ansible 配置文件设置
Posted yanling-coder
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible 配置文件设置相关的知识,希望对你有一定的参考价值。
ansible 配置文件设置
一、ansible configuration settings
ansible支持多种形式,对它进行配置,其中包括命令行配置、配置文件配置(ansible.cfg)、直接修改linux环境变量、以及playbook中使用变量去修改ansible配置。总共4种表现形式。
二、ansible 配置文件查找顺序(从上到下,依次查找)
ANSIBLE_CONFIG用来设置配置文件所在位置ansible.cfg(在当前执行命令的目录下,是否有ansible.cfg)~/.ansible.cfg(查找家目录下是否有.ansible.cfg文件)/etc/ansible/ansible.cfg(查找etc下面是否有ansible.cfg配置文件)
ansible 将使用第一个查找到的配置文件,其他的将被忽略。
ansible配置文件使用
#和;来进行注释;如果是内联注释,只允许使用;# some basic default values... inventory = /etc/ansible/hosts ; This points to the file that lists your hosts
三、附录ansible配置参数
官网所有可配置参数:
https://docs.ansible.com/ansible/latest/reference_appendices/config.html
ACTION_WARNINGS:
default: true
description: [By default Ansible will issue a warning when received from a task
action (module or action plugin), These warnings can be silenced by adjusting
this setting to False.]
env:
- name: ANSIBLE_ACTION_WARNINGS
ini:
- key: action_warnings, section: defaults
name: Toggle action warnings
type: boolean
version_added: '2.5'
AGNOSTIC_BECOME_PROMPT:
default: true
description: Display an agnostic become prompt instead of displaying a prompt containing
the command line supplied become method
env:
- name: ANSIBLE_AGNOSTIC_BECOME_PROMPT
ini:
- key: agnostic_become_prompt, section: privilege_escalation
name: Display an agnostic become prompt
type: boolean
version_added: '2.5'
yaml: key: privilege_escalation.agnostic_become_prompt
ALLOW_WORLD_READABLE_TMPFILES:
default: false
description: [This makes the temporary files created on the machine to be world
readable and will issue a warning instead of failing the task., It is useful
when becoming an unprivileged user.]
env: []
ini:
- key: allow_world_readable_tmpfiles, section: defaults
name: Allow world readable temporary files
type: boolean
version_added: '2.1'
yaml: key: defaults.allow_world_readable_tmpfiles
ANSIBLE_CONNECTION_PATH:
default: null
description: [Specify where to look for the ansible-connection script. This location
will be checked before searching $PATH., 'If null, ansible will start with the
same directory as the ansible script.']
env:
- name: ANSIBLE_CONNECTION_PATH
ini:
- key: ansible_connection_path, section: persistent_connection
name: Path of ansible-connection script
type: path
version_added: '2.8'
yaml: key: persistent_connection.ansible_connection_path
ANSIBLE_COW_PATH:
default: null
description: Specify a custom cowsay path or swap in your cowsay implementation
of choice
env:
- name: ANSIBLE_COW_PATH
ini:
- key: cowpath, section: defaults
name: Set path to cowsay command
type: string
yaml: key: display.cowpath
ANSIBLE_COW_SELECTION:
default: default
description: This allows you to chose a specific cowsay stencil for the banners
or use 'random' to cycle through them.
env:
- name: ANSIBLE_COW_SELECTION
ini:
- key: cow_selection, section: defaults
name: Cowsay filter selection
ANSIBLE_COW_WHITELIST:
default: [bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake,
elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren,
sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux,
udder, vader-koala, vader, www]
description: White list of cowsay templates that are 'safe' to use, set to empty
list if you want to enable all installed templates.
env:
- name: ANSIBLE_COW_WHITELIST
ini:
- key: cow_whitelist, section: defaults
name: Cowsay filter whitelist
type: list
yaml: key: display.cowsay_whitelist
ANSIBLE_FORCE_COLOR:
default: false
description: This options forces color mode even when running without a TTY or the
"nocolor" setting is True.
