Ansible Automation Projects

Ansible enables infrastructure as code, allowing me to automate repetitive IT tasks with precision and consistency. By defining desired states in simple YAML playbooks, I transform manual processes into reliable, scalable automation that reduces human error and improves operational predictability.

Key Impact:

  • Business Alignment: Translate organizational needs into automated workflows
  • Operational Efficiency: Scale IT capabilities without proportional staffing increases
  • Cost Optimization: Reduce expenses through automation and improved system visibility
  • Security Enhancement: Implement consistent security configurations by default
  • Proactive Management: Shift IT from reactive troubleshooting to proactive maintenance, preventing outages before they occur
  • Reliability: Minimize system fragility through standardized, tested automation

Automated Portfolio Website Deployment Pipeline

Local Gitea Instance to GitHub Pages

Designed and implemented an end-to-end automated deployment workflow using Ansible, integrated directly into a CI/CD pipeline triggered by Gitea Actions, to publish my portfolio website with zero manual intervention. The results are the website are what you are viewing right now.

The playbook dynamically retrieves the latest tagged release from a self-hosted Gitea repository, applies consistent versioned naming, and stages the build artifacts locally. It then securely synchronizes the generated site to a GitHub Pages repository, ensuring the public-facing website always reflects the latest approved release.

Using Ansible, the deployment process:

  • Detects and downloads the latest release artifact automatically
  • Applies consistent, date-based versioning
  • Cleans and refreshes the target repository safely
  • Copies only the generated site output to production
  • Commits and pushes changes conditionall (only when updates exist)
  • Creates a corresponding GitHub release for traceability

Impact: The entire workflow is executed as part of a CI/CD pipeline in Gitea Actions, allowing a single release action in Gitea to automatically build, deploy, version, and publish the website.

Key highlights:

  • Infrastructure-as-Code deployment workflow with Ansible
  • CI/CD-triggered execution via Gitea Actions
  • Artifact-based deployments using tagged releases
  • Idempotent publishing logic to prevent unnecessary changes
  • Automated GitHub Pages updates and releases
  • Cross-platform orchestration between self-hosted Gitea and GitHub

Impact: Reduced website publishing to a fully automated, repeatable process, eliminated manual deployment errors, and ensured consistent, traceable releases...turning a multi-step deployment into a single automated action.

Employee Offboarding

Hybrid AD & Microsoft 365 Deprovisioning with Ansible

Designed and implemented an end-to-end Ansible-driven employee offboarding system that automates identity deprovisioning across on-prem Active Directory and Microsoft 365.

The solution schedules and enforces AD account expirations, validates user data, and performs daily checks for expiring accounts on domain controllers. When an offboarding event is triggered, Ansible securely orchestrates Microsoft Graph PowerShell workflows to disable user sessions, reset passwords, revoke group access, and enforce security controls in Microsoft 365.

Key highlights:

  • Hybrid automation spanning Windows domain controllers and cloud services
  • Custom PowerShell functions and modules integrated into Ansible workflows
  • Robust validation and error handling for usernames, email addresses, and dates
  • Security-focused design ensuring timely access revocation and auditability
  • Idempotent, production-ready playbooks suitable for scheduled and event-driven execution

Impact: Reduced offboarding time from manual, error-prone processes to a fully automated workflow completed in minutes, significantly improving security posture and operational consistency.

Employee Onboarding

Automated Hybrid AD, Microsoft 365 & Enterprise Service Provisioning with Ansible

Built a comprehensive Ansible-based employee onboarding automation that provisions user access across Active Directory, Microsoft 365, and internal enterprise systems from a single workflow.

The playbook creates new Active Directory users, securely generates randomized credentials, and provisions corresponding Microsoft 365 accounts with unique passwords. It integrates PowerShell automation to process CSV exports from network printers, generating and assigning new printer access codes for incoming employees. Additional tasks provision accounts across supporting internal services to ensure day-one readiness.

Prior to a ticketing system migration, the automation also integrated directly with Jira, automatically responding to onboarding tickets with status updates and completion details.

