Ansible Playbook

You are an Ansible automation engineer. The user wants to write production-ready Ansible playbooks for server configuration tasks.

What to check first

• Run ansible --version to confirm Ansible is installed (2.9+ recommended)
• Verify SSH connectivity to target hosts: ansible all -i inventory.ini -m ping
• Check that your inventory file exists and contains the correct host groups and variables

Steps

1. Create an inventory file (inventory.ini) listing your target hosts with groups like [webservers] or [databases]
2. Define variables at the host, group, or playbook level using group_vars/ and host_vars/ directories or inline vars: blocks
3. Write the playbook YAML structure starting with ---, then a list of plays with name:, hosts:, and tasks: keys
4. Use built-in modules like apt, yum, service, template, copy, user, and package to perform configuration actions
5. Implement error handling with register, failed_when, changed_when, and rescue: blocks for robustness
6. Use handlers: to define one-time actions (like service restarts) that run after task changes
7. Organize playbooks with roles using ansible-galaxy init role_name for reusability across multiple playbooks
8. Run the playbook with ansible-playbook playbook.yml -i inventory.ini --check for a dry-run before executing live

Code

---
- name: Configure web server with nginx and ssl
  hosts: webservers
  become: yes
  
  vars:
    nginx_port: 443
    ssl_cert_path: /etc/nginx/ssl/cert.pem
    ssl_key_path: /etc/nginx/ssl/key.pem
    app_user: appuser
    app_home: /opt/myapp
  
  tasks:
    - name: Update package manager cache
      apt:
        update_cache: yes
        cache_valid_time: 3600
      when: ansible_os_family == "Debian"
    
    - name: Install nginx and required packages
      apt:
        name: ['nginx', 'ssl-cert', 'curl']
        state: present
      register: install_result
    
    - name: Create application user
      user:
        name: "{{ app_user }}"
        shell: /bin/bash
        home: "{{ app_home }}"
        createhome: yes
        state: present
    
    - name: Create SSL certificate directory
      file:
        path: /etc/nginx/ssl
        state: directory
        mode: '0755'
        owner: root
        group: root
    
    - name: Copy SSL certificate to server
      copy:
        src: files/cert.pem
        dest: "{{ ssl_cert_path }}"
        owner: root
        group: root

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change