env:
- name: ANSIBLE_FORCE_COLOR
ini:
- key: force_color, section: defaults
name: Force color output
type: boolean
yaml: key: display.force_color
ANSIBLE_NOCOLOR:
default: false
description: This setting allows suppressing colorizing output, which is used to
give a better indication of failure and status information.
env:
- name: ANSIBLE_NOCOLOR
ini:
- key: nocolor, section: defaults
name: Suppress color output
type: boolean
yaml: key: display.nocolor
ANSIBLE_NOCOWS:
default: false
description: If you have cowsay installed but want to avoid the 'cows' (why????),
use this.
env:
- name: ANSIBLE_NOCOWS
ini:
- key: nocows, section: defaults
name: Suppress cowsay output
type: boolean
yaml: key: display.i_am_no_fun
ANSIBLE_PIPELINING:
default: false
description: ['Pipelining, if supported by the connection plugin, reduces the number
of network operations required to execute a module on the remote server, by
executing many Ansible modules without actual file transfer.', This can result
in a very significant performance improvement when enabled., 'However this conflicts
with privilege escalation (become). For example, when using ''sudo:'' operations
you must first disable ''requiretty'' in /etc/sudoers on all managed hosts,
which is why it is disabled by default.', This options is disabled if ``ANSIBLE_KEEP_REMOTE_FILES``
is enabled.]
env:
- name: ANSIBLE_PIPELINING
- name: ANSIBLE_SSH_PIPELINING
ini:
- key: pipelining, section: connection
- key: pipelining, section: ssh_connection
name: Connection pipelining
type: boolean
yaml: key: plugins.connection.pipelining
ANSIBLE_SSH_ARGS:
default: -C -o ControlMaster=auto -o ControlPersist=60s
description: ['If set, this will override the Ansible default ssh arguments.', 'In
particular, users may wish to raise the ControlPersist time to encourage performance. A
value of 30 minutes may be appropriate.', 'Be aware that if `-o ControlPath`
is set in ssh_args, the control path setting is not used.']
env:
- name: ANSIBLE_SSH_ARGS
ini:
- key: ssh_args, section: ssh_connection
yaml: key: ssh_connection.ssh_args
ANSIBLE_SSH_CONTROL_PATH:
default: null
description: ['This is the location to save ssh''s ControlPath sockets, it uses
ssh''s variable substitution.', 'Since 2.3, if null, ansible will generate a
unique hash. Use `%(directory)s` to indicate where to use the control dir path
setting.', Before 2.3 it defaulted to `control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r`.,
Be aware that this setting is ignored if `-o ControlPath` is set in ssh args.]
env:
- name: ANSIBLE_SSH_CONTROL_PATH
ini:
- key: control_path, section: ssh_connection
yaml: key: ssh_connection.control_path
ANSIBLE_SSH_CONTROL_PATH_DIR:
default: ~/.ansible/cp
description: [This sets the directory to use for ssh control path if the control
path setting is null., 'Also, provides the `%(directory)s` variable for the
control path setting.']
env:
- name: ANSIBLE_SSH_CONTROL_PATH_DIR
ini:
- key: control_path_dir, section: ssh_connection
yaml: key: ssh_connection.control_path_dir
ANSIBLE_SSH_EXECUTABLE:
default: ssh
description: [This defines the location of the ssh binary. It defaults to `ssh`
which will use the first ssh binary available in $PATH., 'This option is usually
not required, it might be useful when access to system ssh is restricted, or
when using ssh wrappers to connect to remote hosts.']
env:
- name: ANSIBLE_SSH_EXECUTABLE
ini:
- key: ssh_executable, section: ssh_connection
version_added: '2.2'
yaml: key: ssh_connection.ssh_executable
ANSIBLE_SSH_RETRIES:
default: 0
description: Number of attempts to establish a connection before we give up and
report the host as 'UNREACHABLE'
env:
- name: ANSIBLE_SSH_RETRIES
ini:
- key: retries, section: ssh_connection
type: integer
yaml: key: ssh_connection.retries
ANY_ERRORS_FATAL:
default: false
description: Sets the default value for the any_errors_fatal keyword, if True, Task
failures will be considered fatal errors.
