ansible/best-practices.md at 256e32eeaa0d6bbb0a3b39e573d500520a69a6f0

simonas/ansible

Fork 0

Files

Simonas Kareiva 585b219b52 Initial qwen3 run with opencode

2026-03-23 21:36:35 +02:00

1.5 KiB

Raw Blame History

Best Practices

1. Idempotency

Use modules that ensure idempotency (e.g., service, package, file):

- name: Ensure Apache is running
  service:
    name: apache2
    state: started
    enabled: yes

2. Playbook Structure

Separate tasks into logical sections using block/rescue

Use handlers for services/configuration management:

- name: Restart Apache
  service:
    name: apache2
    state: restarted
  handlers:
    - name: Restart Apache
      service:
        name: apache2
        state: restarted

3. Inventory Management

Use ansible-inventory --list to validate inventory structure
Leverage dynamic inventory for cloud environments (e.g., AWS, OpenStack)

4. Security

Store secrets in Ansible Vault:

ansible-vault encrypt_string --vault-id myvault@prompt 'secret_value'

Use become: yes for privileged tasks and restrict SSH access

5. Testing

Always use --check to simulate changes:
```
ansible-playbook site.yml --check
```
Use --diff to review changes:
```
ansible-playbook site.yml --diff
```

6. Troubleshooting

Use --verbosity=2 for detailed output

Debug variables with debug module:

- name: Show variable value
  debug:
    msg: "{{ some_variable }}"

7. Automation

Use ansible-pull for agentless orchestration
Combine with CI/CD pipelines for automated deployments

1.5 KiB Raw Blame History