logo
Courses Blog About Login
Your Ansible Playbook Isn't Smart. It's Just Following a Recipe.
Author: Benito J D Category: DevOps, Ansible, Systems Thinking

Your Ansible Playbook Isn't Smart. It's Just Following a Recipe.

Your playbook runs. Green text floods the screen. You feel like a genius. But what did you really build? A glorified shell script. A fragile, linear sequence of commands that works today, on this specific machine, under these exact conditions. It’s a dumb robot, blindly following a recipe.

Change one ingredient in the kitchen, and the whole meal is ruined.

Real automation isn't about writing better recipes. It's about building a chef. A system that can taste the ingredients (observe its environment), adapt the recipe on the fly (make decisions), and scale the process from one dish to a thousand (apply a process consistently). This is the leap you make when you master Ansible’s conditionals and loops. They are the senses and the assembly line for your automation.

Giving Your Robot Senses (`when`)

A dumb script assumes. It assumes it's running on Red Hat. It assumes a service is down before it tries to start it. This is brittle. The moment it runs on Debian, it shatters.

The `when` clause isn't an `if` statement; it's a sensory organ. It lets your playbook probe its environment *before* it acts. The most basic sense is identity. "Who am I? Where am I?" Ansible facts provide this awareness.

- name: Install NGINX on the right OS
  tasks:
    - name: Install NGINX on Red Hat family
      ansible.builtin.yum:
        name: nginx
        state: present
      when: ansible_facts['os_family'] == "RedHat"

    - name: Install NGINX on Debian family
      ansible.builtin.apt:
        name: nginx
        state: present
      when: ansible_facts['os_family'] == "Debian"

You didn't decide which task to run. The playbook did, based on the reality of the target host. It adapted.

This becomes truly powerful when you create feedback loops. An action creates a result, and that result determines the next action. This is the OODA loop (Observe, Orient, Decide, Act) of automation.

- name: Check if a critical file exists
  ansible.builtin.stat:
    path: /etc/app.conf
  register: file_status

- name: Create the file only if it is missing
  ansible.builtin.file:
    path: /etc/app.conf
    state: touch
  when: not file_status.stat.exists

The playbook *observes* (`stat`), *orients* (`register`), and *decides* (`when`). It’s no longer a blind recipe follower. It’s starting to think.

A dumb script follows orders. An intelligent one asks questions before it acts.

Building the Assembly Line (`loop`)

Repeating yourself is a sin in automation. If you copy and paste a task to create three users, you haven’t automated anything. You've just become a very fast typist doing manual labor.

The `loop` keyword isn't for saving keystrokes. It’s for perfecting a process and then scaling it flawlessly. It’s the assembly line.

The rookie mistake is to loop over a simple list of strings. It works, but it’s a shallow understanding. The real leverage comes when you loop over *data structures*. You're not iterating over names; you're iterating over rich objects that *model* the world you want to create.

# Professional Grade
- name: Create users with specific UIDs and groups
  ansible.builtin.user:
    name: "{{ '{{' }} item.name {{ '}}' }}"
    uid: "{{ '{{' }} item.uid {{ '}}' }}"
    groups: "{{ '{{' }} item.group {{ '}}' }}"
    state: present
  loop:
    - { name: 'alice', uid: 1001, group: 'developers' }
    - { name: 'bob', uid: 1002, group: 'developers' }
    - { name: 'charlie', uid: 1003, group: 'qa' }

See the shift? The loop is no longer just running a command three times. It’s taking a declarative manifest—a list of desired user states—and making it reality. Your data defines the goal; the task is just the engine.

Don't repeat your code. Define your state and loop over it.

The Symphony: Intelligent Scaling

This is where the chef becomes a master. You combine senses with the assembly line. The loop provides the process, and the conditional provides the real-time decision making *within* that process.

Imagine a list of software packages. Some are critical, some are optional.

- name: Install specified software packages
  ansible.builtin.package:
    name: "{{ '{{' }} item.name {{ '}}' }}"
    state: present
  loop:
    - { name: 'nginx', required: true }
    - { name: 'htop', required: false }
    - { name: 'fail2ban', required: true }
  when: item.required

What’s happening here is profound. You've handed the playbook a high-level intent (the list of dictionaries). The `loop` is the execution engine, stepping through each item. The `when` clause acts as a dynamic gate, evaluating each item against a condition. The playbook isn't just installing "nginx" and "fail2ban." It's installing the "required packages," a much more intelligent operation.

You’ve built a system that consumes a declarative model and executes it with context-aware logic. This is what scales. This is what’s resilient.

Actionable Insights

  • Probe, Don't Presume. Use `when: ansible_facts['...']` to build playbooks that adapt to their targets. Hardcoding assumptions is the root of fragility.
  • Loop Over Models, Not Strings. Graduate from `loop: ['a', 'b']` to looping over lists of dictionaries. You're not just iterating; you're processing a manifest of your desired state.
  • Build Micro-Decisions with `when` in `loop`. Embed conditionals inside your loops to create powerful, filtering engines. This is how you execute complex logic with simple code.
Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
𝕏
Benify 2026 Privacy policy Terms of use Contact us Refund policy