Part 4: Scaling Smarter — Using Roles, Templates, and Ansible Vault

As your playbooks grow, keeping them clean, organized, and secure becomes more important than ever. In this post, we’ll explore how to:

Structure your automation using roles
Create dynamic configs with templates
Secure your secrets using Ansible Vault

Let’s scale up — the smart way.

Why Use Roles?

Roles are Ansible’s way of organizing playbooks into reusable components. They help you:

Group related tasks, files, handlers, and templates
Share common automation across projects or teams

To create a new role:

ansible-galaxy init apache_setup

This creates a folder structure like:

apache_setup/
├── defaults/
├── files/
├── handlers/
├── meta/
├── tasks/
├── templates/
└── vars/

You can now separate logic and reuse the role in any project.

Example: A Role for Installing Apache

Inside apache_setup/tasks/main.yml:

- name: Install Apache
  apt:
    name: apache2
    state: present

To use this role:

---
- name: Apply web server role
  hosts: web
  become: true
  roles:
    - apache_setup

Dynamic Configs with Templates

Templates use Jinja2 syntax to generate dynamic configuration files based on variables.

Example: Apache config template (apache.conf.j2):

ServerName {{ inventory_hostname }}
AdminEmail {{ admin_email }}

Playbook task:

- name: Deploy Apache config
  template:
    src: apache.conf.j2
    dest: /etc/apache2/sites-available/000-default.conf

Templates live in the templates/ folder inside your role.

Securing Secrets with Ansible Vault

Need to store credentials, API keys, or other sensitive info? Use Ansible Vault.

Encrypt a variable file:

ansible-vault encrypt secrets.yml

Use encrypted variables in your playbook:

vars_files:
  - secrets.yml

Run the playbook:

ansible-playbook site.yml --ask-vault-pass

You can also create encrypted strings inline using:

ansible-vault encrypt_string 'supersecretpassword' --name 'admin_password'

Bringing It Together

Here’s an example directory:

project-folder/
├── inventory.ini
├── site.yml
└── roles/
    └── apache_setup/
        ├── tasks/
        │   └── main.yml
        ├── templates/
        │   └── apache.conf.j2
        └── vars/
            └── main.yml

site.yml:

---
- name: Deploy web servers
  hosts: web
  become: true
  roles:
    - apache_setup

Recap

In this post, you’ve learned how to:

Use roles to organize your automation
Create dynamic templates using variables
Secure sensitive values with Ansible Vault

These tools help you write clean, maintainable automation — ready for real-world use.

Coming Up Next

In the final part of the series, we’ll walk through a complete, practical Ansible workflow that ties together inventory, roles, templates, secrets, and more.

Let’s put everything into action!

Share the Post:

Mastering DNS Troubleshooting: Pro Tips, Real-World Scenarios & Tools for IT Pros

Introduction The Domain Name System (DNS) is the unsung hero of modern networking. It quietly powers everything from web browsing

Part 6: Functions and Modules — Organize and Reuse Your Code (with AI to Help You Refactor)

By now, your code is starting to grow — which means it’s time to get organized. In this part, you’ll learn