update-conf
update-conf
Update an existing ansible.cfg with targeted changes. Always shows a diff and waits for confirmation before writing.
Required Inputs
- path to ansible.cfg — Resolved from discovery if not provided
- change_description — What to change (e.g., "enable fact caching with redis", "set forks to 20", "add vault_identity_list for dev and prod")
Behavior
Step 1 — Discovery
Locate the ansible.cfg via discovery (references/discovery.md).
Step 2 — Load Existing Config
Read the full ansible.cfg content.
Step 3 — Apply Change
Apply the requested change:
- Preserve all existing sections, keys, and comments
- Add inline justification comments for security-sensitive settings:
host_key_checking = False→ must have a comment explaining whyvault_password_file→ add chmod reminder comment
- Use correct INI format:
key = valuewith spaces around= - If a requested section doesn't exist, create it at the appropriate location
- If removing a key: remove only that line (and its comment block if it's clearly paired)
Step 4 — Show Unified Diff
--- ansible.cfg (original)
+++ ansible.cfg (proposed)
@@ -8,6 +8,9 @@
forks = 10
timeout = 30
+
+# Fact caching: redis (shared across controller nodes)
+fact_caching = redis
+fact_caching_connection = redis://localhost:6379/0
+fact_caching_timeout = 86400
Then ask: "Apply this change? (yes/no)"
Step 5 — Write on Confirmation
- If yes: write the updated ansible.cfg.
- If no: ask what to change and loop back.
Step 6 — Final Output
echo "Updated: $(realpath ansible.cfg)"
Suggest next step:
Next step: Validate with `ansible --version` to confirm the config is loaded
or run /ansible-designer:review-conf to check for remaining issues.
Change Types Supported
| Change requested | How to handle |
|---|---|
| Set a key in an existing section | Find the section, update the key value; add if not present |
| Add a new section | Append section at end of file with appropriate keys |
| Enable fact caching | Set fact_caching, fact_caching_connection, fact_caching_timeout in [defaults] |
| Add vault_identity_list | Add/update vault_identity_list in [defaults]; show example format |
| Change callback plugins | Update callbacks_enabled in [defaults]; warn if awx_display is being added |
| Enable pipelining | Add pipelining = True to [ssh_connection]; add sudoers note comment |
| Change stdout_callback | Update stdout_callback in [defaults] |
| Set forks | Update forks in [defaults]; add RAM note if value > 50 |
| Remove a setting | Remove the line (and its comment if inline or immediately preceding) |
| Comment out a setting | Prefix line with # and add a note explaining why it's disabled |
Safety Rules
- Never remove entire sections unless explicitly requested.
- Never change
host_key_checking = TruetoFalsewithout adding a justification comment. - If adding
vault_password_file, add a comment reminding aboutchmod 600. - If the user requests
forks > 100, warn: "Each fork uses ~100MB RAM — ensure the controller has sufficient memory." - Preserve the existing indentation/alignment style (spaces around
=).
More from 3a2dev/ansible-designer
ansible-designer
AI-assisted Ansible authoring toolkit for Claude Code. Scaffolds, reviews, and updates playbooks, roles, collections, and ansible.cfg files following production best practices. Sub-commands: new-playbook, review-playbook, update-playbook, new-role, review-role, update-role, new-collection, review-collection, update-collection, new-conf, review-conf, update-conf. Requires bash_tool. Runs discovery (CLAUDE.md to ansible.cfg to README to filesystem) at the start of every command.
9new-collection
Scaffold a new Ansible collection. Triggered by /new-collection. Collects collection_path, namespace, and collection name, then generates galaxy.yml, README.md, CHANGELOG.md, LICENSE, meta/runtime.yml, plugin skeletons (module, filter, lookup), roles directory, playbooks directory, and docs structure. Shows summary before writing.
8review-collection
Review an existing Ansible collection and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /review-collection. Checks galaxy.yml completeness, directory structure, required files, meta/runtime.yml, and role quality. NEVER modifies files.
8new-role
Scaffold a complete Ansible role. Triggered by /ansible-designer:new-role. Resolves role location from FQCN or path, asks whether multi-OS support is needed (RHEL, Solaris, Windows/WinRM), and generates a full role directory structure with realistic starter tasks, handlers, defaults, meta/main.yml, and OS-specific var files if requested. Shows summary before writing.
7new-conf
Generate an annotated ansible.cfg for a specific environment. Triggered by /ansible-designer:new-conf. Asks for target environment (dev, CI, or AWX) and generates a fully annotated ansible.cfg covering all official sections including defaults, privilege escalation, SSH connection, vault config, callback plugins, and fact caching. Shows summary before writing.
7update-role
Update an existing Ansible role. Triggered by /ansible-designer:update-role. Reads specific role files, applies the requested change following all global rules (FQCN, tags, no_log), shows a unified diff per file, waits for explicit user confirmation, then writes. Never overwrites silently.
7