Infrastructure as Code with Ansible
Automating iGaming Platform Deployment
From deploying containerized casino APIs to hardening servers against CIS benchmarks, the book's iGaming reference platform uses Ansible to manage every layer of infrastructure — repeatably, auditably, and without a single SSH key scattered across laptops.
Built for Regulated Environments
iGaming platforms operate under strict audit requirements. Every configuration change must be traceable, repeatable, and reviewable. Ansible's design maps directly to these constraints.
Agentless
No daemons running on casino servers. Ansible connects over SSH, executes tasks, and disconnects. Reduces attack surface in PCI-DSS and GLI-GSF environments.
Idempotent
Run the same playbook 50 times, get the same result. Critical for gambling regulators who require configuration consistency across all server instances.
YAML-Based
Human-readable playbooks double as runbook documentation. Compliance auditors can read exactly what a playbook does — no Python or Bash expertise required.
Vault Encryption
Ansible Vault encrypts secrets (DB passwords, JWT keys, PIX credentials) at rest in the repository. Secrets never appear in plaintext in Git history.
Control Plane to Target Servers
Ansible's architecture is intentionally simple. A single control node reads an inventory, loads playbooks, and pushes configuration over SSH to target servers — no central server, no database, no single point of failure.
loadbalancer, wazuh
backup.yml, wazuh.yml
PIX secrets, TLS certs
Production Playbooks
These playbooks are extracted from the book's reference iGaming platform. They run against real infrastructure — every line has been tested in production-equivalent environments.
Deploy Casino API Containers
The book's AcmeToCasino platform runs as Docker containers managed by Ansible. This playbook pulls the versioned image from the registry and deploys it with the correct environment configuration — secrets loaded from Ansible Vault, never from plaintext files.
# Example 1: Deploy Casino API servers - name: Deploy AcmeToCasino API hosts: casino_api become: true vars: app_version: "2.4.0" casino_domain: "new.acmetocasino.com" tasks: - name: Pull latest Docker image docker_image: name: "acmetocasino/api:{{ app_version }}" source: pull - name: Deploy casino API container docker_container: name: new-casino-api image: "acmetocasino/api:{{ app_version }}" ports: - "127.0.0.1:8091:8090" env: DATABASE_URL: "{{ vault_database_url }}" JWT_SECRET: "{{ vault_jwt_secret }}" RNG_MODE: "csprng" restart_policy: unless-stopped
CIS Benchmark Security Hardening
Every server in the platform is hardened with a CIS Benchmark baseline before deployment. This playbook applies the security_baseline role (covering auditd, SSH hardening, kernel parameters) and installs the Wazuh SIEM agent pointing back to the central manager.
# Example 2: Security hardening for gambling servers - name: CIS Benchmark hardening hosts: all roles: - role: security_baseline vars: enable_auditd: true ssh_permit_root: false firewall_allowed_ports: [22, 80, 443] fail2ban_maxretry: 3 - role: wazuh_agent vars: wazuh_manager: "siem-01.internal" agent_groups: ["casino", "compliance"]
Encrypted Database Backups to S3
Brazilian gambling regulations require encrypted off-site backups with a documented retention period. This playbook dumps the PostgreSQL database, pipes it through GPG asymmetric encryption, and uploads it directly to S3 without ever writing the plaintext dump to disk.
# Example 3: Database backup with encryption - name: Automated PostgreSQL backup hosts: database tasks: - name: Dump database with encryption shell: | pg_dump -U casino_admin acmetocasino | \ gpg --encrypt --recipient ops@acmetocasino.com | \ aws s3 cp - s3://backups/{{ ansible_date_time.date }}.sql.gpg environment: PGPASSWORD: "{{ vault_pg_password }}"
Key Ansible Patterns for iGaming
Beyond basic playbooks — the patterns that matter most when operating regulated, real-money gaming infrastructure at scale.
Ansible Vault for Secrets Management
Casino platforms handle payment credentials, JWT signing keys, and PIX integration secrets. Ansible Vault encrypts these at rest inside the Git repository using AES-256 — no plaintext secrets ever committed, no external secret store required for smaller deployments.
