AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Android Backend Infrastructure Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Android backend infrastructure with Ansible: API services, FCM push, Play Console pipelines, build farms, MDM-adjacent infra, signing servers.

You don't run Ansible on Android devices — you run Ansible on the backend infrastructure that supports Android apps and fleets: API servers, FCM (Firebase Cloud Messaging) integrations, Google Play Console release pipelines, Android build farms, signing/keystore servers, and MDM-adjacent automation. This is the master Ansible guide for Android backend infrastructure.

What "Android automation" really means

| Layer | Ansible role | |---|---| | Mobile app | Not a target (no Ansible on devices) | | App backend (REST/gRPC, DB, cache) | First-class Ansible target — Linux servers/containers | | Push (FCM) | Provision tokens/secrets; deploy notifier services | | Build farm (Linux/macOS Jenkins/GitHub runners) | Provision SDK, NDK, Gradle cache, signing | | Release pipeline (Play Console) | Use androidpublisher API from playbooks | | MDM (Android Enterprise) | Provision EMM backend services (Linux) |

See also: Ansible on iOS Backend Infrastructure Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS with community.general, ansible.posix, community.docker, kubernetes.core.

Build agent (Linux) provisioning

- name: Provision Android build agent (Ubuntu 24.04)
  hosts: build_agents
  become: true
  tasks:
    - name: OpenJDK 21
      ansible.builtin.apt:
        name: openjdk-21-jdk-headless
        state: present
        update_cache: true

- name: Create android user
      ansible.builtin.user:
        name: android
        shell: /bin/bash
        home: /home/android
        create_home: true


- name: Download cmdline-tools
      ansible.builtin.unarchive:
        src: https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip
        dest: /opt/android-sdk/cmdline-tools/
        remote_src: true
        creates: /opt/android-sdk/cmdline-tools/cmdline-tools/bin/sdkmanager
        owner: android
        group: android


- name: Accept SDK licenses
      ansible.builtin.shell: |
        yes | /opt/android-sdk/cmdline-tools/cmdline-tools/bin/sdkmanager --licenses
      args:
        executable: /bin/bash
      become_user: android
      changed_when: false


- name: Install SDK packages
      ansible.builtin.command: >
        /opt/android-sdk/cmdline-tools/cmdline-tools/bin/sdkmanager
        "platforms;android-35"
        "build-tools;35.0.0"
        "platform-tools"
      become_user: android
      args:
        creates: /opt/android-sdk/platforms/android-35

See also: Fix Google Pixel Bootloop Sideloading OTA update

Signing server hardening

- name: Harden Android signing host
  hosts: signing_servers
  become: true
  tasks:
    - name: Restrict /opt/keystore
      ansible.builtin.file:
        path: /opt/keystore
        owner: signer
        group: signer
        mode: '0700'
        state: directory

- name: SSH only with keys
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?PasswordAuthentication'
        line: 'PasswordAuthentication no'
      notify: Restart ssh


handlers:
    - name: Restart ssh
      ansible.builtin.service:
        name: ssh
        state: restarted

App backend deployment (Kubernetes)

- name: Deploy Android app backend
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Helm release
      kubernetes.core.helm:
        kubeconfig: ~/.kube/config
        name: android-api
        chart_ref: ./charts/android-api
        release_namespace: prod
        create_namespace: true
        values:
          image:
            repository: registry.example.com/android-api
            tag: "1.42.0"
          fcm:
            serverKey: "{{ vault_fcm_server_key }}"

See also: Ansible AWS: Complete Guide to Cloud Automation (2026)

FCM push integration

- name: Push FCM secret as K8s Secret
  hosts: localhost
  gather_facts: false
  tasks:
    - name: FCM service account JSON
      kubernetes.core.k8s:
        kubeconfig: ~/.kube/config
        state: present
        definition:
          apiVersion: v1
          kind: Secret
          metadata:
            name: fcm-credentials
            namespace: prod
          type: Opaque
          stringData:
            service-account.json: "{{ vault_fcm_sa_json }}"

Play Console release upload

- name: Upload AAB to Play Console internal track
  hosts: localhost
  gather_facts: false
  vars:
    aab_path: ./build/app-release.aab
  tasks:
    - name: Upload via Google Play Developer API
      ansible.builtin.uri:
        url: "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications/{{ package_name }}/edits/{{ edit_id }}/bundles?uploadType=media"
        method: POST
        headers:
          Authorization: "Bearer {{ google_oauth_token }}"
          Content-Type: application/octet-stream
        src: "{{ aab_path }}"
        status_code: 200

Best practices

• Treat Android backends like any other Linux/Kubernetes target — same playbook patterns. • Keep signing keys offline or in HSM; Ansible should call a signing API, not handle private keys directly. • Provision build agents with immutable images (Packer + Ansible) and ephemeral Kubernetes runners. • Drive Play Console releases through API + Ansible uri calls in CI, not via desktops.

Conclusion

"Ansible on Android" really means automating the backend supporting Android apps and devices. With community.general, kubernetes.core, and ansible.builtin.uri against Google APIs, you can automate build farms, signing servers, FCM secrets, and Play Console pipelines end-to-end.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home