ansible
Files
SKILL.mdagentsreferences
Install
Install the containing plugin
/plugin install ci-cd@llm-skills
Invoke this skill after installation
/ci-cd:ansible
This skill is bundled inside ci-cd. Install the plugin once, then Claude Code can use any of its included skills. Browse the full plugin repository at github.com/alisonaquinas/llm-ci-dev.
SKILL.md
name: ansible description: Automate configuration management and application deployment with Ansible. Use when tasks mention ansible-playbook, inventory files, Ansible roles, ad-hoc commands, ansible-galaxy, or agentless SSH automation.
Ansible
Intent Router
| Request | Reference | Load When |
|---|---|---|
| Install tool, SSH setup, ansible.cfg | references/install-and-setup.md | User needs to install Ansible or configure control node |
| Inventory files, group_vars, host_vars | references/inventory-and-variables.md | User needs inventory structure or variable precedence |
| Playbook authoring, roles, modules | references/playbook-patterns.md | User needs play structure, task patterns, or common modules |
| CLI commands, vault, galaxy | references/command-cookbook.md | User needs ansible/ansible-playbook/ansible-vault/galaxy commands |
Quick Start
# 1. Define your inventory
cat > inventory.ini <<'EOF'
[web]
web1.example.com
web2.example.com
[db]
db1.example.com
EOF
# 2. Test connectivity (ad-hoc ping)
ansible all -i inventory.ini -m ping
# 3. Run a playbook
ansible-playbook -i inventory.ini site.yml
# 4. Dry-run a playbook (check mode — no changes)
ansible-playbook -i inventory.ini site.yml --check --diff
Core Concepts
| Concept | Description |
|---|---|
| Control node | Machine where Ansible runs (requires Python; no agent needed on targets) |
| Managed node | Target host reached via SSH (Linux) or WinRM (Windows) |
| Inventory | List of managed nodes (INI, YAML, or dynamic script) |
| Playbook | YAML file defining ordered plays and tasks |
| Role | Reusable directory structure (tasks, handlers, templates, vars) |
| Module | Idempotent unit of work (copy, service, package, user, command…) |
| Collection | Packaged set of roles, modules, and plugins from Ansible Galaxy |
Safety Guardrails
- Always run with
--check --difffirst to preview changes without applying them. - Use
--limitto target a subset of hosts before running against all inventory. - Avoid
commandandshellmodules when an idempotent module exists. - Running as root (
become: true) requires explicit approval — confirm privilege escalation scope. - Protect secrets with
ansible-vault encrypt— never commit plaintext passwords.
# Install a role then dry-run the playbook to preview changes
ansible-galaxy role install geerlingguy.java
ansible-playbook -i inventory.ini site.yml --check --diff
Workflow
- Define or update inventory.
- Test connectivity:
ansible all -m ping -i inventory.ini - Write or update playbook.
- Dry-run:
ansible-playbook site.yml -i inventory.ini --check --diff - Run against a subset:
ansible-playbook site.yml -i inventory.ini --limit web1.example.com - Run against all:
ansible-playbook site.yml -i inventory.ini
Related Skills
- terraform — provision infrastructure; Ansible configures after provisioning
- open-tofu — open-source Terraform fork; same provisioning + Ansible pattern
- pulumi — IaC with code; Ansible handles post-provision configuration
- ci-architecture — integrating Ansible into CI/CD pipelines
References
references/install-and-setup.mdreferences/inventory-and-variables.mdreferences/playbook-patterns.mdreferences/command-cookbook.md- Official docs: https://docs.ansible.com/ansible/latest/
- Galaxy: https://galaxy.ansible.com
- Jeff Geerling's book/repo: https://www.ansiblefordevops.com/
- Red Hat learning: https://www.redhat.com/en/topics/automation/learning-ansible