update-role
update-role
Update one or more files in an existing Ansible role. Always shows a diff and waits for confirmation before writing.
Required Inputs
- role_name or FQCN — The role to update (resolved from discovery)
- change_description — What to change (e.g., "add Windows support", "fix bare module names in tasks/main.yml", "add SELinux task to RedHat.yml")
Behavior
Step 1 — Discovery
Locate the role via discovery (references/discovery.md).
Step 2 — Load Target Files
Read only the files relevant to the requested change. If the change affects multiple files (e.g., "add multi-OS support"), read all affected files.
Step 3 — Apply Change
Apply the requested change to the relevant files:
- Preserve existing structure, indentation style, and comments
- All modules use FQCN
- All new tasks have tags (role_name + action category)
no_log: trueon any new task handling secrets- Use templates from
references/role.mdfor any new blocks
Step 4 — Show Unified Diff (per file)
For each modified file, show the diff:
--- roles/nginx/tasks/main.yml (original)
+++ roles/nginx/tasks/main.yml (proposed)
@@ -12,6 +12,12 @@
tags:
- nginx
- configure
+
+- name: Open firewall port for nginx
+ ansible.posix.firewalld:
+ port: "{{ nginx_port }}/tcp"
+ permanent: true
+ state: enabled
+ immediate: true
+ tags:
+ - nginx
+ - security
Then ask: "Apply these changes? (yes/no)"
Step 5 — Write on Confirmation
- If yes: write all modified files.
- If no: ask what to change and loop back to Step 3.
Step 6 — Final Output
Show file tree of the updated role:
find roles/<role_name> -type f | sort
Suggest next step:
Next step: Run `ansible-lint roles/<role_name>/` to validate
or use /ansible-designer:review-role to re-check for remaining issues.
Change Types Supported
| Change requested | Files to modify | How to handle |
|---|---|---|
| Add task | tasks/main.yml (or OS-specific task file) | Insert task with FQCN, tags, no_log if needed |
| Remove task | tasks/main.yml | Remove task block; check for orphaned handlers |
| Add multi-OS support | tasks/main.yml, tasks/RedHat.yml, tasks/Solaris.yml, tasks/Windows.yml, vars/RedHat.yml, vars/Solaris.yml, vars/Windows.yml | Add OS detection block + generate OS task/var files |
| Fix bare module names | tasks/main.yml, handlers/main.yml | Replace all bare module names with FQCN |
| Add tags | tasks/main.yml | Add missing tags to untagged tasks |
| Add handler | handlers/main.yml | Append handler with FQCN, add notify to triggering task |
| Update defaults | defaults/main.yml | Add/modify default variable |
| Update meta | meta/main.yml | Modify galaxy_info fields (platforms, version, etc.) |
| Add Windows support | tasks/Windows.yml (create), vars/Windows.yml (create), tasks/main.yml (update) | Generate Windows task file; add OS detection to main.yml |
| Add Solaris support | tasks/Solaris.yml (create), vars/Solaris.yml (create), tasks/main.yml (update) | Generate Solaris SMF task file; add OS detection to main.yml |
Safety Rules
- Never remove tasks unless explicitly requested.
- Never change the role name or its meta role_name field without explicit request.
- Preserve all existing comments.
- If adding OS support to an existing role that already has tasks in main.yml: do NOT remove those tasks. Wrap existing platform-independent tasks to remain in main.yml and move platform-specific tasks to the OS files.
- If the change would break backward compatibility (e.g., removing a defaults variable), warn before asking for confirmation.
More from 3a2dev/ansible-designer
ansible-designer
AI-assisted Ansible authoring toolkit for Claude Code. Scaffolds, reviews, and updates playbooks, roles, collections, and ansible.cfg files following production best practices. Sub-commands: new-playbook, review-playbook, update-playbook, new-role, review-role, update-role, new-collection, review-collection, update-collection, new-conf, review-conf, update-conf. Requires bash_tool. Runs discovery (CLAUDE.md to ansible.cfg to README to filesystem) at the start of every command.
9new-collection
Scaffold a new Ansible collection. Triggered by /new-collection. Collects collection_path, namespace, and collection name, then generates galaxy.yml, README.md, CHANGELOG.md, LICENSE, meta/runtime.yml, plugin skeletons (module, filter, lookup), roles directory, playbooks directory, and docs structure. Shows summary before writing.
8review-collection
Review an existing Ansible collection and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /review-collection. Checks galaxy.yml completeness, directory structure, required files, meta/runtime.yml, and role quality. NEVER modifies files.
8new-role
Scaffold a complete Ansible role. Triggered by /ansible-designer:new-role. Resolves role location from FQCN or path, asks whether multi-OS support is needed (RHEL, Solaris, Windows/WinRM), and generates a full role directory structure with realistic starter tasks, handlers, defaults, meta/main.yml, and OS-specific var files if requested. Shows summary before writing.
7new-conf
Generate an annotated ansible.cfg for a specific environment. Triggered by /ansible-designer:new-conf. Asks for target environment (dev, CI, or AWX) and generates a fully annotated ansible.cfg covering all official sections including defaults, privilege escalation, SSH connection, vault config, callback plugins, and fact caching. Shows summary before writing.
7review-conf
Review an ansible.cfg and produce a structured severity report grouped by CRITICAL, WARNING, and INFO. Triggered by /ansible-designer:review-conf. Checks for deprecated settings, insecure values, missing critical sections, and vault misconfiguration. NEVER modifies files.
7