 39. Ansible Anti-Patterns 40. Mini Project

Section I · Lesson 2

Why Configuration Management Matters

In this lesson

Configuration drift Snowflake servers Desired state Infrastructure as Code CM tools compared

Configuration management is the practice of defining the desired state of your infrastructure in code and using tools to enforce that state consistently across every server you manage. It exists because systems left to themselves drift — engineers make one-off changes, packages get updated manually, files get edited by hand — and over time no two servers look alike, even when they are supposed to be identical. Configuration management tools like Ansible exist to reverse that drift, prevent it from recurring, and give every change a traceable, reviewable history.

The Drift Problem

Configuration drift happens gradually and invisibly. A developer SSHs into a production server to debug an issue and edits a config file without telling anyone. An automated process installs a dependency that was never in the original specification. A security patch updates a library on half the fleet but not the other half because a server was offline during the maintenance window.

Each individual change seems harmless. Over weeks and months, the cumulative effect is a fleet of servers that are all slightly different from one another — and from any documented specification. When something breaks, nobody can be certain which server's configuration caused the failure, or when the divergence happened.

Hours

spent debugging incidents caused by untracked manual changes to production servers

Unknown

state of servers managed entirely by hand — you can never be sure what is actually running

Minutes

to enforce a correct configuration across an entire fleet when using a CM tool like Ansible

Git

becomes the source of truth — every infrastructure change is reviewed, versioned, and auditable

The Fleet of Cars Analogy

Imagine a taxi company with 200 identical cars. Each driver makes small adjustments over time — one tweaks the mirror angle, another replaces a part with a cheaper alternative, a third disables a warning light. After a year, no two cars are truly identical, and the mechanics have no idea what "standard" looks like anymore. Configuration management is the service manual that says exactly what every car should look like — and the inspection process that catches deviations before they cause accidents.

Snowflake Servers

A snowflake server is one that has been configured so manually and so inconsistently over time that it has become unique — like a snowflake. Reproducing it exactly is impossible because nobody documented every change made to it. Snowflake servers are the direct consequence of managing infrastructure without a configuration management tool. The industry distinguishes between two approaches to handling servers:

Avoid this

Pets 🐾

Servers that are hand-crafted, individually named, and nursed back to health when they break. Every one is precious and irreplaceable. Losing one is a crisis. Common in teams that manage infrastructure manually.

Aim for this

Cattle 🐄

Servers that are identical, numbered, and disposable. When one fails, you replace it — not fix it. Configuration management tools make this possible by rebuilding any server from code in minutes.

The Desired State Model

The central idea behind configuration management is desired state: you declare what your infrastructure should look like, and the CM tool continuously works to make reality match that declaration. This is fundamentally different from writing scripts that perform actions — instead you describe an outcome and let the tool decide how to achieve it.

Step 1

Define desired state in code

Write a playbook or role that describes exactly what every server should look like — packages installed, files present, services running, users configured. Commit it to version control.

Step 2

Run the tool against your fleet

Ansible connects to every managed node and compares current state against desired state. Servers that already match report ok. Servers that have drifted get corrected automatically.

Step 3

Review the change report

Every run produces a play recap showing which hosts changed, which were already correct, and any failures. This is your audit trail — proof of what the infrastructure looked like at any point in time.

Step 4

Repeat on a schedule or trigger

Run the playbook on a schedule or as part of a CI/CD pipeline. Drift that crept in since the last run is corrected automatically — no human intervention required. This is the self-healing infrastructure model.

Infrastructure as Code

Infrastructure as Code (IaC) is the broader practice of managing and provisioning infrastructure through machine-readable definition files rather than manual processes or interactive configuration tools. Configuration management is the subset of IaC concerned specifically with keeping running systems in a defined state.

When your infrastructure is expressed as code it inherits all the benefits of software engineering: version history, peer review via pull requests, automated testing, rollback to any previous state, and the ability to reproduce any environment exactly from scratch. Ansible playbooks stored in a Git repository are a direct application of this principle.

