new-conf
new-conf
Generate an annotated ansible.cfg for a specific environment.
Required Inputs
- target_path — Where to write the ansible.cfg (default:
./ansible.cfg; warn if one already exists) - environment — Target environment:
dev— development workstation, local VMsci— CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins)awx— AWX / Ansible Automation Platform
Behavior
Step 1 — Discovery
Run discovery per references/discovery.md. Check if an ansible.cfg already exists at the target path. If it does:
An ansible.cfg already exists at ./ansible.cfg.
Overwriting it will replace all current settings.
Use /ansible-designer:update-conf to make targeted changes instead.
Proceed with overwrite? (yes/no)
Step 2 — Parameter Collection
Ask for environment if not provided. Show options:
Which environment is this ansible.cfg for?
1. dev — Development (local VMs, permissive settings, verbose output)
2. ci — CI/CD pipeline (strict, no interactive prompts, minimal output)
3. awx — AWX / Automation Controller (callback plugins, fact caching)
Enter 1, 2, or 3:
Step 3 — Pre-Write Confirmation
Show summary:
Will create: ./ansible.cfg (dev profile)
Sections:
[defaults] — inventory=./inventory, forks=10, yaml callback, profile_tasks
[diff] — always=True, context=5
[privilege_escalation] — become=True, sudo
[ssh_connection] — pipelining=True, ControlMaster=auto
[persistent_connection] — connect_timeout=30
Security notes:
host_key_checking=False (dev only — NOT for production)
All settings annotated with justification comments
Proceed? (yes/no)
Step 4 — Generate ansible.cfg
Use the appropriate profile from references/ansible_cfg.md:
dev→ Profile 1ci→ Profile 2awx→ Profile 3
All non-default values must have an inline comment explaining why. Security-sensitive settings (host_key_checking=False) must have a justification comment.
Step 5 — Final Output
Show file path:
ls -la ./ansible.cfg
Suggest next step:
Next step: Validate with `ansible --version` to confirm the config is loaded
or use /ansible-designer:review-conf to check for security issues.
Sections to Include (all environments)
Every generated ansible.cfg must include all of these sections, populated with environment-appropriate values:
[defaults]— inventory, remote_user, private_key_file, host_key_checking, forks, timeout, log_path, roles_path, collections_paths, retry_files_enabled, stdout_callback, callbacks_enabled, gathering, fact_caching, fact_caching_connection, fact_caching_timeout, error_on_undefined_vars[diff]— always, context[privilege_escalation]— become, become_method, become_user, become_ask_pass[ssh_connection]— pipelining, control_path, control_master, control_persist, ssh_args[persistent_connection]— connect_timeout, command_timeout[colors](dev only) — highlight, verbose, warn, error- Vault config comment block — vault_password_file or vault_identity_list guidance
Environment Differences Summary
| Setting | dev | ci | awx |
|---|---|---|---|
| host_key_checking | False (dev only) | False (ephemeral runners) | True |
| stdout_callback | yaml | json | minimal |
| callbacks_enabled | profile_tasks, timer | (empty) | (empty — AWX injects) |
| fact_caching | jsonfile | memory | redis |
| forks | 10 | 20 | 25 |
| log_path | ./ansible.log | (empty) | (empty) |
| diff.always | True | True | False |
More from 3a2dev/ansible-designer
new-collection
Scaffold a new Ansible collection. Triggered by /new-collection. Collects collection_path, namespace, and collection name, then generates galaxy.yml, README.md, CHANGELOG.md, LICENSE, meta/runtime.yml, plugin skeletons (module, filter, lookup), roles directory, playbooks directory, and docs structure. Shows summary before writing.
8review-collection
Review an existing Ansible collection and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /review-collection. Checks galaxy.yml completeness, directory structure, required files, meta/runtime.yml, and role quality. NEVER modifies files.
8new-role
Scaffold a complete Ansible role. Triggered by /ansible-designer:new-role. Resolves role location from FQCN or path, asks whether multi-OS support is needed (RHEL, Solaris, Windows/WinRM), and generates a full role directory structure with realistic starter tasks, handlers, defaults, meta/main.yml, and OS-specific var files if requested. Shows summary before writing.
7update-role
Update an existing Ansible role. Triggered by /ansible-designer:update-role. Reads specific role files, applies the requested change following all global rules (FQCN, tags, no_log), shows a unified diff per file, waits for explicit user confirmation, then writes. Never overwrites silently.
7review-conf
Review an ansible.cfg and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /ansible-designer:review-conf. Checks for deprecated settings, insecure values, missing critical sections, and vault misconfiguration. NEVER modifies files.
7review-playbook
Review an existing Ansible playbook and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /ansible-designer:review-playbook. Checks FQCN usage, idempotency patterns, no_log on secret tasks, tag coverage, deprecated syntax, become usage, and style consistency. NEVER modifies files.
7