Ansible is an automation tool that is relatively painless to get up to speed with, and it works well with MacStadium’s Orka, a cloud-native, Kubernetes-driven orchestration layer for Mac. Today, we’ll cover the basics of installing Ansible, connecting to your target servers, and getting your first Playbooks running.

Installing Ansible

Ansible is written in Python, so the simplest way to install it is with pip, the package manager for Python. The preferred means of installing Ansible on Mac is to simply run:

$ pip install ansible

Probably the single best part of Ansible is the fact that it only needs to be installed on your workstation or dedicated Ansible server, as opposed to needing to be installed on target servers as well.

Overview of Ansible

Controlling Server – The server or workstation on which you will run Ansible commands.

Target Server(s) – The server(s) that will be configured by the controlling Ansible server.

SSH – Ansible uses SSH to communicate with the target servers from your dedicated Ansible server or your workstation. You will need to enable SSH on all targeted servers. On Mac, this means enabling remote login. You can do this from the command line, like so:

$ sudo systemsetup -setremotelogin on

Inventory – Ansible looks for an inventory file, a simple text file that lists all of the IP addresses of the target servers so that it can apply your desired changes. This file will be more complex in production, but this will work for our testing today.

# inventory



Playbook – Ansible commands can be run ad-hoc directly from the command line, but the real power of Ansible lies in its ability to execute complex jobs that are defined in a YAML file. We’ll cover the basics of a Playbook below.

But first, let’s make the connections that Ansible will require to work.

Setting up SSH

In order for Ansible to do its magic, it needs to make SSH connections from the controlling server to each of the target servers. To do this, we can generate SSH keys on the controlling server (which can very reasonably be your laptop). We can then copy the public key to each of our target servers, and we’ll be in business.

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jeffdvincent/.ssh/id_rsa): ansible
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ansible.
Your public key has been saved in
The key fingerprint is:
SHA256:gDvNzDP8so43IylFbfOonOF8rB3my+2iZmhf5hGG7NA jeffdvincent@penguin
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|     .           |
|    ...          |
|   o.O+.         |
|  ..E.@+S        |
|   ooo.=.        |
|   *.*B .        |
|  + @XB*         |
| . ==BO*o        |

Notice that we named our key ansible. This isn’t at all required, but we’ll be using this key exclusively for this purpose, and explicit naming makes things easier later.

Next, we’ll need to copy our key to each of our target servers, like so:

$ ssh-copy-id -i ~/.ssh/ <user>@<target_iaddress> -p <port></port></target_iaddress></user>

You’ll have to enter your password for each server you want to add the key to.

Running an Ad Hoc Ansible Command

We won’t be doing too much of this, but to check our connections and such, let’s use the Ansible module ping.

$ ansible all --key-file ~/.ssh/ansible -i inventory -m ping

Overview of Ansible Playbooks

Ansible Playbooks are written in YAML and consist of a series of named stages or “plays.” In the simple Playbook below, we begin by identifying which hosts from the inventory file that we want to run the following commands against.

Then, we have a single named play “Install mobile device package,” in which we use the generic installer to install MobileDevice.pkg. We set become to true, because we want the Ansible user to “become” the root user of the target servers.

# sample_playbook.yml

- hosts: all
 become: true

 - name: Install mobile device package
   command: >
     installer -pkg <xcode_packages_location>/MobileDevice.pkg -target /</xcode_packages_location>
   become: true

Running an Ansible Playbook

Finally, to run our Playbook against all of our target servers (as defined in line 4 above), we can run:

$ ansible-playbook --key-file ~/.ssh/ansible sample_playbook.yml

And, if things went to plan, we should see some output telling us that one change was made on each of the target servers described in our inventory.

Next Steps

  • Check out Ansible’s excellent documentation to dive deeper into this automation powerhouse.
  • Check out MacStadium’s docs for a detailed explanation of how to set up Ansible and use the Playbooks we provide.


Ansible is a user-friendly, Mac-compatible option for configuration automation. It only needs to be installed on a single, controlling server, which can control any number of target servers. Ansible communicates via SSH, which needs to be enabled on each of the target servers.

Share this article


Orka, Orka Workspace and Orka Pulse are trademarks of MacStadium, Inc. Apple, Mac, Mac mini, Mac Pro, Mac Studio, and macOS are trademarks of Apple Inc. The names and logos of third-party products and companies shown on the website are the property of their respective owners and may also be trademarked.

©2023 MacStadium, Inc. is a U.S. corporation headquartered at 3525 Piedmont Road, NE, Building 7, Suite 700, Atlanta, GA 30305. MacStadium, Ltd. is registered in Ireland, company no. 562354.