# Encrypting casino database credentials ansible-vault encrypt_string 'SuperSecretDBPass!' --name 'vault_database_password' # Using vaulted vars in playbooks - name: Configure database connection template: src: database.yml.j2 dest: /etc/casino/database.yml vars: db_password: "{{ vault_database_password }}"
Rolling Deployments with Zero Downtime
Players cannot tolerate mid-session disconnects. Ansible's serial and max_fail_percentage directives enable controlled rolling releases — one server at a time, with load balancer drain/register and health checks between each step.
- name: Zero-downtime casino API deployment hosts: casino_api serial: 1 # One server at a time max_fail_percentage: 0 pre_tasks: - name: Remove from load balancer uri: url: "https://lb.acmetocasino.com/api/deregister" method: POST body: '{"server": "{{ inventory_hostname }}"}' roles: - deploy_casino_api post_tasks: - name: Health check uri: url: "http://{{ inventory_hostname }}:8090/health" status_code: 200 retries: 10 delay: 5 - name: Re-register in load balancer uri: url: "https://lb.acmetocasino.com/api/register" method: POST body: '{"server": "{{ inventory_hostname }}"}'
Compliance Scanning and Reporting
MGA, GLI, and Brazilian SIGAP auditors require documented evidence of security posture across all production nodes. This playbook collects security state from every server and renders a dated HTML report — ready for audit submission without manual effort.
- name: Generate compliance report for MGA audit hosts: all tasks: - name: Collect security posture shell: | echo "hostname: $(hostname)" echo "os: $(cat /etc/os-release | grep PRETTY_NAME)" echo "firewall: $(ufw status | head -1)" echo "ssh_root: $(grep PermitRootLogin /etc/ssh/sshd_config)" echo "audit: $(systemctl is-active auditd)" echo "wazuh: $(systemctl is-active wazuh-agent)" echo "disk_encryption: $(lsblk -o NAME,TYPE,FSTYPE | grep crypt)" register: security_data - name: Generate HTML compliance report template: src: compliance-report.html.j2 dest: "/var/reports/compliance-{{ ansible_date_time.date }}.html"
Dynamic Inventory for Auto-Scaling
iGaming traffic spikes around major sporting events. Dynamic inventory plugins discover new instances automatically — no manual hosts.yml updates required when the fleet scales out or in.
# Dynamic inventory plugin for cloud instances plugin: cloudflare_dns zone: cloud-acmetocasino.com groups: casino_api: "'api' in record.name" database: "'db' in record.name" monitoring: "'mon' in record.name"
Idempotent Configuration Management
Running this playbook 100 times produces the same end state. Nginx config is templated, SSL certificates auto-renew 30 days before expiry via ACME, and handlers only fire when state actually changes — no spurious restarts during peak traffic.
- name: Ensure casino platform configuration hosts: casino_api tasks: - name: Ensure nginx config template: src: nginx-casino.conf.j2 dest: /etc/nginx/sites-enabled/casino.conf notify: reload nginx - name: Ensure SSL certificates are current acme_certificate: account_email: ops@acmetocasino.com domains: - new.acmetocasino.com - bet-brazil.cloud-acmetocasino.com challenge: dns-01 remaining_days: 30 notify: reload nginx
Chapters Covering Ansible
Ansible is woven throughout the book's infrastructure sections, from initial server provisioning to ongoing operational playbooks and compliance automation.
DevSecOps Pipelines
Integrating Ansible into CI/CD for continuous compliance. Automated CIS hardening on every new server, secret rotation workflows, and Vault integration with HashiCorp Vault and Ansible Vault.
Datacenter Infrastructure
Provisioning the full server estate: bare-metal and VM configuration, network setup, storage mounts, monitoring agents, and compliance validation playbooks for the casino001 / daileon cluster.
Operational Playbooks
Day-2 operations: rolling deployments with zero-downtime, automated backup testing, incident response runbooks, log rotation, and certificate renewal — all as Ansible plays with audit trails.
48 Chapters. 3,000+ Scripts. All the Playbooks.
The complete Ansible playbook library — deploy, harden, backup, monitor, and rotate secrets — is included with every purchase of the book, alongside 3,000+ other production-grade scripts.