Ansible Configuration Management

Generate a complete Ansible infrastructure automation solution with playbooks, roles, and inventory for the following deployment requirements:

Infrastructure Overview

• Project Name: [e.g., MyApp, E-commerce Platform, API Service]
• Environment: [Production / Staging / Development / All]
• Target OS: [Ubuntu 22.04 / Debian / CentOS / RHEL / Amazon Linux]
• Number of Servers: [Specify count and types]
• Cloud Provider: [AWS / GCP / Azure / DigitalOcean / Bare metal]

Server Groups and Inventory

Server Group 1: [Name, e.g., Web Servers]

• Count: [Number of servers]
• Hostnames/IPs: [List or pattern: web[1:3].example.com]
• Role: [What these servers do]
• SSH User: [ubuntu / ec2-user / root / custom]
• SSH Key: [Path to private key or use ssh-agent]
• Python Path: [/usr/bin/python3 / custom]

Server Group 2: [Name, e.g., Database Servers]

• Count: [Number of servers]
• Hostnames/IPs: [List or pattern]
• Role: [What these servers do]
• SSH User: [Username]
• SSH Key: [Key path]
• Python Path: [Python interpreter path]

Server Group 3: [Name, e.g., Load Balancers]

• Count: [Number of servers]
• Hostnames/IPs: [List or pattern]
• Role: [What these servers do]
• SSH User: [Username]
• SSH Key: [Key path]
• Python Path: [Python interpreter path]

[Define 2-6 server groups total]

Application Stack

Application Details

• Application Type: [Node.js / Python / Ruby / Go / Java / PHP / Static]
• Application Name: [Name for the app]
• Application Port: [3000 / 8080 / custom]
• Process Manager: [PM2 / systemd / supervisord / None]
• Application Path: [/opt/app / /var/www / custom]
• Application User: [www-data / app / custom]

Dependencies to Install

• System Packages: [List: nodejs, nginx, postgresql, redis, etc.]
• Language Runtime: [Node.js 20 / Python 3.11 / Ruby 3.2 / etc.]
• Package Manager Packages: [npm packages / pip packages / gems / etc.]
• Additional Tools: [git, curl, build-essential, etc.]

Services Configuration

Web Server

• Web Server: [Nginx / Apache / Caddy / None]
• Configuration:
  • Server name: [example.com / IP]
  • Listen port: [80 / 443 / custom]
  • SSL/TLS: [Yes with Let's Encrypt / Yes with custom certs / No]
  • Proxy to: [Application port]
  • Static files path: [If applicable]
  • Custom headers: [CORS, security headers, etc.]

Database

• Database: [PostgreSQL / MySQL / MongoDB / Redis / None]
• Configuration:
  • Version: [Specific version or latest]
  • Database name: [Database to create]
  • Database user: [Username to create]
  • Database password: [Use vault / Generate / Specify]
  • Backup strategy: [Daily / Weekly / None]
  • Remote access: [Allow from app servers / Localhost only]

Caching/Queue (if applicable)

• Service: [Redis / Memcached / RabbitMQ / None]
• Configuration:
  • Port: [Default / Custom]
  • Max memory: [Limit]
  • Persistence: [Yes / No]
  • Access: [Localhost / Network]

Monitoring/Logging

• Monitoring: [Prometheus / Datadog / CloudWatch / None]
• Logging: [ELK Stack / Loki / CloudWatch / Syslog / None]
• Metrics Collection: [Node Exporter / Custom / None]

Security Configuration

Firewall Rules

• Firewall: [UFW / iptables / firewalld / Cloud security groups]
• Allowed Ports:
  • SSH: [22 / Custom port]
  • HTTP: [80 / Disabled]
  • HTTPS: [443 / Disabled]
  • Application: [Custom ports]
  • Database: [Allow from app servers / Blocked]
• Allowed IPs: [Whitelist specific IPs / Allow all / Custom]

SSL/TLS Configuration

• SSL Provider: [Let's Encrypt / Custom certificates / None]
• Certificate Path: [If custom certs]
• Auto-renewal: [Yes / No]
• Redirect HTTP to HTTPS: [Yes / No]

System Hardening

• SSH Hardening:
  • Disable password authentication
  • Disable root login
  • Change SSH port
  • Use SSH keys only
• Security Updates: [Auto-install / Manual / None]
• Fail2ban: [Install and configure / No]

Deployment Configuration

Application Deployment

• Deployment Method: [Git clone / Copy files / Download artifact / Docker]
• Source: [Git repository URL / Local path / Artifact URL]
• Branch/Tag: [main / production / specific tag]
• Build Steps: [npm install && npm build / pip install / etc.]
• Pre-deployment: [Database migrations / Cache clear / etc.]
• Post-deployment: [Restart services / Health check / etc.]

