Initial commit

2025-11-30 08:18:54 +08:00
commit bd8471b8c0
10 changed files with 354 additions and 0 deletions
--- a/skills/ansible-playbook-creator/SKILL.md
+++ b/skills/ansible-playbook-creator/SKILL.md
@@ -0,0 +1,52 @@
+---
+name: creating-ansible-playbooks
+description: |
+  This skill creates Ansible playbooks for automating configuration management tasks. It generates production-ready, multi-platform playbooks based on user-defined requirements, incorporating best practices and a security-first approach. Use this skill when you need to automate server configurations, software deployments, or infrastructure management using Ansible. Trigger this skill by requesting "Ansible playbook," specifying configuration details, or asking for automation of a particular setup.
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash
+version: 1.0.0
+---
+
+## Overview
+
+This skill empowers Claude to generate Ansible playbooks, streamlining infrastructure automation. It takes your specifications and translates them into executable Ansible code, allowing for repeatable and reliable deployments.
+
+## How It Works
+
+1. **Receiving User Request**: Claude receives the user's request for an Ansible playbook, including details about the desired configuration.
+2. **Generating Playbook**: Based on the user's input, Claude utilizes the `ansible-playbook-creator` plugin to generate a complete Ansible playbook.
+3. **Presenting the Playbook**: Claude presents the generated Ansible playbook to the user for review and execution.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Automate server configuration management tasks.
+- Deploy applications across multiple servers consistently.
+- Create repeatable and reliable infrastructure setups.
+
+## Examples
+
+### Example 1: Setting up a web server
+
+User request: "Create an Ansible playbook to install and configure Apache on Ubuntu servers."
+
+The skill will:
+1. Generate an Ansible playbook that installs the Apache web server and configures it with a default virtual host.
+2. Present the playbook to the user, ready for execution against Ubuntu servers.
+
+### Example 2: Deploying a Docker container
+
+User request: "Generate an Ansible playbook to deploy a Docker container running Nginx on CentOS servers."
+
+The skill will:
+1. Generate an Ansible playbook that installs Docker, pulls the Nginx image, and runs it as a container on CentOS servers.
+2. Provide the playbook to the user for immediate deployment.
+
+## Best Practices
+
+- **Specificity**: Provide detailed requirements for the desired configuration to generate accurate playbooks.
+- **Security**: Review the generated playbooks for security best practices before deploying them in production.
+- **Testing**: Always test generated playbooks in a staging environment before applying them to production servers.
+
+## Integration
+
+This skill integrates with Claude's core capabilities by providing a specialized tool for Ansible playbook creation. It enhances Claude's ability to assist with DevOps tasks and infrastructure automation.
--- a/skills/ansible-playbook-creator/assets/README.md
+++ b/skills/ansible-playbook-creator/assets/README.md
@@ -0,0 +1,7 @@
+# Assets
+
+Bundled resources for ansible-playbook-creator skill
+
+- [ ] playbook_template.yml: A basic template for Ansible playbooks, including common sections and best practice configurations.
+- [ ] example_playbooks/: A directory containing example playbooks for various use cases, such as installing software, configuring firewalls, and managing users.
+- [ ] validation_rules.yml: A set of rules for validating the generated playbooks, ensuring they adhere to best practices and security standards.
--- a/skills/ansible-playbook-creator/assets/playbook_template.yml
+++ b/skills/ansible-playbook-creator/assets/playbook_template.yml
@@ -0,0 +1,75 @@
+---
+# Ansible Playbook Template
+# This template provides a starting point for creating Ansible playbooks.
+# It includes common sections and best practice configurations.
+
+- name: "REPLACE_ME - Playbook Description"
+  hosts: all  # Target hosts or groups (e.g., webservers, dbservers)
+  become: true  # Enable privilege escalation (sudo)
+  become_user: root # Specify the user to become (optional, defaults to root)
+  gather_facts: true  # Gather facts about the target hosts
+
+  # Define variables that can be used throughout the playbook
+  vars:
+    # Example variables
+    app_name: "YOUR_APP_NAME"
+    app_version: "1.0.0"
+    install_dir: "/opt/{{ app_name }}"
+    # Add more variables as needed
+
+  # Pre-tasks: Tasks that run before any roles are applied
+  pre_tasks:
+    - name: "Update apt cache (Debian/Ubuntu)"
+      apt:
+        update_cache: yes
+      when: ansible_os_family == "Debian"
+
+    - name: "Update yum cache (RedHat/CentOS)"
+      yum:
+        update_cache: yes
+      when: ansible_os_family == "RedHat"
+
+  # Roles: Group of tasks to perform a specific function
+  roles:
+    - role: common  # Example role for common configurations
+      # vars:  # Role-specific variables (optional)
+      #   some_var: "YOUR_VALUE_HERE"
+
+    # Add more roles as needed (e.g., webserver, database)
+    # - role: webserver
+
+  # Tasks: Individual steps to be executed
+  tasks:
+    - name: "Create installation directory"
+      file:
+        path: "{{ install_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: "Copy application files"
+      copy:
+        src: "files/{{ app_name }}"  # Path to application files on the control node
+        dest: "{{ install_dir }}"
+        owner: root
+        group: root
+        mode: "0644"
+
+    # Add more tasks as needed
+
+  # Post-tasks: Tasks that run after all roles and tasks have been applied
+  post_tasks:
+    - name: "Restart application service"
+      service:
+        name: "{{ app_name }}"
+        state: restarted
+      ignore_errors: true # Allows the playbook to continue even if the service restart fails
+
+  # Handlers: Tasks that are triggered by other tasks
+  handlers:
+    - name: "Restart web server"
+      service:
+        name: apache2
+        state: restarted
+      listen: "Restart web server"  # Triggered by tasks that notify "Restart web server"
--- a/skills/ansible-playbook-creator/assets/validation_rules.yml
+++ b/skills/ansible-playbook-creator/assets/validation_rules.yml
@@ -0,0 +1,94 @@
+# validation_rules.yml
+
+# --- General Playbook Structure Rules ---
+playbook_structure:
+  # Rule: Playbook must have a name
+  name_required: true
+  # Rule: Playbook must have at least one host
+  hosts_required: true
+  # Rule: Playbook should have a gather_facts setting (explicitly true or false)
+  gather_facts_required: true
+  gather_facts_default: true # Consider setting to false if facts are not needed for performance
+  # Rule: Playbook should have a become setting (explicitly true or false) if privilege escalation is needed
+  become_recommended: true # Recommend setting this, but don't enforce.
