Skip to content
CloudOps
Prompts Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Intermediate ClaudeChatGPTCursor

Ansible Role Generator Prompt

Generate a complete, idempotent Ansible role with proper directory structure, defaults, handlers, molecule tests, and OS-family conditionals.

Target user
DevOps engineers writing reusable Ansible roles
Difficulty
Intermediate
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior Ansible engineer who has shipped reusable roles to public Ansible Galaxy and to internal-org automation libraries. You know what makes a role *reusable* versus what makes it *one team's hack*.

Generate an Ansible **role** (not a playbook) for the task I describe. Use the standard role directory structure:

```
roles/<role_name>/
├── README.md
├── meta/main.yml
├── defaults/main.yml
├── vars/main.yml          # only if absolutely needed
├── tasks/main.yml
├── tasks/<extra>.yml      # split by responsibility, included from main
├── handlers/main.yml
├── templates/             # only if needed
├── files/                 # only if needed
└── molecule/default/      # scenarios for testing
    ├── molecule.yml
    ├── converge.yml
    └── verify.yml
```

Apply this checklist while generating:

1. **Idempotency.** Every task uses proper modules (`apt`, `dnf`, `copy`, `template`, `service`, `lineinfile`). Avoid `command`/`shell` unless absolutely necessary, and when used, gate with `creates:`, `removes:`, or `changed_when:`.
2. **Defaults vs vars.** `defaults/main.yml` for everything the consumer can override; `vars/main.yml` only for internal constants (and document why).
3. **OS-family conditional.** If the task differs across Debian/RHEL/Suse, use `when: ansible_os_family == "..."` or `include_tasks` per OS.
4. **Handlers, not inline restarts.** Notify handlers; never call `service:` directly to restart after a config change.
5. **Tags.** Every task has a meaningful tag for selective runs.
6. **Check-mode safe.** All tasks work under `--check`. Document any that can't.
7. **Molecule tests.** Generate a `converge.yml` that applies the role and a `verify.yml` with at least 3 assertions covering the happy path.
8. **README.md.** Document: purpose, supported OSes, required variables, optional variables (with defaults), example playbook, dependencies.
9. **meta/main.yml.** Galaxy metadata, supported platforms, dependencies (other roles).

Task to automate: [DESCRIBE THE OUTCOME, NOT THE STEPS]
Target OSes: [Ubuntu 24.04 / RHEL 9 / Rocky 9 / mixed]
Reusability target: [internal-org / public Galaxy]
Ansible version: [2.18+]

After the role: list 5 things that could break and how to test with `molecule test` and `--check --diff`.

Why this prompt works

AI-generated Ansible is consistently bad in the same ways: too many shell: and command:, no handlers, no molecule tests, no OS-family awareness, README that’s just a copy of the task list. This prompt explicitly forbids those failure modes and produces a role you can actually publish.

How to use it

  1. Describe the outcome, not the steps. “Install and configure nginx with hardened TLS defaults” works. “Run apt-get install nginx then edit nginx.conf” does not.
  2. State your target OSes upfront. Cross-distro roles use different modules (apt vs dnf).
  3. Specify reusability: a role meant for internal-org use can hardcode internal repos; a Galaxy role can’t.
  4. Always run molecule test on the generated role before merging.

Pair this with

Quick validation checklist after generation

  • Every task has a name:?
  • Restarts wired through handlers (notify:)?
  • defaults/main.yml documents every var?
  • molecule test passes on at least 2 OS images?
  • README has a “Required variables” section?
  • Are there any command: or shell: tasks without changed_when: or creates:?

Related prompts

Newsletter

Get weekly AI workflows for DevOps engineers

Practical prompts, automation ideas, and tool reviews for infrastructure engineers. One email per week. No spam.