env:
- name: ANSIBLE_ANY_ERRORS_FATAL
ini:
- key: any_errors_fatal, section: defaults
name: Make Task failures fatal
type: boolean
version_added: '2.4'
yaml: key: errors.any_task_errors_fatal
BECOME_ALLOW_SAME_USER:
default: false
description: This setting controls if become is skipped when remote user and become
user are the same. I.E root sudo to root.
env:
- name: ANSIBLE_BECOME_ALLOW_SAME_USER
ini:
- key: become_allow_same_user, section: privilege_escalation
name: Allow becoming the same user
type: boolean
yaml: key: privilege_escalation.become_allow_same_user
BECOME_PLUGIN_PATH:
default: ~/.ansible/plugins/become:/usr/share/ansible/plugins/become
description: Colon separated paths in which Ansible will search for Become Plugins.
env:
- name: ANSIBLE_BECOME_PLUGINS
ini:
- key: become_plugins, section: defaults
name: Become plugins path
type: pathspec
version_added: '2.8'
CACHE_PLUGIN:
default: memory
description: Chooses which cache plugin to use, the default 'memory' is ephimeral.
env:
- name: ANSIBLE_CACHE_PLUGIN
ini:
- key: fact_caching, section: defaults
name: Persistent Cache plugin
yaml: key: facts.cache.plugin
CACHE_PLUGIN_CONNECTION:
default: null
description: Defines connection or path information for the cache plugin
env:
- name: ANSIBLE_CACHE_PLUGIN_CONNECTION
ini:
- key: fact_caching_connection, section: defaults
name: Cache Plugin URI
yaml: key: facts.cache.uri
CACHE_PLUGIN_PREFIX:
default: ansible_facts
description: Prefix to use for cache plugin files/tables
env:
- name: ANSIBLE_CACHE_PLUGIN_PREFIX
ini:
- key: fact_caching_prefix, section: defaults
name: Cache Plugin table prefix
yaml: key: facts.cache.prefix
CACHE_PLUGIN_TIMEOUT:
default: 86400
description: Expiration timeout for the cache plugin data
env:
- name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
ini:
- key: fact_caching_timeout, section: defaults
name: Cache Plugin expiration timeout
type: integer
yaml: key: facts.cache.timeout
COLLECTIONS_PATHS:
default: ~/.ansible/collections:/usr/share/ansible/collections
env:
- name: ANSIBLE_COLLECTIONS_PATHS
ini:
- key: collections_paths, section: defaults
name: ordered list of root paths for loading installed Ansible collections content
type: pathspec
COLOR_CHANGED:
default: yellow
description: Defines the color to use on 'Changed' task status
env:
- name: ANSIBLE_COLOR_CHANGED
ini:
- key: changed, section: colors
name: Color for 'changed' task status
yaml: key: display.colors.changed
COLOR_CONSOLE_PROMPT:
default: white
description: Defines the default color to use for ansible-console
env:
- name: ANSIBLE_COLOR_CONSOLE_PROMPT
ini:
- key: console_prompt, section: colors
name: Color for ansible-console's prompt task status
version_added: '2.7'
COLOR_DEBUG:
default: dark gray
description: Defines the color to use when emitting debug messages
env:
- name: ANSIBLE_COLOR_DEBUG
ini:
- key: debug, section: colors
name: Color for debug statements
yaml: key: display.colors.debug
COLOR_DEPRECATE:
default: purple
description: Defines the color to use when emitting deprecation messages
env:
- name: ANSIBLE_COLOR_DEPRECATE
ini:
- key: deprecate, section: colors
name: Color for deprecation messages
yaml: key: display.colors.deprecate
COLOR_DIFF_ADD:
default: green
description: Defines the color to use when showing added lines in diffs
env:
- name: ANSIBLE_COLOR_DIFF_ADD
ini:
- key: diff_add, section: colors
name: Color for diff added display
yaml: key: display.colors.diff.add
COLOR_DIFF_LINES:
default: cyan
description: Defines the color to use when showing diffs
env:
- name: ANSIBLE_COLOR_DIFF_LINES
ini:
- key: diff_lines, section: colors
name: Color for diff lines display
