new-playbook
new-playbook
Create a new Ansible playbook following production conventions.
Required Inputs
Collect these parameters (one question at a time, using discovery context for defaults):
- path — Directory where the playbook will be created (default:
./or./playbooks/if that directory exists) - filename — Playbook filename (e.g.,
site.yml,deploy-nginx.yml) - target_hosts — Inventory group(s) or host pattern (e.g.,
webservers,all,databases:webservers) - roles — List of roles to include (suggest roles found in discovery; accept FQCN or short names)
- playbook_type — Site playbook / Component playbook / AWX-ready playbook (suggest based on filename and roles)
If the user provides all of these inline, skip parameter collection.
Behavior
Step 1 — Discovery
Run discovery per references/discovery.md. Report:
- Roles found (in roles_path)
- Collections found (in collections_path)
- Existing playbooks
- Inventory location
Use discovered roles as suggestions during parameter collection.
Step 2 — Parameter Collection
Ask one question at a time. Suggest smart defaults:
- If
site.ymlis the filename → suggest site playbook type - If single role → suggest component playbook type
- If AWX is mentioned or
tower_job_idis referenced → suggest AWX-ready type - Roles list: show numbered list of discovered roles, let user pick by number or type FQCN
Step 3 — Pre-Write Confirmation
Show a summary:
Will create: ./playbooks/deploy-nginx.yml
Play: "Deploy nginx web server"
Hosts: webservers
Roles: myorg.infra.nginx
Type: Component playbook
Tags: nginx, validate
Proceed? (yes/no)
Check if the file already exists. If it does, warn and require explicit confirmation.
Step 4 — Generate Playbook
Use references/playbook.md as the base template. Select the appropriate template:
- Site playbook → Template 1
- Component playbook → Template 2
- AWX-ready → Template 3
Apply these rules to the generated content:
- All modules use FQCN
- All tasks have tags (component + action category)
no_log: trueon any task handling secretspre_tasksincludes OS version assertion usingansible.builtin.assert- Include a
post_tasksvalidation block usingansible.builtin.wait_fororansible.builtin.uri - Include block/rescue pattern for the main execution block if multiple steps
- Proper YAML comment header (author, version, description, usage)
Write using bash:
cat > /path/to/playbook.yml << 'EOF'
[playbook content]
EOF
Step 5 — Final Output
Show file tree:
find ./playbooks -type f | sort
Suggest next step:
Next step: Validate with `ansible-lint playbooks/deploy-nginx.yml`
or use /ansible-designer:review-playbook to get a structured review.
Example Generated Output
---
# =============================================================================
# Playbook: deploy-nginx.yml
# Author: Platform Team
# Version: 1.0.0
# Description: Deploy and configure nginx on webservers group.
# Usage:
# ansible-playbook -i inventory/ deploy-nginx.yml
# ansible-playbook -i inventory/ deploy-nginx.yml --check --diff
# =============================================================================
- name: Deploy nginx web server
hosts: webservers
become: true
gather_facts: true
vars:
nginx_port: "{{ deploy_nginx_port | default(80) }}"
nginx_enable_ssl: "{{ deploy_nginx_ssl | default(false) }}"
pre_tasks:
- name: Verify target OS is supported
ansible.builtin.assert:
that:
- ansible_os_family in ['RedHat', 'Debian']
fail_msg: "Unsupported OS family: {{ ansible_os_family }}"
tags: [always]
roles:
- role: myorg.infra.nginx
vars:
nginx_port: "{{ nginx_port }}"
nginx_enable_ssl: "{{ nginx_enable_ssl }}"
post_tasks:
- name: Confirm nginx is listening
ansible.builtin.wait_for:
host: "{{ ansible_host }}"
port: "{{ nginx_port }}"
timeout: 30
delegate_to: localhost
tags: [nginx, validate]
- name: Print deployment summary
ansible.builtin.debug:
msg: "nginx deployed on {{ inventory_hostname }} — port {{ nginx_port }}"
tags: [nginx, validate]
More from 3a2dev/ansible-designer
review-collection
Review an existing Ansible collection and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /review-collection. Checks galaxy.yml completeness, directory structure, required files, meta/runtime.yml, and role quality. NEVER modifies files.
8new-role
Scaffold a complete Ansible role. Triggered by /ansible-designer:new-role. Resolves role location from FQCN or path, asks whether multi-OS support is needed (RHEL, Solaris, Windows/WinRM), and generates a full role directory structure with realistic starter tasks, handlers, defaults, meta/main.yml, and OS-specific var files if requested. Shows summary before writing.
7review-conf
Review an ansible.cfg and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /ansible-designer:review-conf. Checks for deprecated settings, insecure values, missing critical sections, and vault misconfiguration. NEVER modifies files.
7review-playbook
Review an existing Ansible playbook and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /ansible-designer:review-playbook. Checks FQCN usage, idempotency patterns, no_log on secret tasks, tag coverage, deprecated syntax, become usage, and style consistency. NEVER modifies files.
7review-role
Review an existing Ansible role and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /ansible-designer:review-role. Checks directory structure completeness, task FQCN, tag coverage, no_log on secret tasks, defaults vs vars usage, meta/main.yml validity, and handler correctness. NEVER modifies files.
7