27. Ansible Performance Tuning and Best Practices

In the previous article, we discussed the use of Ansible Tower and AWX, highlighting their importance in IT automation and operations. This article continues to delve into Ansible performance tuning and best practices—equipping users with practical strategies to leverage this powerful tool more efficiently in real-world scenarios.

Performance Tuning

1. Host Concurrency (forks)

By default, Ansible executes tasks across a maximum of 5 hosts concurrently when running a playbook. When managing large numbers of hosts, you can increase concurrency by adjusting the forks parameter. Add or modify the following setting in your ansible.cfg file:

[defaults]
forks = 20

Increasing the forks value allows Ansible to manage more hosts simultaneously. However, excessive concurrency may overload network resources or target hosts—so always tune this value according to your infrastructure’s capacity and requirements.

2. Using async and poll

For long-running tasks (e.g., deployments or database migrations), Ansible supports asynchronous execution via the async and poll parameters. This enables non-blocking parallelism—allowing subsequent tasks to proceed without waiting for the long-running task to finish. Example:

- name: Run a long task in the background
  command: /path/to/long_running_script.sh
  async: 600  # Timeout after 600 seconds
  poll: 0     # Do not wait; fire-and-forget

Setting poll: 0 tells Ansible to launch the task and immediately continue with the next task—ideal for truly backgrounded operations.

3. Minimizing Unnecessary Operations

Redundant checks (e.g., repeatedly verifying service status) can slow down playbook execution. Use conditional logic (when) to skip irrelevant tasks based on facts or environment context:

- name: Ensure the service is running
  service:
    name: httpd
    state: started
  when: ansible_service_mgr == "systemd"

This avoids unnecessary service management on systems using other init systems (e.g., SysV init).

4. Delegating Tasks with delegate_to

Offload certain tasks from the control node—or restrict them to specific hosts—using delegate_to. This reduces load on the Ansible control machine and ensures actions run only where needed:

- name: Copy files to the remote server
  copy:
    src: /local/path
    dest: /remote/path
  delegate_to: other_host

💡 Tip: delegate_to: localhost is commonly used for tasks that must run locally (e.g., generating certificates or fetching data from APIs).

5. Batch Processing with with_items (or loop)

When applying the same operation to many items, prefer batched execution over repeated individual tasks. Modern Ansible (v2.5+) recommends loop, but with_items remains widely supported and effective:

- name: Create multiple users
  user:
    name: "{{ item }}"
    state: present
  loop:
    - user1
    - user2
    - user3

Batching reduces overhead and improves overall playbook runtime.

Best Practices

1. Structured Playbook Design

Modularize playbooks using roles, import_role, and include_role. Break monolithic playbooks into reusable, self-contained roles—each with its own tasks/, handlers/, templates/, and vars/. This enhances readability, testability, and reusability across teams and environments.

2. Leverage Variables and Jinja2 Templates

Use variables to eliminate hard-coded values and improve maintainability. Combine them with the template module and Jinja2 for dynamic, environment-aware configuration generation:

- name: Deploy the application configuration file
  template:
    src: app.conf.j2
    dest: /etc/myapp/app.conf

Templates support conditionals, loops, filters, and variable interpolation—making them ideal for complex config files.

3. Version Control and Auditing

Store all playbooks, roles, inventory files, and related assets in a Git repository. Enforce code reviews, CI/CD pipelines, and automated testing (e.g., with molecule) before merging changes. Version history enables traceability, rollback capability, and collaborative governance.

4. Logging and Debugging

Enable detailed logging in ansible.cfg to aid troubleshooting and auditing:

[defaults]
log_path = /var/log/ansible.log

Run playbooks with increased verbosity (-vvv) to inspect connection details, module arguments, and execution flow:

ansible-playbook site.yml -vvv

Also consider enabling ANSIBLE_DEBUG=1 for deep internal diagnostics.

5. Continuous Optimization and Monitoring

Regularly review and refactor existing playbooks—removing deprecated modules, outdated logic, or redundant steps. Integrate Ansible with observability tools like Prometheus and Grafana to monitor job duration, success rates, host responsiveness, and resource usage—enabling proactive issue detection and performance baselining.

Summary

Applying performance tuning techniques and adopting proven best practices significantly boosts Ansible’s operational efficiency and reliability. From fine-tuning concurrency and minimizing redundant work, to structuring playbooks and integrating with modern DevOps toolchains—these strategies empower operators to automate confidently at scale.

In the next (and final) article, we’ll provide a comprehensive summary of Ansible—including its key strengths, limitations, and strategic recommendations—to help guide technology decisions and further enhance your automation maturity.