Real-World Ansible Projects

# CHAPTER 19

Real-World Ansible Projects #

1. Introduction #

In the DevOps industry, theoretical knowledge and syntax memorization only get you to the interview. To secure the job, you must possess a demonstrated portfolio of functional automation. Employers want to see that you can synthesize Ansible's massive module library, dynamic inventories, templating engines, and security vaults into cohesive, production-grade architectures. In this chapter, we outline five robust, professional-grade Configuration Management projects. These projects are designed to prove your mastery of automation workflows, Linux administration, and secure infrastructure orchestration.

2. Learning Objectives #

By the end of this chapter, you will be able to:

• Architect an automated, multi-tier LAMP stack deployment.

• Build a comprehensive Linux Server Hardening playbook.

• Orchestrate a multi-container Docker environment via Ansible.

• Design an end-to-end cloud provisioning and configuration workflow.

• Document and present infrastructure projects professionally for a portfolio.

3. Project 1: Automated LAMP Stack Deployment #

The Goal: Prove you understand core package management, service orchestration, and templating. The Architecture:

1. 1. Source: An Ansible project with a structured roles/ directory.

1. 2. The Roles:

• common: Updates the OS, sets the timezone to UTC, installs htop and curl.

• database: Installs MySQL, secures the root user, and uses Ansible Vault for the database password.

• web: Installs Apache/Nginx, PHP, and uses the template module to dynamically generate the VirtualHost configuration based on an ansiblefacts IP address.

1. 3. The Proof: Create a video running ansible-playbook site.yml. Show a completely blank Ubuntu VM transforming into a live web server. Refresh a browser pointing to the IP address to show the active PHP application.

4. Project 2: Secure Linux Server Hardening (DevSecOps) #

The Goal: Prove you understand Zero-Trust architecture and secure system administration. The Architecture:

1. 1. Source: A highly modularized security playbook.

1. 2. The Components:

• Use user and authorizedkey to deploy a non-root admin user with cryptographic SSH keys.

• Use lineinfile with validate: visudo to safely configure sudo permissions.

• Use lineinfile to strictly enforce PasswordAuthentication no and PermitRootLogin no in the /etc/ssh/sshdconfig file.

• Use the ufw module to enable the firewall, blocking everything except ports 22, 80, and 443.

1. 3. The Proof: Provide the playbook code on GitHub. Document the execution output. Demonstrate attempting to SSH into the server using a password as root, proving that the Ansible automation successfully hardened the server to reject the connection.

5. Project 3: Docker Deployment Automation #

The Goal: Prove you can bridge the gap between Configuration Management and Containerization. The Architecture:

1. 1. Source: A playbook utilizing the community.docker collection.

1. 2. The Components:

• Install Docker and its Python dependencies via the apt and pip modules.

• Create an isolated dockernetwork.

• Deploy a Redis cache dockercontainer.

• Deploy a Node.js/Python API dockercontainer that connects to the Redis network, injecting environment variables dynamically via the Ansible playbook.

1. 3. The Proof: Document the playbook execution. Run an ad-hoc command ansible all -m shell -a "docker ps" to show the live containers running, proving the seamless orchestration of the container environment.

6. Project 4: Dynamic Cloud Infrastructure Orchestration #

The Goal: Prove you understand Cloud APIs and dynamic inventories. The Architecture:

1. 1. Source: A playbook utilizing the amazon.aws collection.

1. 2. The Components:

• Use ec2securitygroup to provision a firewall in AWS.

• Use ec2instance to build an Amazon Linux 2 server in the cloud.

• Use the addhost module to dynamically register the newly minted AWS IP address into Ansible's in-memory inventory.

• Use waitforconnection to wait for SSH to boot.

• Deploy a basic web application to the dynamically discovered server.

1. 3. The Proof: Provide screenshots of the AWS Console showing the newly created EC2 instance and Security Group. Document the single terminal command that built the hardware and configured the software in one fluid motion.

7. Project 5: The Enterprise CI/CD Pipeline #

The Goal: Prove you understand GitOps and automated deployment governance. The Architecture:

1. 1. The Infrastructure: Upload Project 1 (The LAMP Stack) to a GitHub repository.

1. 2. The Components:

• Write a .github/workflows/deploy.yml GitHub Actions file.

• Implement ansible-lint as a prerequisite step to validate YAML formatting.

• Securely inject an SSH private key using GitHub Secrets.

• Securely pass an Ansible Vault decryption key from GitHub Secrets to decrypt database passwords during execution.

• Execute the playbook automatically against a test server upon a push to the main branch.

1. 3. The Proof: Provide the GitHub Actions configuration file. Take screenshots of a successful GitHub Actions run log, highlighting the linting pass, the secure execution, and the final "Play Recap" showing successful configuration.

8. How to Document Your Automation Portfolio #

A DevOps portfolio must focus on *scale* and *consistency*.

• README Driven Development: Your repository README.md is your resume. Explain *how* to run the playbook. Detail exactly which variables the user needs to provide in group_vars.

• The "Why": Explain your architectural decisions. "I utilized a dynamic Jinja2 template rather than the copy module to allow the Nginx configuration to automatically bind to the specific VPC IP address of the target host."

• Idempotency Proof: Explicitly document that your playbook is idempotent. Post a screenshot showing a second run returning exactly changed=0, proving your code is safe for production.

9. Summary #

In Chapter 19, we transitioned from learners to practitioners. We designed five capstone projects that synthesize the entire configuration management lifecycle. From robust LAMP stack deployments and absolute DevSecOps server hardening, to Docker orchestration and fully automated CI/CD pipelines, these projects demand the practical application of declarative YAML, secure secret vaults, and dynamic templating. By executing these projects and meticulously documenting the architectural intent behind them, you construct a professional portfolio that undeniably proves your engineering capability to any prospective employer.

10. Next Chapter Recommendation #

Your portfolio is built, and your automation skills are validated. It is time to prepare for the technical screening and map out your career trajectory. Proceed to the final chapter: Chapter 20: Ansible Interview Questions and Career Roadmap.