Creating Ansible Playbooks

Overview

Generate production-ready Ansible playbooks, roles, and inventories for infrastructure automation. Supports provisioning servers, deploying applications, configuring services, and enforcing desired state across fleets of machines using SSH-based agentless automation.

Prerequisites

Ansible 2.14+ installed (ansible --version)
SSH access to target hosts with key-based authentication
Python 3.9+ on control node and managed nodes
Inventory of target hosts (IPs or hostnames)
Privilege escalation credentials (sudo) if configuring system-level resources
ansible-lint installed for playbook validation

Instructions

Scan the project for existing Ansible files (ansible.cfg, inventory/, roles/, group_vars/) to understand current structure
Determine the automation target: server provisioning, application deployment, configuration management, or security hardening
Create the playbook YAML with proper structure: hosts, become, vars, tasks, handlers
Extract reusable logic into roles using the standard directory layout (tasks/, handlers/, templates/, defaults/, vars/, meta/)
Define variables in group_vars/ and host_vars/ for environment-specific values, keeping secrets in vault-encrypted files
Use Jinja2 templates for configuration files that vary across environments
Add handlers for service restarts triggered by configuration changes
Validate the playbook with ansible-lint and ansible-playbook --check --diff (dry run)
Test idempotency by running the playbook twice and confirming no changes on the second run

Output

Ansible playbooks (.yml) with structured tasks, handlers, and variables
Role directories following Ansible Galaxy structure
Jinja2 templates (.j2) for dynamic configuration files
Inventory files (INI or YAML) with host groups
group_vars/ and host_vars/ for environment separation
ansible.cfg with connection and privilege escalation settings

Error Handling

Error	Cause	Solution
`unreachable: Failed to connect to host`	SSH connection failure or wrong host/port	Verify SSH keys, host IPs, and that port 22 is open with `ansible -m ping`
`permission denied` on become	Missing or incorrect sudo password	Add `--ask-become-pass` or configure `ansible_become_password` in vault
`undefined variable`	Variable not defined in vars, defaults, or inventory	Check variable precedence; define in `defaults/main.yml` or `group_vars/`
`ansible-lint: syntax-check failed`	YAML syntax error or deprecated module usage	Run `ansible-lint -v` and fix reported issues; replace deprecated modules
`changed` on every run (not idempotent)	Using `command`/`shell` without `creates`/`removes` guards	Add `creates:` parameter or switch to purpose-built modules (`copy`, `template`, `file`)

Examples

"Create an Ansible playbook to provision an Ubuntu 22.04 server with Nginx, Certbot, and a firewall allowing only 80/443."
"Generate a role that deploys a Python Flask app with Gunicorn, systemd service file, and log rotation."
"Write an Ansible playbook to harden SSH config across all servers: disable root login, enforce key auth, set idle timeout."

Resources

Ansible documentation: https://docs.ansible.com/ansible/latest/
Ansible Galaxy roles: https://galaxy.ansible.com/
Ansible Lint rules: https://ansible.readthedocs.io/projects/lint/rules/
Best practices guide: https://docs.ansible.com/ansible/latest/tips_tricks/ansible_tips_tricks.html

creating-ansible-playbooks