AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on macOS 15 Sequoia Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate macOS 15 (Sequoia) workstations and CI agents with Ansible: Homebrew, mas, osx_defaults, launchd, FileVault, Apple Intelligence, iPhone Mirroring.

macOS 15 (Sequoia) released September 2024. It brings Apple Intelligence (on-device LLM features), iPhone Mirroring, refreshed window-tiling APIs, and stronger app group containerization. For Ansible operators, the workflow is similar to Sonoma — but Sequoia introduces stricter Privacy & Security prompts (Full Disk Access, accessibility), so several MDM-side configuration profiles are typically needed before Ansible runs unattended.

macOS 15 Sequoia release facts

| Item | Value | |---|---| | Code name | Sequoia | | GA | 2024-09-16 | | Default shell | zsh | | Architectures | Apple silicon (preferred), Intel (final supported macOS for many Intel models) |

See also: Ansible on macOS 14 Sonoma Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS with Homebrew Python 3.13 on the managed node.

Bootstrap

xcode-select --install
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew install python@3.13

For unattended runs deploy an MDM PPPC (Privacy Preferences) profile granting Full Disk Access to /usr/sbin/sshd-keygen-wrapper and your Ansible service user's shell.

See also: Ansible on macOS 26 Tahoe Automation Complete Guide

Inventory

[macos15]
mac-dev-01.lab.example.com

[macos15:vars]
ansible_user=ansible
ansible_python_interpreter=/opt/homebrew/bin/python3
ansible_become_method=sudo

Baseline playbook

- name: macOS 15 Sequoia baseline
  hosts: macos15
  tasks:
    - name: Install developer brews
      community.general.homebrew:
        name:
          - git
          - python@3.13
          - node@22
          - go
          - rust
          - tmux
          - jq
          - mas
          - ansible
          - awscli
        state: present

- name: Install casks
      community.general.homebrew_cask:
        name:
          - visual-studio-code
          - iterm2
          - docker
          - rectangle
          - 1password-cli
        state: present


- name: Install mas apps
      community.general.mas:
        id: "{{ item }}"
        state: present
      loop: [497799835, 1333542190]

See also: Task Manager in macOS X with Ansible Automation

Apple Intelligence and iPhone Mirroring switches

- name: Tune Apple Intelligence and continuity
  hosts: macos15
  tasks:
    - name: Disable Apple Intelligence on shared CI builders
      community.general.osx_defaults:
        domain: com.apple.AppleIntelligence
        key: enabled
        type: bool
        value: false
      when: 'inventory_hostname is search("build-")'

- name: Allow iPhone Mirroring on dev laptops
      community.general.osx_defaults:
        domain: com.apple.icloud.fmfd
        key: AllowiPhoneMirroring
        type: bool
        value: true
      when: 'inventory_hostname is search("dev-")'

Window tiling defaults (Sequoia native)

- name: Enable window tiling shortcuts
  hosts: macos15
  tasks:
    - name: Default tiling enabled
      community.general.osx_defaults:
        domain: com.apple.WindowManager
        key: EnableTilingByEdgeDrag
        type: bool
        value: true

- name: Tiling shortcut
      community.general.osx_defaults:
        domain: com.apple.WindowManager
        key: EnableTilingOptionAccelerator
        type: bool
        value: true

launchd job for daily cleanup

- name: Daily Xcode DerivedData cleanup
  hosts: macos15
  tasks:
    - name: Drop plist
      ansible.builtin.copy:
        dest: "/Users/{{ ansible_user }}/Library/LaunchAgents/com.example.cleanbuild.plist"
        owner: "{{ ansible_user }}"
        mode: "0644"
        content: |
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0"><dict>
            <key>Label</key><string>com.example.cleanbuild</string>
            <key>ProgramArguments</key>
            <array><string>/bin/zsh</string><string>-lc</string><string>rm -rf "$HOME/Library/Developer/Xcode/DerivedData/*"</string></array>
            <key>StartCalendarInterval</key><dict><key>Hour</key><integer>3</integer><key>Minute</key><integer>0</integer></dict>
          </dict></plist>

Best practices

• Use MDM (Jamf, Kandji, Mosyle, Intune) to grant PPPC entitlements before unattended Ansible runs. • Disable Apple Intelligence on shared CI builders to avoid background ML jobs that thrash CPU. • For Apple silicon, install brews into /opt/homebrew; for Intel they live in /usr/local. • Run softwareupdate --list from Ansible on a schedule to detect pending macOS updates without forcing them.

Conclusion

macOS 15 Sequoia keeps the Sonoma Ansible workflow intact while adding new defaults for AI features, window tiling, and iPhone Mirroring. Layer Ansible on top of MDM for the cleanest split: MDM for security baseline, Ansible for everything developer-facing.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home