Ansible Playbook Writing and Review
Write and review Ansible playbooks following best practices including idempotency, error handling, and security. Covers playbook structures, common patterns, and security checks.
Sby Skills Guide Bot
DevOpsIntermediate0 views0 installs3/1/2026Claude CodeCursorCopilot
ansibleinfrastructure-automationconfiguration-managementdevopsplaybook
name: ansible-playbook description: Write and review Ansible playbooks following best practices. Use when the user says "write ansible", "ansible playbook", "review playbook", "automate with ansible", or asks to configure servers with Ansible. allowed-tools: Read, Write, Edit, Glob, Grep, Bash
Ansible Playbook
Write and review Ansible playbooks, roles, and tasks following best practices.
Instructions
When writing:
- Understand the target configuration goal
- Check existing playbooks/roles for patterns to follow
- Write idempotent tasks with proper error handling
- Include appropriate tags and handlers
When reviewing:
- Read the playbook/role
- Check for issues listed below
- Suggest improvements
Playbook structure
---
- name: Configure web servers
hosts: webservers
become: true
vars_files:
- vars/main.yml
handlers:
- name: Restart nginx
ansible.builtin.service:
name: nginx
state: restarted
tasks:
- name: Install nginx
ansible.builtin.apt:
name: nginx
state: present
update_cache: true
notify: Restart nginx
tags: [nginx, packages]
Best practices
- MUST use FQCNs:
ansible.builtin.copynotcopy - MUST use
name:for every task - MUST use
become:explicitly, not assuming root - Use handlers for service restarts
- Use
block/rescue/alwaysfor error handling - Use
ansible-vaultfor secrets - Use variables for anything environment-specific
- Use
--checkmode compatible tasks where possible
Security checks
- No plaintext passwords in playbooks
- Secrets in vault-encrypted files
no_log: trueon tasks with sensitive data- File permissions explicitly set
- SSH keys not hardcoded
Common patterns
# Idempotent file content
- name: Configure app
ansible.builtin.template:
src: app.conf.j2
dest: /etc/app/config
mode: "0644"
owner: app
group: app
validate: "/usr/bin/app --check %s"
notify: Restart app
# Package installation
- name: Install packages
ansible.builtin.apt:
name: "{{ packages }}"
state: present
vars:
packages:
- nginx
- certbot
Rules
- MUST use fully qualified collection names (FQCNs)
- MUST include task names
- Never hardcode secrets in playbooks
- Never use
shell:when a module exists - Always make tasks idempotent
Related skills
Docker Compose Architect
100
Designs optimized Docker Compose configurations.
Claude CodeCopilotadvanced
4301561261Admin
Incident Postmortem Writer
100
Writes structured and blameless incident postmortem reports.
claudeCursorWindsurfintermediate
14143333Admin
Runbook Creator
100
Creates clear operational runbooks for common DevOps procedures.
claudeCursorWindsurfintermediate
10832259Admin