COLOR_DIFF_REMOVE:
default: red
description: Defines the color to use when showing removed lines in diffs
env:
- name: ANSIBLE_COLOR_DIFF_REMOVE
ini:
- key: diff_remove, section: colors
name: Color for diff removed display
COLOR_ERROR:
default: red
description: Defines the color to use when emitting error messages
env:
- name: ANSIBLE_COLOR_ERROR
ini:
- key: error, section: colors
name: Color for error messages
yaml: key: colors.error
COLOR_HIGHLIGHT:
default: white
description: Defines the color to use for highlighting
env:
- name: ANSIBLE_COLOR_HIGHLIGHT
ini:
- key: highlight, section: colors
name: Color for highlighting
COLOR_OK:
default: green
description: Defines the color to use when showing 'OK' task status
env:
- name: ANSIBLE_COLOR_OK
ini:
- key: ok, section: colors
name: Color for 'ok' task status
COLOR_SKIP:
default: cyan
description: Defines the color to use when showing 'Skipped' task status
env:
- name: ANSIBLE_COLOR_SKIP
ini:
- key: skip, section: colors
name: Color for 'skip' task status
COLOR_UNREACHABLE:
default: bright red
description: Defines the color to use on 'Unreachable' status
env:
- name: ANSIBLE_COLOR_UNREACHABLE
ini:
- key: unreachable, section: colors
name: Color for 'unreachable' host state
COLOR_VERBOSE:
default: blue
description: Defines the color to use when emitting verbose messages. i.e those
that show with '-v's.
env:
- name: ANSIBLE_COLOR_VERBOSE
ini:
- key: verbose, section: colors
name: Color for verbose messages
COLOR_WARN:
default: bright purple
description: Defines the color to use when emitting warning messages
env:
- name: ANSIBLE_COLOR_WARN
ini:
- key: warn, section: colors
name: Color for warning messages
COMMAND_WARNINGS:
default: true
description: [By default Ansible will issue a warning when the shell or command
module is used and the command appears to be similar to an existing Ansible
module., These warnings can be silenced by adjusting this setting to False.
You can also control this at the task level with the module option ``warn``.]
env:
- name: ANSIBLE_COMMAND_WARNINGS
ini:
- key: command_warnings, section: defaults
name: Command module warnings
type: boolean
version_added: '1.8'
CONDITIONAL_BARE_VARS:
default: true
description: ['With this setting on (True), running conditional evaluation ''var''
is treated differently than ''var.subkey'' as the first is evaluated directly
while the second goes through the Jinja2 parser. But ''false'' strings in ''var''
get evaluated as booleans.', With this setting off they both evaluate the same
but in cases in which 'var' was 'false' (a string) it won't get evaluated as
a boolean anymore., Currently this setting defaults to 'True' but will soon
change to 'False' and the setting itself will be removed in the future., Expect
the default to change in version 2.10 and that this setting eventually will
be deprecated after 2.12]
env:
- name: ANSIBLE_CONDITIONAL_BARE_VARS
ini:
- key: conditional_bare_variables, section: defaults
name: Allow bare variable evaluation in conditionals
type: boolean
version_added: '2.8'
CONNECTION_FACTS_MODULES:
default: eos: eos_facts, frr: frr_facts, ios: ios_facts, iosxr: iosxr_facts, junos: junos_facts,
nxos: nxos_facts, vyos: vyos_facts
description: Which modules to run during a play's fact gathering stage based on
connection
env:
- name: ANSIBLE_CONNECTION_FACTS_MODULES
ini:
- key: connection_facts_modules, section: defaults
name: Map of connections to fact modules
type: dict
DEFAULT_ACTION_PLUGIN_PATH:
default: ~/.ansible/plugins/action:/usr/share/ansible/plugins/action
description: Colon separated paths in which Ansible will search for Action Plugins.
