Sr Technical Writer and Team Lead Ansible is an open-source automation tool that lets you manage and configure servers from a single control node without installing agent software on the machines you manage. Unlike tools such as Chef or Puppet, Ansible connects over SSH and uses human-readable YAML files to define automation tasks. This agentless approach makes it one of the most widely adopted configuration management tools in production Linux environments. In this tutorial, you will install and configure Ansible on an Ubuntu server, set up an inventory of managed hosts, verify connectivity, run ad-hoc commands, and write your first playbook. You will also learn about the different installation methods available, including the Ansible PPA, the default Ubuntu repository, and pipx, so you can choose the approach that fits your environment. For a broader overview of how Ansible fits into configuration management workflows, see An Introduction to Configuration Management with Ansible. Note: This tutorial has been tested and verified on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. The commands and steps apply to both versions. Where differences exist, they are noted inline. To follow this tutorial, you will need: One Ansible control node: The Ansible control node is the machine you will use to connect to and control the Ansible hosts over SSH. Your Ansible control node can be your local machine or a dedicated server running Ansible. This guide assumes your control node is an Ubuntu 22.04 or 24.04 system. Make sure the control node has: One or more Ansible hosts (managed nodes): An Ansible host is any machine that your Ansible control node is configured to automate. This guide assumes your Ansible hosts are remote Ubuntu servers. Make sure each Ansible host has: Before installing Ansible, it helps to understand the three main installation methods available on Ubuntu. Each method has tradeoffs in terms of version freshness, ease of maintenance, and isolation. For production use, install Ansible from the official Ansible PPA. This gives you the latest stable release with regular updates through apt upgrade. The PPA is maintained by the Ansible project and supports Ubuntu 22.04 and 24.04. For development or testing, pipx installs Ansible in an isolated Python virtual environment. This avoids conflicts with system-level Python packages and lets you run multiple Ansible versions side by side. The official Ansible documentation now includes pipx as a supported installation method, partly in response to Python PEP 668 restrictions on system-wide pip installs in newer Ubuntu releases. The Ansible PPA provides the most recent stable release of the Ansible community package. This is the recommended method for most users. First, install the software-properties-common package if it is not already present. This package provides the apt-add-repository command: Next, add the official Ansible PPA to your system’s list of sources: Press ENTER when prompted to accept the PPA addition. Refresh your system’s package index so that it includes the packages available in the newly added PPA, then install Ansible: Confirm the installation by checking the Ansible version: You will see output similar to the following: The exact version numbers will depend on when you install the package. The important detail is that the output confirms Ansible is installed and shows the Python version it is using. If you prefer a simpler setup and do not need the latest version, you can install Ansible directly from the default Ubuntu repository without adding any PPAs. The version available through the default repository depends on your Ubuntu release. Ubuntu 22.04 ships with Ansible 2.10.x in its repos, while Ubuntu 24.04 includes a newer version. This approach requires fewer steps but may lag behind the latest features and bug fixes in the Ansible project. To check which version is available before installing: If you need a more current version, use the PPA method from Step 1 or the pipx method from Step 3. The pipx tool installs Python applications in isolated virtual environments. This keeps Ansible and its dependencies separate from your system Python packages. On Ubuntu 22.04 and 24.04, install pipx with: After installing, make sure ~/.local/bin is on your PATH. Run: Close and reopen your terminal, or run source ~/.bashrc (or source ~/.zshrc if you use Zsh) for the PATH change to take effect. Install the full Ansible community package with: The --include-deps flag is required because the ansible package depends on ansible-core and other supporting libraries. To install only the minimal ansible-core package instead: Verify the installation: Use pipx when you need to: The inventory file tells Ansible which hosts it should manage. You can include one to hundreds of servers, organized into groups and subgroups. The inventory file is also used to set variables that apply to specific hosts or groups, such as the Python interpreter path or