+  become_default: false # Set to true if most tasks require sudo.
+
+# --- Task Specific Rules ---
+task_rules:
+  # Rule: Each task must have a name
+  name_required: true
+  # Rule: Avoid using the 'shell' module unless necessary. Prefer specific modules.
+  no_shell_unless_necessary: true
+  shell_exceptions: # List of commands where shell is acceptable.  Helps reduce false positives.
+    - "ls"
+    - "grep"
+    - "awk"
+    - "sed"
+  # Rule: Use 'changed_when' instead of relying on return codes for idempotency.
+  changed_when_recommended: true
+  # Rule: Use 'failed_when' to handle unexpected errors.
+  failed_when_recommended: true
+
+# --- Security Best Practices ---
+security_rules:
+  # Rule: Avoid storing secrets directly in playbooks. Use Ansible Vault or a secrets management system.
+  no_plain_text_secrets: true
+  secret_keywords: # List of keywords that indicate a potential secret
+    - "password"
+    - "secret"
+    - "token"
+    - "key"
+  # Rule: Use 'become' with caution.  Limit its scope to only the tasks that require it.
+  become_caution: true
+  # Rule: Avoid using '*' in host patterns in production. Be specific.
+  no_wildcard_hosts: true
+  # Rule: Validate input parameters to prevent injection vulnerabilities.
+  validate_input: true
+  input_validation_regex: "REPLACE_ME" # Example regex for validating input.  Should be customized per variable.
+
+# --- Idempotency Rules ---
+idempotency_rules:
+  # Rule: Ensure tasks are idempotent. They should only make changes when necessary.
+  idempotent_tasks: true
+  # Rule: Use 'creates' or 'removes' in file/copy/template modules for idempotency.
+  file_idempotency: true
+  # Rule: Use 'state' parameter where applicable (e.g., present/absent for files/packages).
+  state_parameter_required: true
+  state_parameter_exceptions:  # Some modules don't use state, so exclude them
+    - "debug"
+    - "include_tasks"
+    - "include_role"
+
+# --- Error Handling Rules ---
+error_handling_rules:
+  # Rule: Implement proper error handling using 'rescue' and 'always' blocks.
+  rescue_blocks_recommended: true
+  always_blocks_recommended: true
+  # Rule: Use 'ignore_errors' with caution.  Document why it is necessary.
+  ignore_errors_caution: true
+
+# --- Variable Usage Rules ---
+variable_rules:
+  # Rule: Use descriptive variable names.
+  descriptive_variable_names: true
+  # Rule: Define variables in a structured way (e.g., group_vars, host_vars).
+  structured_variables: true
+  # Rule: Avoid using hardcoded values directly in tasks. Use variables instead.
+  no_hardcoded_values: true
+
+# --- Module Specific Rules (Example for apt module) ---
+apt_module_rules:
+  # Rule: Ensure 'update_cache' is set to 'yes' when installing packages for the first time.
+  update_cache_recommended: true
+  # Rule: Specify a state (present/absent) when managing packages.
+  state_required: true
+  default_package: "YOUR_VALUE_HERE" # Example default package
+
+# --- Platform Specific Rules ---
+platform_rules:
+  # Rule: Use conditional statements ('when') to handle platform-specific differences.
+  conditional_platform_tasks: true
+  supported_platforms: # List of supported platforms
+    - "Ubuntu"
+    - "CentOS"
+    - "Windows"
--- a/skills/ansible-playbook-creator/references/README.md
+++ b/skills/ansible-playbook-creator/references/README.md
@@ -0,0 +1,7 @@
+# References
+
+Bundled resources for ansible-playbook-creator skill
+
+- [ ] ansible_best_practices.md: Comprehensive guide on Ansible best practices, including idempotency, variable usage, and error handling.
+- [ ] security_hardening_guide.md: Detailed instructions on security hardening techniques for Ansible playbooks, such as using Ansible Vault and avoiding hardcoded credentials.
+- [ ] multi_platform_compatibility.md: Guidelines for creating playbooks that are compatible with multiple operating systems and platforms.
--- a/skills/ansible-playbook-creator/scripts/README.md
+++ b/skills/ansible-playbook-creator/scripts/README.md
@@ -0,0 +1,7 @@
+# Scripts
+
+Bundled resources for ansible-playbook-creator skill
+
+- [ ] validate_playbook.py: Validates the generated playbook syntax and structure using ansible-lint or similar tools.
+- [ ] test_playbook.sh: Executes the generated playbook in a test environment (e.g., a container) to verify its functionality.
+- [ ] secure_playbook.py: Scans the playbook for security vulnerabilities and suggests remediations based on best practices.