env:
- name: ANSIBLE_ACTION_PLUGINS
ini:
- key: action_plugins, section: defaults
name: Action plugins path
type: pathspec
yaml: key: plugins.action.path
DEFAULT_ALLOW_UNSAFE_LOOKUPS:
default: false
description: ['When enabled, this option allows lookup plugins (whether used in
variables as ``lookup(''foo'')`` or as a loop as with_foo) to return data
that is not marked ''unsafe''.', 'By default, such data is marked as unsafe
to prevent the templating engine from evaluating any jinja2 templating language,
as this could represent a security risk. This option is provided to allow for
backwards-compatibility, however users should first consider adding allow_unsafe=True
to any lookups which may be expected to contain data which may be run through
the templating engine late']
env: []
ini:
- key: allow_unsafe_lookups, section: defaults
name: Allow unsafe lookups
type: boolean
version_added: 2.2.3
DEFAULT_ASK_PASS:
default: false
description: ['This controls whether an Ansible playbook should prompt for a login
password. If using SSH keys for authentication, you probably do not needed to
change this setting.']
env:
- name: ANSIBLE_ASK_PASS
ini:
- key: ask_pass, section: defaults
name: Ask for the login password
type: boolean
yaml: key: defaults.ask_pass
DEFAULT_ASK_SUDO_PASS:
default: false
deprecated: alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_ask_pass.'
description: [This controls whether an Ansible playbook should prompt for a sudo
password.]
env:
- name: ANSIBLE_ASK_SUDO_PASS
ini:
- key: ask_sudo_pass, section: defaults
name: Ask for the sudo password
type: boolean
DEFAULT_ASK_SU_PASS:
default: false
deprecated: alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_ask_pass.'
description: [This controls whether an Ansible playbook should prompt for a su password.]
env:
- name: ANSIBLE_ASK_SU_PASS
ini:
- key: ask_su_pass, section: defaults
name: Ask for the su password
type: boolean
DEFAULT_ASK_VAULT_PASS:
default: false
description: [This controls whether an Ansible playbook should prompt for a vault
password.]
env:
- name: ANSIBLE_ASK_VAULT_PASS
ini:
- key: ask_vault_pass, section: defaults
name: Ask for the vault password(s)
type: boolean
DEFAULT_BECOME:
default: false
description: Toggles the use of privilege escalation, allowing you to 'become' another
user after login.
env:
- name: ANSIBLE_BECOME
ini:
- key: become, section: privilege_escalation
name: Enable privilege escalation (become)
type: boolean
DEFAULT_BECOME_ASK_PASS:
default: false
description: Toggle to prompt for privilege escalation password.
env:
- name: ANSIBLE_BECOME_ASK_PASS
ini:
- key: become_ask_pass, section: privilege_escalation
name: Ask for the privilege escalation (become) password
type: boolean
DEFAULT_BECOME_EXE:
default: null
description: executable to use for privilege escalation, otherwise Ansible will
depend on PATH
env:
- name: ANSIBLE_BECOME_EXE
ini:
- key: become_exe, section: privilege_escalation
name: Choose 'become' executable
DEFAULT_BECOME_FLAGS:
default: ''
description: Flags to pass to the privilege escalation executable.
env:
- name: ANSIBLE_BECOME_FLAGS
ini:
- key: become_flags, section: privilege_escalation
name: Set 'become' executable options
DEFAULT_BECOME_METHOD:
default: sudo
description: Privilege escalation method to use when `become` is enabled.
env:
- name: ANSIBLE_BECOME_METHOD
ini:
- key: become_method, section: privilege_escalation
name: Choose privilege escalation method
DEFAULT_BECOME_USER:
default: root
description: The user your login/remote user 'becomes' when using privilege escalation,
most systems will use 'root' when no user is specified.