SSH connection parameters. Ansible creates a default inventory file at /etc/ansible/hosts when installed through the PPA or apt. Open this file to edit it: Note: You can create inventory files in any location. To use a custom inventory file, pass the -i parameter when running Ansible commands. For example: ansible all -m ping -i /path/to/inventory. Using per-project inventory files is a good practice to minimize the risk of running a playbook on the wrong group of servers. The following example defines a group named [servers] with three hosts, each identified by a custom alias. Replace the highlighted IP addresses with the actual IP addresses of your managed nodes: The [all:vars] section sets the ansible_python_interpreter variable for every host in the inventory. This tells Ansible to use /usr/bin/python3 on the remote servers. Python 3 is the default on Ubuntu 22.04 and 24.04, but setting this variable explicitly prevents warnings about Python interpreter discovery. When you are finished, save and close the file by pressing CTRL+X, then Y, and ENTER to confirm your changes. To verify that Ansible can parse your inventory file correctly, run: You will see output similar to this: If the output reflects the hosts and variables you configured, your inventory is set up correctly. Ansible uses SSH to communicate with managed nodes. Before running any Ansible commands, make sure your control node can reach each managed node over SSH without a password prompt. If you do not already have an SSH key pair on your control node, generate one with: Press ENTER to accept the default file location (~/.ssh/id_ed25519). You can optionally set a passphrase or press ENTER to skip it. Use ssh-copy-id to copy your public key to each managed node. Replace root with your remote username and 203.0.113.111 with the managed node’s IP address: Repeat this command for each managed node listed in your inventory. Before running Ansible, verify that you can SSH into each managed node without being prompted for a password: If you connect successfully, type exit to return to your control node. If you see a password prompt or an error, review your SSH key configuration before proceeding. After configuring your inventory and SSH keys, verify that Ansible can communicate with all your managed nodes. From your control node, run: This command uses Ansible’s built-in ping module to test connectivity to every host in your inventory. The -u root flag specifies the remote user. If your hosts have a regular sudo user, replace root with that username. The ping module tests whether: A successful response looks like this: A "pong" reply from a host confirms that Ansible can authenticate and execute modules on that server. If this is the first time connecting to these servers via SSH, you will be asked to confirm the host key fingerprint. Type yes and press ENTER for each host. If a host returns UNREACHABLE, check that: For additional connection troubleshooting options, see the Ansible Cheat Sheet Guide. Ad-hoc commands let you run a single task on one or more managed nodes without writing a playbook. They are useful for quick, one-off operations like checking disk space, restarting a service, or installing a package. The general syntax of an ad-hoc Ansible command is: To check disk usage on all servers in your inventory: When you do not specify a module with -m, Ansible defaults to the command module, which runs the given shell command on each host. To check the uptime of every host in the servers group: To install a package using the apt module: You can target individual hosts or multiple hosts separated by colons: For more examples and patterns, see How to Manage Multiple Servers with Ansible Ad Hoc Commands. Playbooks are YAML files that define a set of tasks to execute on your managed nodes. While ad-hoc commands work for quick tasks, playbooks let you define repeatable, version-controlled automation workflows. A playbook consists of one or more plays. Each play specifies: Create a new directory for your playbooks, then create a playbook file: Add the following content: This playbook connects to all hosts in your inventory, runs commands with sudo (become: true), updates the apt cache, upgrades all packages, and removes unused dependencies. Run the playbook with the ansible-playbook command: If you are using a non-root user with sudo privileges, add --ask-become-pass to be prompted for the sudo password: The output shows the status of each task: For more on writing playbooks, see the How to Write Ansible Playbooks series. If you installed Ansible via the PPA or default repository, upgrade it alongside your other system packages: If you installed Ansible via pipx, upgrade with: After upgrading, verify the new version: To remove Ansible installed via apt: To remove Ansible installed via pipx: If you see an error like Host key verification failed, the SSH fingerprint of the managed node has changed or has not been accepted yet. You can resolve this