{"id":5430,"date":"2025-03-20T14:21:39","date_gmt":"2025-03-20T14:21:39","guid":{"rendered":"https:\/\/blog.gordonbuchan.com\/blog\/?p=5430"},"modified":"2025-03-22T00:02:25","modified_gmt":"2025-03-22T00:02:25","slug":"using-a-large-language-model-llm-to-generate-ansible-playbooks-for-the-management-of-one-or-more-linux-servers","status":"publish","type":"post","link":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/2025\/03\/20\/using-a-large-language-model-llm-to-generate-ansible-playbooks-for-the-management-of-one-or-more-linux-servers\/","title":{"rendered":"Using a large language model (LLM) to generate Ansible playbooks for the management of one or more Linux servers"},"content":{"rendered":"\n

In this procedure, we create a Python script that connects to a large language model (LLM) to facilitate the creation of Ansible playbooks using natural language queries. We begin by creating the Ansible deployment environment on a staging server, with a hosts file and inventory.ini file that correspond to a group of servers. We enable passwordless entry from the staging server to the servers, and ensure that visudo is configured for passwordless escalation to root using sudo.<\/p>\n\n\n\n

The system does not run the generated playbook; the human operator must review it and then execute it manually.<\/p>\n\n\n\n

A preview of the system in operation<\/h1>\n\n\n\n

To use the system, an operator starts the playbook generator at the command line:<\/p>\n\n\n