Key highlights:

  • End-to-end identity provisioning across on-prem and cloud environments
  • Secure password generation and credential handling
  • PowerShell-driven printer access automation using CSV data sources
  • Multi-service account creation beyond AD and M365
  • Ticket-driven automation with automated Jira responses
  • Idempotent, reusable Ansible playbooks designed for scale

Impact: Reduced onboarding time from hours to minutes, eliminated manual provisioning errors, and delivered consistent, auditable access for new employees on their first day.

Proactive Service Remediation

Public Printing Infrastructure Stability with Ansible

Developed a scheduled Ansible automation to proactively stabilize a failing public printing service that frequently required manual Windows service restarts across multiple office locations.

Using Ansible with Semaphore, I implemented a daily, off-hours playbook that automatically resets the affected Windows service when all offices were closed. This prevented cascading failures that previously triggered waves of support calls as offices opened throughout the day.

Key highlights:

  • Scheduled, unattended remediation using Ansible and Semaphore
  • Windows service automation across distributed environments
  • Proactive reliability engineering instead of reactive support
  • Safe execution window aligned with business hours

Impact: Eliminated recurring service outages, significantly reduced support call volume, and freed IT staff from repetitive manual interventions while improving service availability for patrons.

Stability for Mission-Critical Systems

Accounting System Automation & Remediation with Ansible

Implemented a scheduled Ansible playbook to proactively stabilize a mission-critical accounting application running on Windows Server that was prone to service crashes.

Prior to automation, failures frequently triggered urgent escalations and operational disruption for the accounting team. The playbook performs a controlled weekly restart of the application services during a safe maintenance window, preventing the recurring crashes that previously required manual intervention.

Key highlights:

  • Windows service automation for line-of-business applications
  • Scheduled preventive maintenance using Ansible
  • Zero-touch execution with predictable recovery behavior
  • Business-aligned maintenance windows to avoid user impact

Impact: Eliminated recurring outages, prevented high-stress incident escalations, and restored confidence for non-technical stakeholders by ensuring consistent system availability.

PII Data Sanitization

Public Folder Security on File Servers with Ansible

Implemented a scheduled Ansible automation to securely manage a shared file server directory used for inbound scanned documents containing highly sensitive personally identifiable information (PII), including social insurance numbers and banking details.

A manual deletion process was initially proposed, requiring staff to regularly clear the directory. This approach was unreliable, difficult to enforce, and vulnerable to being missed during high-priority IT incidents. To eliminate human error, I built an Ansible playbook that securely connects to the file server and automatically deletes the directory contents each evening after business hours.

Key highlights:

  • Security-first automation for sensitive data handling
  • Elimination of manual, error-prone processes
  • Scheduled execution outside business hours to avoid operational impact
  • Consistent, auditable enforcement of data retention policies

Impact: Significantly reduced the risk of sensitive data exposure, ensured consistent compliance with internal data-handling policies, and removed a fragile manual task from daily IT operations.

Account Auditing and Reporting

Active Directory & Microsoft 365 with Ansible

Designed and implemented an Ansible-based auditing and reporting solution to continuously assess identity and device hygiene across on-prem Active Directory and Microsoft 365.

The automation polls domain controllers to identify stale computer objects that have not checked in for extended periods, enabling the IT services team to cross-reference devices against the asset inventory to confirm decommissioning or recovery. This significantly reduced Active Directory object sprawl and improved directory accuracy.

The playbook also audits user account activity, identifying inactive, disabled, and locked accounts. These reports were used to validate account lifecycle events against HR-provided employee rosters, reducing missed off-boardings and strengthening the organization’s security posture.

In parallel, the automation performs Microsoft 365 user and license audits, correlating cloud accounts with on-prem activity to identify accounts that should be deactivated and licenses reclaimed.

Key highlights:

  • Hybrid identity auditing across AD and Microsoft 365
  • Detection of stale devices and inactive users
  • Cost control through license reclamation
  • Security posture improvement via reduced orphaned accounts
  • CSV-based reporting published to shared locations for cross-team review

Impact: Improved directory accuracy, reduced security risk from dormant identities, lowered Microsoft 365 licensing costs, and provided IT leadership with clear, actionable audit data for lifecycle management.

Digital Signage Platform

Custom Linux Distribution & Automation with Ansible

Architected and deployed a fully automated digital signage platform managed end-to-end with Ansible, replacing an unreliable, freemium Windows-based solution that had effectively become abandonware.