by connecting to the host manually with SSH to accept the fingerprint: Type yes when prompted to add the host to your known hosts file. To skip host key checking for all Ansible connections (not recommended in production), add this to your ansible.cfg or set the environment variable: If Ansible reports MODULE FAILURE with a message about the Python interpreter, the managed node may not have Python 3 installed. Install it with: Also make sure the ansible_python_interpreter variable in your inventory is set to /usr/bin/python3. A Permission denied (publickey) error typically means your SSH key has not been copied to the managed node. Run ssh-copy-id again: If you are connecting as a non-root user, make sure that user exists on the managed node and has your public key in their ~/.ssh/authorized_keys file. If ansible all -m ping returns UNREACHABLE for a host, verify: The default Ubuntu apt repository ships the Ansible version that was current when the Ubuntu release was packaged. This version does not get major updates, only security patches. The official Ansible PPA (ppa:ansible/ansible) provides the latest stable release from the Ansible project, giving you access to newer modules, bug fixes, and performance improvements. For most production setups, the PPA method is the better choice. No. Ansible follows an agentless architecture. You only install Ansible on the control node. Managed nodes need Python 3 (which ships by default on Ubuntu 22.04 and 24.04) and an SSH server running. Ansible pushes modules to managed nodes over SSH, executes them, and then removes them. Yes. Using pipx install --include-deps ansible installs Ansible in a user-level virtual environment without requiring sudo. This approach is well-suited for development environments or situations where you do not have administrative access to the system. Run ansible --version in your terminal. The output displays the installed Ansible version, the Python version it is using, the configuration file path, and the module search paths. If the command is not found, Ansible is either not installed or not on your system’s PATH. Yes. Ansible is cross-version compatible for standard modules. A control node running Ubuntu 22.04 can manage nodes running Ubuntu 24.04, and vice versa, as long as Python 3 and SSH are available on the managed nodes. Ansible communicates over SSH and does not depend on the managed node’s OS version matching the control node. In this tutorial, you installed Ansible on Ubuntu using the PPA method, configured an inventory file with managed hosts, set up SSH key-based authentication, tested connectivity with the ping module, ran ad-hoc commands, and created your first playbook. You also learned about alternative installation methods using pipx and the default Ubuntu repository, and reviewed common troubleshooting steps for SSH and connectivity issues. Ansible provides a foundation for automating server provisioning, application deployment, and ongoing configuration management across your infrastructure. With the control node configured and your inventory in place, you can start building more complex playbooks to automate routine tasks across all your servers. To continue building on what you have learned, explore these resources: If you are looking to provision and manage Ubuntu servers at scale, DigitalOcean Droplets provide a fast way to deploy cloud servers that you can configure and automate with Ansible. You can also use the DigitalOcean API together with Ansible’s community.digitalocean collection to create and manage Droplets, firewalls, load balancers, and other infrastructure resources directly from your playbooks. Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases. Learn more about our products I help Businesses scale with AI x SEO x (authentic) Content that revives traffic and keeps leads flowing | 3,000,000+ Average monthly readers on Medium | Sr Technical Writer(Team Lead) @ DigitalOcean | Ex-Cloud Consultant @ AMEX | Ex-Site Reliability Engineer(DevOps)@Nutanix This textbox defaults to using Markdown to format your answer. You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link! Great Code snippets. Someone just told me today that Ansible is used within a large telecommunication corporation to regularly upgrade few thousand of switches, it’s very interesting. Thanks for sharing! This comment has been deleted Please complete your information! Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation. Full documentation for every DigitalOcean product. The Wave has everything you need to know about building a business, from raising funding to marketing your product. Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter. New accounts only. By submitting your email you agree to our Privacy Policy Scale up as you grow — whether you're running one virtual machine or ten thousand. Sign up and get $200 in credit for your first 60 days with DigitalOcean.* *This promotional offer applies to new accounts only.