\npython3 playbook_generator.py\n<\/pre><\/div>\n\n\n
The operator enters a natural language query, such as:<\/p>\n\n\n
\nCLI> install net-tools on node03\n<\/pre><\/div>\n\n\n
The system generates a playbook:<\/p>\n\n\n
\n\ud83d\udccc Saving Playbook: playbook_20250320123755.yml\n\u2705 Playbook saved: playbook_20250320123755.yml\nCLI> quit\n<\/pre><\/div>\n\n\n
The operator runs the playbook:<\/p>\n\n\n
\n(llmansible_env) root@node01:\/opt\/llmansible# ansible-playbook -i inventory.ini playbooks\/playbook_20250320123755.yml\n\nPLAY [Install net-tools on node03] ***\n\nTASK [Gathering Facts] *\nok: [node03]\n\nTASK [Install net-tools] *\nchanged: [node03]\n\nPLAY RECAP *\nnode03 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n<\/pre><\/div>\n\n\n
Escalating to root using sudo su<\/h1>\n\n\n\n
Enter the following command:<\/p>\n\n\n
\nsudo su\n<\/pre><\/div>\n\n\n
Configuring the staging server<\/h1>\n\n\n\n
On the staging server, enter the following commands:<\/p>\n\n\n
\napt clean &amp;&amp; update &amp;&amp; sudo apt upgrade -y&lt;br>reboot\n<\/pre><\/div>\n\n\n
Enter the following commands:<\/p>\n\n\n
\nsudo su\napt install -y ansible python3-pip tmux python3-venv \\\nopenssh-client pkg-config\n\ncd \/etc\nnotepad hosts\n<\/pre><\/div>\n\n\n
Use the nano editor to add the following text to the file. Modify IP address values as appropriate for your setup:<\/p>\n\n\n
\n127.0.1.1 node01\n192.168.56.82 node02\n192.168.56.83 node03\n192.168.56.84 node04\n192.168.56.85 node05\n<\/pre><\/div>\n\n\n
Save and exit the file.<\/p>\n\n\n\n
Preparing the nodes for automation<\/h1>\n\n\n\n
On each node, ensure that the server has a host name, static IP address, and has visudo configured for passwordless escalation to root with sudo su.<\/p>\n\n\n\n
For each node:<\/p>\n\n\n\n
Enter the following commands:<\/p>\n\n\n
\nsudo su\nvisudo\n<\/pre><\/div>\n\n\n
Use the nano editor to add the following text to the bottom of the file (substitute your login name):<\/p>\n\n\n
\ndesktop ALL=(ALL:ALL) NOPASSWD:ALL\n<\/pre><\/div>\n\n\n
Save and exit the file.<\/p>\n\n\n\n
Generating SSH keys<\/h1>\n\n\n\n
On the staging server, enter the following commands:<\/p>\n\n\n
\nsudo su\nssh-keygen -t rsa -b 4096 -f ~\/.ssh\/id_rsa -N ""\n<\/pre><\/div>\n\n\n
Copying the public SSH key to all nodes<\/h1>\n\n\n\n
Enter the following commands (substitute login username and server name as appropriate for your installation.<\/p>\n\n\n
\nssh-copy-id -i ~\/.ssh\/id_rsa.pub desktop@node02\nssh-copy-id -i ~\/.ssh\/id_rsa.pub desktop@node03\nssh-copy-id -i ~\/.ssh\/id_rsa.pub desktop@node04\nssh-copy-id -i ~\/.ssh\/id_rsa.pub desktop@node05\n<\/pre><\/div>\n\n\n
Verifying that passwordless login via SSH is working<\/h1>\n\n\n\n
Enter the following commands (modify login user name and host name as appropriate to match your installation):<\/p>\n\n\n
\nssh desktop@node02\nexit\n<\/pre><\/div>\n\n\n
Creating the inventory.ini file<\/h1>\n\n\n\n
Enter the following commands:<\/p>\n\n\n
\ncd \/opt\nmkdir llmansible\ncd llmansible\nnano inventory.ini\n<\/pre><\/div>\n\n\n
Use the nano editor to add the following text to the file:<\/p>\n\n\n
\n[all]\nnode02 ansible_host=192.168.56.82 ansible_user=desktop\nnode03 ansible_host=192.168.56.83 ansible_user=desktop\nnode04 ansible_host=192.168.56.84 ansible_user=desktop\nnode05 ansible_host=192.168.56.85 ansible_user=desktop\n[all:vars]\nansible_ssh_private_key_file=~\/.ssh\/id_rsa\nansible_python_interpreter=\/usr\/bin\/python3\n<\/pre><\/div>\n\n\n
Save and exit the file.<\/p>\n\n\n\n
Creating the config.ini file<\/h1>\n\n\n\n
Enter the following command:<\/p>\n\n\n
\nnano config.ini\n<\/pre><\/div>\n\n\n
Use the nano editor to add the following text to the file (modify values as appropriate to match your installation):<\/p>\n\n\n
\n[LLM]\nsystem_prompt = You are an AI that generates structured Ansible playbooks. Ensure: The playbook is idempotent. It installs required packages using apt (for Ubuntu) or yum (for CentOS). It does not execute shell commands directly. It follows proper YAML formatting. assume that OS is ubuntu unless otherwise stated. only respond with the contents of the ansible playbook, nothing more. do not offer multiple playbooks. do not add commentary.\napi_url = https:\/\/api.lemonfox.ai\/v1\/chat\/completions\napi_token = your-api-token\nmodel_name = llama-8b-chat\n<\/pre><\/div>\n\n\n
Save and exit the file.<\/p>\n\n\n\n
Creating a Python virtual environment (venv), and adding Python dependencies<\/h1>\n\n\n\n
Enter the following commands:<\/p>\n\n\n
\ncd \/opt\/llmansible\npython3 -m venv llmansible_env\nsource llmansible_env\/bin\/activate\n<\/pre><\/div>\n\n\n
Adding Python dependencies using pip<\/h1>\n\n\n\n
Enter the following command:<\/p>\n\n\n
\npip install PyYAML requests\n<\/pre><\/div>\n\n\n
Creating the playbook_generator.py file<\/h1>\n\n\n\n
Enter the following command:<\/p>\n\n\n
\nnano playbook_generator.py\n<\/pre><\/div>\n\n\n
Use the nano editor to add the following text to the file:<\/p>\n\n\n