env:
- name: ANSIBLE_BECOME_USER
ini:
- key: become_user, section: privilege_escalation
name: Set the user you 'become' via privilege escalation
yaml: key: become.user
DEFAULT_CACHE_PLUGIN_PATH:
default: ~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache
description: Colon separated paths in which Ansible will search for Cache Plugins.
env:
- name: ANSIBLE_CACHE_PLUGINS
ini:
- key: cache_plugins, section: defaults
name: Cache Plugins Path
type: pathspec
DEFAULT_CALLABLE_WHITELIST:
default: []
description: Whitelist of callable methods to be made available to template evaluation
env:
- name: ANSIBLE_CALLABLE_WHITELIST
ini:
- key: callable_whitelist, section: defaults
name: Template 'callable' whitelist
type: list
DEFAULT_CALLBACK_PLUGIN_PATH:
default: ~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback
description: Colon separated paths in which Ansible will search for Callback Plugins.
env:
- name: ANSIBLE_CALLBACK_PLUGINS
ini:
- key: callback_plugins, section: defaults
name: Callback Plugins Path
type: pathspec
yaml: key: plugins.callback.path
DEFAULT_CALLBACK_WHITELIST:
default: []
description: ['List of whitelisted callbacks, not all callbacks need whitelisting,
but many of those shipped with Ansible do as we don''t want them activated by
default.']
env:
- name: ANSIBLE_CALLBACK_WHITELIST
ini:
- key: callback_whitelist, section: defaults
name: Callback Whitelist
type: list
yaml: key: plugins.callback.whitelist
DEFAULT_CLICONF_PLUGIN_PATH:
default: ~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf
description: Colon separated paths in which Ansible will search for Cliconf Plugins.
env:
- name: ANSIBLE_CLICONF_PLUGINS
ini:
- key: cliconf_plugins, section: defaults
name: Cliconf Plugins Path
type: pathspec
DEFAULT_CONNECTION_PLUGIN_PATH:
default: ~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection
description: Colon separated paths in which Ansible will search for Connection Plugins.
env:
- name: ANSIBLE_CONNECTION_PLUGINS
ini:
- key: connection_plugins, section: defaults
name: Connection Plugins Path
type: pathspec
yaml: key: plugins.connection.path
DEFAULT_DEBUG:
default: false
description: ['Toggles debug output in Ansible. This is *very* verbose and can hinder
multiprocessing. Debug output can also include secret information despite no_log
settings being enabled, which means debug mode should not be used in production.']
env:
- name: ANSIBLE_DEBUG
ini:
- key: debug, section: defaults
name: Debug mode
type: boolean
DEFAULT_EXECUTABLE:
default: /bin/sh
description: ['This indicates the command to use to spawn a shell under for Ansible''s
execution needs on a target. Users may need to change this in rare instances
when shell usage is constrained, but in most cases it may be left as is.']
env:
- name: ANSIBLE_EXECUTABLE
ini:
- key: executable, section: defaults
name: Target shell executable
DEFAULT_FACT_PATH:
default: null
description: [This option allows you to globally configure a custom path for 'local_facts'
for the implied M(setup) task when using fact gathering., 'If not set, it will
fallback to the default from the M(setup) module: ``/etc/ansible/facts.d``.',
This does **not** affect user defined tasks that use the M(setup) module.]
env:
- name: ANSIBLE_FACT_PATH
ini:
- key: fact_path, section: defaults
name: local fact path
type: path
yaml: key: facts.gathering.fact_path
DEFAULT_FILTER_PLUGIN_PATH:
default: ~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter
description: Colon separated paths in which Ansible will search for Jinja2 Filter
Plugins.
env:
- name: ANSIBLE_FILTER_PLUGINS
ini:
- key: filter_plugins, section: defaults
name: Jinja2 Filter Plugins Path
type: pathspec
DEFAULT_FORCE_HANDLERS:
default: false
description: [This option controls if notified handlers run on a host even if a
failure occurs on that host., 'When false, the handlers will not run if a failure
has occurred on a host.', This can also be set per play or on the command line.
