Skip to main content
ClaudeWave
Skill374 repo starsupdated 6mo ago

managing-configuration

This skill provides guidance for automating server and application configuration using Ansible, covering playbook creation, role structure, inventory management, secrets management with ansible-vault and HashiCorp Vault, testing patterns with Molecule, and idempotency best practices. Use it when creating Ansible playbooks, structuring reusable roles, managing static or dynamic cloud inventories, securing secrets, testing roles before production, ensuring idempotent deployments, or implementing GitOps workflows for configuration as code.

View sourceRepository: ai-design-components
Install in Claude Code
Copy
git clone --depth 1 https://github.com/ancoleman/ai-design-components /tmp/managing-configuration && cp -r /tmp/managing-configuration/skills/managing-configuration ~/.claude/skills/managing-configuration
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# Configuration Management

## Purpose

This skill provides guidance for automating server and application configuration using Ansible and related tools. It covers playbook creation, role structure, inventory management (static and dynamic), secret management, testing patterns, and idempotency best practices to ensure safe, repeatable configuration deployments.

## When to Use This Skill

Invoke this skill when:
- Creating Ansible playbooks to configure servers or deploy applications
- Structuring reusable Ansible roles with proper directory layout
- Managing inventories (static files or dynamic cloud-based)
- Securing secrets with ansible-vault or HashiCorp Vault integration
- Testing roles with Molecule before production deployment
- Ensuring idempotent playbooks that safely run multiple times
- Migrating from Chef or Puppet to Ansible
- Implementing GitOps workflows for configuration as code
- Debugging playbook failures or handler issues

## Quick Start

### Basic Playbook Example

```yaml
---
# site.yml
- name: Configure web servers
  hosts: webservers
  become: yes

  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
      notify: Restart nginx

    - name: Start nginx service
      service:
        name: nginx
        state: started
        enabled: yes

  handlers:
    - name: Restart nginx
      service:
        name: nginx
        state: restarted
```

Run with:
```bash
ansible-playbook -i inventory/production site.yml
```

## Core Concepts

### 1. Idempotency

Run playbooks multiple times without unintended side effects. Use state-based modules (`present`, `started`, `latest`) instead of imperative commands.

**Idempotent (good):**
```yaml
- name: Ensure package installed
  apt:
    name: nginx
    state: present
```

**Not idempotent (avoid):**
```yaml
- name: Install package
  command: apt-get install -y nginx
```

See `references/idempotency-guide.md` for detailed patterns.

### 2. Inventory Management

**Static Inventory:** INI or YAML files for stable environments.
**Dynamic Inventory:** Scripts or plugins for cloud environments (AWS, Azure, GCP).

Example static inventory (INI):
```ini
[webservers]
web1.example.com ansible_host=10.0.1.10
web2.example.com ansible_host=10.0.1.11

[webservers:vars]
nginx_worker_processes=4
```

See `references/inventory-management.md` for dynamic inventory setup.

### 3. Roles vs Playbooks

**Playbooks:** Orchestrate multiple tasks and roles for specific deployments.
**Roles:** Reusable, self-contained configuration units with standardized directory structure.

Standard role structure:
```
roles/nginx/
├── defaults/     # Default variables
├── tasks/        # Task files
├── handlers/     # Change handlers
├── templates/    # Jinja2 templates
├── files/        # Static files
└── meta/         # Dependencies
```

See `references/role-structure.md` for complete role patterns.

### 4. Secret Management

**ansible-vault:** Built-in encryption for sensitive data.
**HashiCorp Vault:** Enterprise-grade secrets management with dynamic credentials.

Encrypt secrets:
```bash
ansible-vault create group_vars/all/vault.yml
ansible-playbook site.yml --ask-vault-pass
```

See `references/secrets-management.md` for Vault integration.

## Common Workflows

### Workflow 1: Create New Playbook

**Step 1:** Define inventory
```ini
# inventory/production
[webservers]
web1.example.com
web2.example.com
```

**Step 2:** Create playbook structure
```yaml
---
- name: Configure application
  hosts: webservers
  become: yes

  pre_tasks:
    - name: Update package cache
      apt:
        update_cache: yes

  roles:
    - common
    - application

  post_tasks:
    - name: Verify service
      uri:
        url: http://localhost:8080/health
        status_code: 200
```

**Step 3:** Test with check mode
```bash
ansible-playbook -i inventory/production site.yml --check --diff
```

**Step 4:** Execute playbook
```bash
ansible-playbook -i inventory/production site.yml
```

See `references/playbook-patterns.md` for advanced patterns.

