1. Create the role directory
2. Write the tasks
tasks/main.yml — follow the install → configure → enable pattern:
- Use fully qualified module names (
ansible.builtin.apt, notapt) - Task names are sentence case
- Config files use templates, not
copywith inline content - Service changes trigger handlers via
notify:
3. Add handlers
handlers/main.yml:
notify: strings exactly — they’re case-sensitive.
4. Define defaults
defaults/main.yml — every variable your role uses should have a default:
inventory/group_vars/<env>/vars.yml.
Secrets go in inventory/group_vars/all/vault.yml (encrypted with Ansible Vault).
5. Wire into site.yml
Add the role toansible/site.yml in the correct position. Roles run in order:
ftp and monitoring.
6. Open firewall ports
If your service needs external access, add the port toroles/security/defaults/main.yml:
7. Add a smoke test check
Editansible/playbooks/smoke-test.yml to validate your service. Add a task in the test section:
8. Test it
9. Document it
Add a page atdocs/content/docs/services/my-service.mdx covering:
- How it works (request flow)
- Configuration (key settings)
- Ansible files and variables
- Troubleshooting
docs/content/docs/services/meta.json.