What IaC gives you

Version history Every change to your infrastructure is a Git commit. You can see exactly what changed, who changed it, and when — and revert any change instantly.

Peer review Infrastructure changes go through pull requests. A second engineer reviews every change before it reaches production — the same process used for application code.

Reproducibility Any environment — development, staging, production — can be rebuilt from scratch in minutes using the same code. No more "it works on my server."

Auditability Compliance and security audits become straightforward — the Git log is a complete record of every change ever made to your infrastructure, with timestamps and authors.

Consistency The same playbook that configures one server configures a thousand. Human error and variation are removed from the process entirely.

Configuration Management Tools

Ansible is not the only configuration management tool — Chef, Puppet, and SaltStack are the other widely-used options. Each takes a different architectural approach. The most important distinction is the push model vs the pull model.

Push model (Ansible)

The control node pushes configuration out to managed nodes on demand

No agent required on managed nodes

Changes apply immediately when the playbook runs

Simpler to get started — SSH is the only requirement

Pull model (Puppet, Chef)

Managed nodes pull their configuration from a central server on a schedule

Requires an agent to be installed and running on every node

Nodes self-correct continuously — even without a human triggering a run

More complex initial setup; better for very large, always-on fleets

Neither model is universally superior. Ansible's push model wins on simplicity and speed of adoption — there is nothing to install, and you can start automating existing servers immediately. The pull model wins on continuous compliance in very large environments where you want nodes to self-correct without human intervention. For most teams starting out, Ansible's approach is the right choice.

Configuration Management Is Not a Backup Strategy

A common misconception is that being able to rebuild a server from a playbook means you don't need backups. This is wrong. Ansible recreates configuration — the state of your software, packages, and settings. It does not restore data — your databases, user uploads, and application state still require a dedicated backup and recovery strategy. Never confuse the two.

Key Takeaways

✓

Configuration drift is inevitable without a CM tool — manual changes accumulate silently until servers that should be identical diverge in ways nobody can fully track or explain.

✓

Snowflake servers are a liability — unique, hand-crafted servers that cannot be reproduced slow down incident response and make scaling painful and risky.

✓

Desired state is the key mental model — you declare what your infrastructure should look like and the CM tool enforces it, correcting any deviation it finds on each run.

✓

Infrastructure as Code brings software engineering discipline — version control, peer review, and reproducibility apply to infrastructure the same way they apply to application code.

✓

Ansible uses a push model — it requires no agent on managed nodes and applies changes immediately when a playbook runs, making it the fastest CM tool to adopt on existing infrastructure.

Teacher's Note

If you have ever fixed a production incident by SSHing directly into a server and editing a file by hand — that was drift in the making. The discipline of configuration management is simply making sure you never have to do that again.

Practice Questions

1. What term describes the gradual divergence of a server's actual state from its intended, documented state?

2. What two-word term describes a server that has been so heavily customised by hand that it cannot be reproduced?

3. Ansible uses a push or pull model? Give a single word.

Quiz

1. Puppet and Chef use a pull model. What does this mean?

The control node SSH-es into each managed node and applies configuration directly Managed nodes check in with a central server and apply their own configuration Configuration is pulled from a Git repository and applied via cron job Operators pull configuration reports from managed nodes for review

2. A colleague says: "We use Ansible, so we don't need backups — we can just rebuild any server." What is wrong with this reasoning?

Ansible playbooks cannot be used to rebuild servers from scratch It can rebuild configuration but does not restore data such as database contents Ansible requires backups to function correctly during a playbook run The reasoning is correct — Ansible makes traditional backups unnecessary

3. Configuration management enables the "cattle not pets" model of server management. What does this model mean in practice?

Servers are given friendly names and monitored individually with custom dashboards Servers are treated as disposable and identical, rebuilt from code when they fail Each server is assigned to a specific engineer who is responsible for its health Servers are grouped into herds and managed with a single shared SSH key

Up Next · Lesson 3

Ansible Architecture

See how Ansible's components — control node, inventory, modules, and playbooks — fit together into a coherent system.

← Previous Course Index Next →