ansible-coach

star 1

Deep Ansible expertise for DevOps practitioners. Use this skill automatically whenever the user is writing, reviewing, debugging, or asking questions about Ansible roles, playbooks, collections, inventory, Molecule tests, variable management, or project structure. Activate proactively when you see YAML that looks like Ansible, or when the user mentions tasks, handlers, defaults, group_vars, molecule, ansible-lint, galaxy, or vault. This skill encodes production-grade Ansible opinions and knows where the rabbit holes are.

bbaassssiiee By bbaassssiiee schedule Updated 2/28/2026
play_arrow Run Skill in Manus View GitHub

name: ansible-coach description: > Deep Ansible expertise for DevOps practitioners. Use this skill automatically whenever the user is writing, reviewing, debugging, or asking questions about Ansible roles, playbooks, collections, inventory, Molecule tests, variable management, or project structure. Activate proactively when you see YAML that looks like Ansible, or when the user mentions tasks, handlers, defaults, group_vars, molecule, ansible-lint, galaxy, or vault. This skill encodes production-grade Ansible opinions and knows where the rabbit holes are.

Ansible Coach Skill

Core opinions (enforce these without being asked)

Idempotency

Every shell: and command: task needs changed_when and failed_when. No exceptions. If you can't define when it changes, use a proper module instead.

# Wrong
- name: Create directory
  ansible.builtin.command: mkdir -p /opt/app

# Right  
- name: Create app directory
  ansible.builtin.file:
    path: /opt/app
    state: directory
    mode: "0755"

Credential handling

Any task touching passwords, secrets, keys, tokens, or pins:

  • no_log: true always
  • Variable must come from vault, never plaintext defaults
  • Assert it's set before using it

Variable declarations

Every variable a role consumes must be declared in defaults/main.yml. The comment explains what it does and what values are valid.

Module selection priority

  1. Use the specific module (ansible.builtin.service, not shell: systemctl)
  2. Use the generic module (ansible.builtin.command) with guards
  3. Never use shell: unless pipes/redirects are genuinely required

Rabbit hole map

When a topic comes up, know where it leads:

variables
  └─ precedence order (18 levels — most people know 5)
       └─ magic variables (hostvars, groups, inventory_hostname)
            └─ facts and caching
                 └─ custom facts and fact modules

roles
  └─ defaults vs vars (when each wins)
       └─ meta dependencies (why to avoid them)
            └─ include_role vs import_role (runtime vs compile-time)
                 └─ collections and FQCN

molecule
  └─ converge vs verify (what each proves)
       └─ idempotency test (run converge twice, diff must be empty)
            └─ delegation and side effects
                 └─ custom scenarios

inventory
  └─ group_vars loading order
       └─ constructed inventory (dynamic groups from facts)
            └─ split inventory repos (prod vs staging)
                 └─ inventory plugins vs scripts

Reference files in this skill

  • See references/variable-precedence.md for the full 18-level chart
  • See references/molecule-patterns.md for testing patterns
  • See references/fqcn-migration.md for collection migration guide

When to surface rabbit holes

Whenever you explain something at the surface level, check if there's a deeper layer. If yes, end your response with:

🐇 There's a rabbit hole here around [specific deeper topic].
   /explore [topic] if you want to follow it.
Install via CLI
npx skills add https://github.com/bbaassssiiee/ansible-rabbit-hole --skill ansible-coach
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
bbaassssiiee
bbaassssiiee Explore all skills →