See Handlers and Failure for more details.]
env:
- name: ANSIBLE_FORCE_HANDLERS
ini:
- key: force_handlers, section: defaults
name: Force handlers to run after failure
type: boolean
version_added: 1.9.1
DEFAULT_FORKS:
default: 5
description: Maximum number of forks Ansible will use to execute tasks on target
hosts.
env:
- name: ANSIBLE_FORKS
ini:
- key: forks, section: defaults
name: Number of task forks
type: integer
DEFAULT_GATHERING:
choices: [smart, explicit, implicit]
default: implicit
description: [This setting controls the default policy of fact gathering (facts
discovered about remote systems)., 'When ''implicit'' (the default), the cache
plugin will be ignored and facts will be gathered per play unless ''gather_facts:
False'' is set.', 'When ''explicit'' the inverse is true, facts will not be
gathered unless directly requested in the play.', 'The ''smart'' value means
each new host that has no facts discovered will be scanned, but if the same
host is addressed in multiple plays it will not be contacted again in the playbook
run.', This option can be useful for those wishing to save fact gathering time.
Both 'smart' and 'explicit' will use the cache plugin.]
env:
- name: ANSIBLE_GATHERING
ini:
- key: gathering, section: defaults
name: Gathering behaviour
version_added: '1.6'
DEFAULT_GATHER_SUBSET:
default: [all]
description: [Set the `gather_subset` option for the M(setup) task in the implicit
fact gathering. See the module documentation for specifics., It does **not**
apply to user defined M(setup) tasks.]
env:
- name: ANSIBLE_GATHER_SUBSET
ini:
- key: gather_subset, section: defaults
name: Gather facts subset
type: list
version_added: '2.1'
DEFAULT_GATHER_TIMEOUT:
default: 10
description: [Set the timeout in seconds for the implicit fact gathering., It does
**not** apply to user defined M(setup) tasks.]
env:
- name: ANSIBLE_GATHER_TIMEOUT
ini:
- key: gather_timeout, section: defaults
name: Gather facts timeout
type: integer
yaml: key: defaults.gather_timeout
DEFAULT_HANDLER_INCLUDES_STATIC:
default: false
deprecated: alternatives: none as its already built into the decision between include_tasks
and import_tasks, version: '2.12', why: include itself is deprecated and this
setting will not matter in the future
description: ['Since 2.0 M(include) can be ''dynamic'', this setting (if True) forces
that if the include appears in a ``handlers`` section to be ''static''.']
env:
- name: ANSIBLE_HANDLER_INCLUDES_STATIC
ini:
- key: handler_includes_static, section: defaults
name: Make handler M(include) static
type: boolean
DEFAULT_HASH_BEHAVIOUR:
choices: [replace, merge]
default: replace
description: ['This setting controls how variables merge in Ansible. By default
Ansible will override variables in specific precedence orders, as described
in Variables. When a variable of higher precedence wins, it will replace the
other value.', 'Some users prefer that variables that are hashes (aka ''dictionaries''
in Python terms) are merged. This setting is called ''merge''. This is not the
default behavior and it does not affect variables whose values are scalars (integers,
strings) or arrays. We generally recommend not using this setting unless you
think you have an absolute need for it, and playbooks in the official examples
repos do not use this setting', In version 2.0 a ``combine`` filter was added
to allow doing this for a particular variable (described in Filters).]
env:
- name: ANSIBLE_HASH_BEHAVIOUR
ini:
- key: hash_behaviour, section: defaults
name: Hash merge behaviour
type: string
DEFAULT_HOST_LIST:
default: /etc/ansible/hosts
description: Comma separated list of Ansible inventory sources
env:
- name: ANSIBLE_INVENTORY
expand_relative_paths: true
ini:
- key: inventory, section: defaults
name: Inventory Source
type: pathlist
yaml: key: defaults.inventory
DEFAULT_HTTPAPI_PLUGIN_PATH:
default: ~/.ansible/plugins/httpapi:/usr/share/ansible/plugins/httpapi
description: Colon separated paths in which Ansible will search for HttpApi Plugins.