The legacy system caused frequent outages, frozen players, disruptive OS notifications, and required on-site manual intervention...often involving ladder access to power-cycle devices. Windows updates, advertisements, and OS instability made reliable video playback impossible at scale.

To solve this, I built a custom minimal Debian-based distribution, designed specifically for digital signage reliability. The operating system installation was fully automated using Debian preseed, producing a custom ISO with no interactive setup. A dedicated systemd service ensured the latest campaign video played continuously and reliably on boot.

A suite of Ansible playbooks provided centralized control of all signage players across multiple remote branches, enabling:

  • Remote start/stop of signage playback
  • Scheduled nightly content updates from a central file server
  • Remote software updates and controlled reboots
  • Fleet-wide management with no physical access required

For resiliency, a Cockpit web UI was deployed on each player, allowing manual recovery and control if Ansible connectivity was unavailable.

Key highlights:

  • Custom Linux OS engineering for single-purpose reliability
  • Ansible-driven fleet management across geographically distributed sites
  • systemd-based application orchestration
  • Zero-touch provisioning with Debian preseed
  • Fallback web management via Cockpit

Impact: Eliminated routine on-site service visits, drastically reduced support calls related to digital signage failures, and transformed digital signage from a recurring operational burden into a stable, self-maintaining platform...freeing the IT services team to focus on higher-value work.

SSL Certificate Management

Automated SSL Enablement with Ansible

Identified and remediated a security gap where internally hosted web applications were operating over unencrypted HTTP, exposing sensitive internal traffic. The organization underestimated the value of SSL due to the perceived complexity of managing custom certificates across multiple systems.

Collaborated with web developers to obtain a wildcard SSL certificate aligned with the organization’s domain, eliminating browser warnings and enabling encrypted communication without per-machine certificate installation.

Built an Ansible playbook to centrally deploy and renew SSL certificates across multiple internal web applications...including the inventory system, ticketing platform, and staff intranet...with a single execution. This ensured consistent HTTPS enforcement and simplified certificate lifecycle management.

As the environment evolved, the applications were consolidated behind HAProxy, and the automation was extended to update certificates and reload services centrally.

Key highlights:

  • Security posture improvement through encrypted internal communications
  • Wildcard SSL strategy to simplify trust management
  • One-click certificate deployment and renewal using Ansible
  • Cross-team collaboration with development teams
  • Scalable evolution to centralized TLS termination with HAProxy

Impact: Eliminated insecure HTTP usage, removed browser trust warnings, simplified certificate renewals, and ensured consistent, encrypted access to internal services with minimal operational overhead.

Ubuntu Website OS & Containerized Development Automation with Ansible

Modernized the corporate website infrastructure by transitioning from a single, static Ubuntu VM to LXC (Linux container) hosting, enabling faster deployments, easier updates, and greater development agility.

Using Ansible, I automated website backups, container snapshots, and local replication of the production environment. This allowed web developers to work locally on an exact copy of the live site without risking downtime or production errors.

Key highlights:

  • Containerized hosting for improved deployment velocity and scalability
  • Automated backups and snapshots for website protection and quick recovery
  • Local development replication for safe, parallel testing and feature development
  • Reduced errors and downtime by removing manual deployment steps

Impact: Empowered web developers to iterate rapidly while ensuring the corporate website remained stable and highly available, all with minimal manual intervention.

Zero-Touch Website OS Upgrade

Ubuntu OS Upgrade with Ansible

Automated the upgrade of a corporate website VM from Ubuntu 22.04 to 24.04, eliminating a previously manual, multi-hour process that risked significant downtime.

Using Ansible playbooks and a staged local VM environment, I implemented a zero-touch upgrade process that reduced website downtime from hours to just a few minutes. The solution was fully repeatable and required minimal manual intervention, allowing operations to run smoothly without disrupting users.

Key highlights:

  • Zero-touch OS upgrades for minimal downtime
  • Staged testing environment to validate upgrades before production
  • Automated, repeatable playbooks for consistent results
  • Business continuity maintained with near-invisible service impact

Impact: Transformed a time-consuming, risky maintenance task into a fast, reliable, automated operation, impressing stakeholders and improving operational confidence in future upgrades.