\n# MIT license Gordon Buchan 2025\n# see https:\/\/opensource.org\/license\/mit\n# some of the code was generated with the assistance of AI tools.\n\nimport requests\nimport configparser\nimport os\nimport re\nimport yaml\nfrom datetime import datetime\n\n# Load Configuration\nconfig = configparser.ConfigParser()\nconfig.read("config.ini")\n\nLLM_API_URL = config.get("LLM", "api_url")\nLLM_API_TOKEN = config.get("LLM", "api_token")\nLLM_MODEL = config.get("LLM", "model_name")\nSYSTEM_PROMPT = config.get("LLM", "system_prompt")\n\nPLAYBOOK_DIR = "\/opt\/llmansible\/playbooks"\n\ndef extract_yaml(text):\n    """Extracts valid YAML content and removes explanations or malformed sections."""\n\n    # Remove Markdown-style code block markers (e.g., ```yaml)\n    text = re.sub(r"```(yaml|yml)?", "", text, flags=re.IGNORECASE).strip()\n\n    # Capture the first YAML block (ensuring it's well-formed)\n    match = re.search(r"(?s)(---\\n.+?)(?=\\n\\S|\\Z)", text)\n\n    if match:\n        yaml_content = match.group(1).strip()\n\n        # Remove trailing incomplete YAML lines or explanations\n        yaml_content = re.sub(r"\\n\\w+:\\s*\\"?[^\\n]*$", "", yaml_content).strip()\n\n        # Validate extracted YAML before returning\n        try:\n            yaml.safe_load(yaml_content)  # If this fails, the YAML is invalid\n            return yaml_content\n        except yaml.YAMLError as e:\n            print(f"\u274c YAML Validation Error: {e}")\n            return ""\n\n    print("\u274c Error: No valid YAML found.")\n    return ""\n\ndef query_llm(prompt):\n    """Queries the LLM API and extracts a valid Ansible playbook."""\n    payload = {\n        "model": LLM_MODEL,\n        "messages": [\n            {"role": "system", "content": SYSTEM_PROMPT},\n            {"role": "user", "content": prompt}\n        ],\n        "max_tokens": 2048\n    }\n\n    headers = {\n        "Authorization": f"Bearer {LLM_API_TOKEN}",\n        "Content-Type": "application\/json"\n    }\n\n    response = requests.post(LLM_API_URL, json=payload, headers=headers)\n\n    print("\\n\ud83d\udd0d API RAW RESPONSE:\\n", response.text)\n\n    try:\n        response_json = response.json()\n        llm_response = response_json["choices"][0]["message"]["content"]\n        yaml_content = extract_yaml(llm_response)\n\n        if not yaml_content:\n            print("\u274c Error: No valid YAML extracted.")\n            return ""\n\n        print("\\n\u2705 Extracted YAML Playbook:\\n", yaml_content)\n        return yaml_content\n\n    except (KeyError, IndexError):\n        print("\u274c Error: Unexpected API response format.")\n        return ""\n\ndef save_playbook(machine, command, playbook_content):\n    """Saves the extracted YAML playbook if it's valid."""\n    if not playbook_content.strip().startswith("---"):\n        print("\u274c Error: Extracted content is not a valid Ansible playbook. Skipping save.")\n        return None\n\n    timestamp = datetime.now().strftime("%Y%m%d%H%M%S")\n    playbook_name = f"playbook_{timestamp}.yml"\n    playbook_path = os.path.join(PLAYBOOK_DIR, playbook_name)\n\n    os.makedirs(PLAYBOOK_DIR, exist_ok=True)\n\n    print(f"\\n\ud83d\udccc Saving Playbook: {playbook_name}")\n\n    with open(playbook_path, "w") as f:\n        f.write(playbook_content)\n\n    return playbook_name\n\ndef main():\n    """CLI Operator Console."""\n    while True:\n        user_input = input("CLI> ")\n        if user_input.lower() in ["exit", "quit"]:\n            break\n\n        llm_response = query_llm(user_input)\n        if llm_response:\n            playbook_name = save_playbook("all", user_input, llm_response)\n            if playbook_name:\n                print(f"\u2705 Playbook saved: {playbook_name}")\n\nif __name__ == "__main__":\n    main()\n\n<\/pre><\/div>\n\n\n
Save and exit the file.<\/p>\n\n\n\n
Creating an Ansible playbook using the playbook generator<\/h1>\n\n\n\n
Ensuring that you are in the Python venv<\/h2>\n\n\n\n
Ensure that you are already in the Python venv. If not, enter the following commands:<\/p>\n\n\n
\ncd \/opt\/llmansible\nsource llmansible_env\/bin\/activate\n<\/pre><\/div>\n\n\n
Enter the following command:<\/p>\n\n\n
\npython3 playbook_generator.py\n<\/pre><\/div>\n\n\n
The operator enters a natural language query, such as:<\/p>\n\n\n
\nCLI> install net-tools on node04\n\ud83d\udd0d API RAW RESPONSE:\n{"id":"chatcmpl-923543777fb7a294","object":"chat.completion","created":1742474275313,"model":"llama-8b-chat","choices":[{"index":0,"message":{"content":"---\\n- name: Install net-tools on node04\\n hosts: node04\\n become: yes\\n tasks:\\n - name: Install net-tools\\n apt:\\n name: net-tools\\n state: present","role":"assistant"},"finish_reason":"stop"}],"usage":{"prompt_tokens":130,"completion_tokens":47,"total_tokens":177}}\n\n\u2705 Extracted YAML Playbook:\n\nname: Install net-tools on node04\nhosts: node04\nbecome: yes\ntasks:\n\nname: Install net-tools\napt:\nname: net-tools\nstate: present\n\n\ud83d\udccc Saving Playbook: playbook_20250320135023.yml\n\u2705 Playbook saved: playbook_20250320135023.yml\nCLI> quit\n<\/pre><\/div>\n\n\n
The operator runs the playbook:<\/p>\n\n\n
\n(llmansible_env) root@node01:\/opt\/llmansible# ansible-playbook -i inventory.ini playbooks\/playbook_20250320135023.yml\n\nPLAY [Install net-tools on node04] ***\n\nTASK [Gathering Facts] *\nok: [node04]\n\nTASK [Install net-tools] *\nchanged: [node04]\n\nPLAY RECAP *\nnode04 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
In this procedure, we create a Python script that connects to a large language model (LLM) to facilitate the creation of Ansible playbooks using natural language queries. We begin by creating the Ansible deployment environment on a staging server, with a hosts file and inventory.ini file that correspond to a group of servers. We enable … <\/p>\n
Continue reading “Using a large language model (LLM) to generate Ansible playbooks for the management of one or more Linux servers”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5430","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=5430"}],"version-history":[{"count":39,"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5430\/revisions"}],"predecessor-version":[{"id":5476,"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5430\/revisions\/5476"}],"wp:attachment":[{"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=5430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=5430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=5430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}