### Workflow 2: Create and Test Role

**Step 1:** Initialize role structure
```bash
ansible-galaxy init roles/myapp
```

**Step 2:** Define tasks
```yaml
# roles/myapp/tasks/main.yml
---
- name: Install application dependencies
  apt:
    name: "{{ item }}"
    state: present
  loop: "{{ myapp_dependencies }}"

- name: Deploy application
  template:
    src: app.conf.j2
    dest: /etc/myapp/app.conf
  notify: Restart myapp
```

**Step 3:** Add handler
```yaml
# roles/myapp/handlers/main.yml
---
- name: Restart myapp
  service:
    name: myapp
    state: restarted
```

**Step 4:** Initialize Molecule testing
```bash
cd roles/myapp
molecule init scenario default --driver-name docker
```

**Step 5:** Run tests
```bash
molecule test
```

See `references/testing-guide.md` for comprehensive testing patterns.

### Workflow 3: Set Up Dynamic Inventory (AWS)

**Step 1:** Install AWS collection
```bash
ansible-galaxy collection install amazon.aws
```

**Step 2:** Configure dynamic inventory
```yaml
# inventory/aws_ec2.yml
plugin: aws_ec2
regions:
  - us-east-1
filters:
  tag:Environment: production
  instance-state-name: running
keyed_groups:
  - key: tags.Role
    prefix: role
hostnames:
  - tag:Name
compose:
  ansible_host: private_ip_address
```

**Step 3:** Verify inventory
```bash
ansible-inventory -i inventory/aws_ec2.yml --list
```

**Step 4:** Run playbook
```bash
ansible-playbook -i inventory/aws_ec2.yml site.yml
```

See `references/inventory-management.md` for multi-cloud patterns.

### Workflow 4: Secure Secrets with ansible-vault

**Step 1:** Create encrypted vault file
```bash
ansible-vault create group_vars/all/vault.yml
```

**Step 2:** Add secrets
```yaml
# group_vars/all/vault.yml (encrypted)
vault_db_password: "SuperSecretPassword"
vault_api_key: "sk-1234567890"
```

**Step 3:** Reference in variables
```yaml
# group_vars/all/vars.yml (unencrypted)
db_password: "{{ vault_db_password }}"
More from this repository
administering-linuxSkill

Manage Linux systems covering systemd services, process management, filesystems, networking, performance tuning, and troubleshooting. Use when deploying applications, optimizing server performance, diagnosing production issues, or managing users and security on Linux servers.

ai-data-engineeringSkill

Data pipelines, feature stores, and embedding generation for AI/ML systems. Use when building RAG pipelines, ML feature serving, or data transformations. Covers feature stores (Feast, Tecton), embedding pipelines, chunking strategies, orchestration (Dagster, Prefect, Airflow), dbt transformations, data versioning (LakeFS), and experiment tracking (MLflow, W&B).

architecting-dataSkill

Strategic guidance for designing modern data platforms, covering storage paradigms (data lake, warehouse, lakehouse), modeling approaches (dimensional, normalized, data vault, wide tables), data mesh principles, and medallion architecture patterns. Use when architecting data platforms, choosing between centralized vs decentralized patterns, selecting table formats (Iceberg, Delta Lake), or designing data governance frameworks.

architecting-networksSkill

Design cloud network architectures with VPC patterns, subnet strategies, zero trust principles, and hybrid connectivity. Use when planning VPC topology, implementing multi-cloud networking, or establishing secure network segmentation for cloud workloads.

architecting-securitySkill

Design comprehensive security architectures using defense-in-depth, zero trust principles, threat modeling (STRIDE, PASTA), and control frameworks (NIST CSF, CIS Controls, ISO 27001). Use when designing security for new systems, auditing existing architectures, or establishing security governance programs.

assembling-componentsSkill

Assembles component outputs from AI Design Components skills into unified, production-ready component systems with validated token integration, proper import chains, and framework-specific scaffolding. Use as the capstone skill after running theming, layout, dashboard, data-viz, or feedback skills to wire components into working React/Next.js, Python, or Rust projects.

building-ai-chatSkill

Builds AI chat interfaces and conversational UI with streaming responses, context management, and multi-modal support. Use when creating ChatGPT-style interfaces, AI assistants, code copilots, or conversational agents. Handles streaming text, token limits, regeneration, feedback loops, tool usage visualization, and AI-specific error patterns. Provides battle-tested components from leading AI products with accessibility and performance built in.

building-ci-pipelinesSkill

Constructs secure, efficient CI/CD pipelines with supply chain security (SLSA), monorepo optimization, caching strategies, and parallelization patterns for GitHub Actions, GitLab CI, and Argo Workflows. Use when setting up automated testing, building, or deployment workflows.