Environment Variables

List all environment variables needed:

NODE_ENV=production
DATABASE_URL=postgresql://...
API_KEY=...
[Additional vars]

File Uploads/Storage

• Upload Directory: [Path for user uploads]
• Permissions: [Owner and mode]
• Backup: [Include in backups / Separate / None]

Roles to Create

Role 1: [RoleName, e.g., webserver]

• Purpose: [What this role does]
• Tasks:
  • Install web server
  • Configure virtual hosts
  • Setup SSL certificates
  • Configure firewall
  • [Additional tasks]
• Templates: [nginx.conf.j2, app.service.j2, etc.]
• Handlers: [Reload nginx, restart app, etc.]

Role 2: [RoleName, e.g., database]

• Purpose: [What this role does]
• Tasks: [List main tasks]
• Templates: [Config file templates]
• Handlers: [Service handlers]

Role 3: [RoleName, e.g., monitoring]

• Purpose: [What this role does]
• Tasks: [List main tasks]
• Templates: [Config file templates]
• Handlers: [Service handlers]

[Define 3-6 roles total]

Playbook Execution

Playbook Organization

• Main Playbook: [site.yml / deploy.yml / provision.yml]
• Separate Playbooks: [setup.yml, deploy.yml, update.yml, etc.]
• Tags: [nginx, app, database, monitoring, etc.]
• Execution Order: [Specify dependencies between roles]

Variables and Secrets

• Variable Files: [group_vars, host_vars locations]
• Vault Usage: [Encrypt sensitive data / No vault]
• Vault Password: [File / Prompt / None]

Code Generation Requirements

Generate a complete Ansible automation solution including:

1. Inventory Files:

   • hosts.ini with all server groups
   • Group variables in group_vars/
   • Host-specific variables in host_vars/
   • Dynamic inventory script (if cloud provider)

2. Main Playbook(s):

   • site.yml for complete infrastructure setup
   • deploy.yml for application deployment
   • update.yml for updates and patches
   • Proper host targeting and privilege escalation
   • Variable definitions and imports

3. Roles (for each defined role):

   • roles/[rolename]/tasks/main.yml with all tasks
   • roles/[rolename]/handlers/main.yml with service handlers
   • roles/[rolename]/templates/ with Jinja2 templates
   • roles/[rolename]/files/ with static files
   • roles/[rolename]/vars/main.yml with role variables
   • roles/[rolename]/defaults/main.yml with default values
   • roles/[rolename]/meta/main.yml with dependencies

4. Templates:

   • Nginx/Apache virtual host configurations
   • Systemd service files
   • Application configuration files
   • Database configuration files
   • Monitoring agent configurations

5. Configuration Files:

   • ansible.cfg with sensible defaults
   • .ansible-vault password file setup
   • requirements.yml for Galaxy roles (if needed)

6. Scripts and Utilities:

   • deploy.sh wrapper script
   • rollback.sh for rollbacks
   • health-check.sh for validation
   • backup.sh for backups

7. Documentation:

   • README.md with setup instructions
   • DEPLOYMENT.md with deployment procedures
   • TROUBLESHOOTING.md with common issues
   • Variable documentation

8. Security:

   • Ansible Vault for sensitive data
   • SSH key setup instructions
   • Firewall rule configurations
   • SSL certificate management

9. Testing:

   • Molecule tests for roles (if requested)
   • Syntax check commands
   • Dry-run examples
   • Validation playbooks

Output production-ready Ansible automation following best practices with:

• Idempotent tasks (can run multiple times safely)
• Proper error handling and validation
• Clear task naming and documentation
• Modular role-based organization
• Secure credential management with Vault
• Comprehensive variable management
• Handler-based service management
• Tags for selective execution
• Proper privilege escalation (become)
• Cross-platform compatibility where possible