env:
- name: ANSIBLE_HTTPAPI_PLUGINS
ini:
- key: httpapi_plugins, section: defaults
name: HttpApi Plugins Path
type: pathspec
DEFAULT_INTERNAL_POLL_INTERVAL:
default: 0.001
description: ['This sets the interval (in seconds) of Ansible internal processes
polling each other. Lower values improve performance with large playbooks at
the expense of extra CPU load. Higher values are more suitable for Ansible usage
in automation scenarios, when UI responsiveness is not required but CPU usage
might be a concern.', The default corresponds to the value hardcoded in Ansible
<= 2.1]
env: []
ini:
- key: internal_poll_interval, section: defaults
name: Internal poll interval
type: float
version_added: '2.2'
DEFAULT_INVENTORY_PLUGIN_PATH:
default: ~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory
description: Colon separated paths in which Ansible will search for Inventory Plugins.
env:
- name: ANSIBLE_INVENTORY_PLUGINS
ini:
- key: inventory_plugins, section: defaults
name: Inventory Plugins Path
type: pathspec
DEFAULT_JINJA2_EXTENSIONS:
default: []
description: [This is a developer-specific feature that allows enabling additional
Jinja2 extensions., 'See the Jinja2 documentation for details. If you do not
know what these do, you probably don''t need to change this setting :)']
env:
- name: ANSIBLE_JINJA2_EXTENSIONS
ini:
- key: jinja2_extensions, section: defaults
name: Enabled Jinja2 extensions
DEFAULT_JINJA2_NATIVE:
default: false
description: This option preserves variable types during template operations. This
requires Jinja2 >= 2.10.
env:
- name: ANSIBLE_JINJA2_NATIVE
ini:
- key: jinja2_native, section: defaults
name: Use Jinja2's NativeEnvironment for templating
type: boolean
version_added: 2.7
yaml: key: jinja2_native
DEFAULT_KEEP_REMOTE_FILES:
default: false
description: [Enables/disables the cleaning up of the temporary files Ansible used
to execute the tasks on the remote., If this option is enabled it will disable
``ANSIBLE_PIPELINING``.]
env:
- name: ANSIBLE_KEEP_REMOTE_FILES
ini:
- key: keep_remote_files, section: defaults
name: Keep remote files
type: boolean
DEFAULT_LIBVIRT_LXC_NOSECLABEL:
default: false
description: [This setting causes libvirt to connect to lxc containers by passing
--noseclabel to virsh. This is necessary when running on systems which do not
have SELinux.]
env:
- deprecated: alternatives: the "ANSIBLE_LIBVIRT_LXC_NOSECLABEL" environment variable,
version: '2.12', why: environment variables without "ANSIBLE_" prefix are deprecated
name: LIBVIRT_LXC_NOSECLABEL
- name: ANSIBLE_LIBVIRT_LXC_NOSECLABEL
ini:
- key: libvirt_lxc_noseclabel, section: selinux
name: No security label on Lxc
type: boolean
version_added: '2.1'
DEFAULT_LOAD_CALLBACK_PLUGINS:
default: false
description: ['Controls whether callback plugins are loaded when running /usr/bin/ansible.
This may be used to log activity from the command line, send notifications,
and so on. Callback plugins are always loaded for ``ansible-playbook``.']
env:
- name: ANSIBLE_LOAD_CALLBACK_PLUGINS
ini:
- key: bin_ansible_callbacks, section: defaults
name: Load callbacks for adhoc
type: boolean
version_added: '1.8'
DEFAULT_LOCAL_TMP:
default: ~/.ansible/tmp
description: Temporary directory for Ansible to use on the controller.
env:
- name: ANSIBLE_LOCAL_TEMP
ini:
- key: local_tmp, section: defaults
name: Controller temporary directory
type: tmppath
DEFAULT_LOG_FILTER:
default: []
description: List of logger names to filter out of the log file
env:
- name: ANSIBLE_LOG_FILTER
ini:
- key: log_filter, section: defaults
name: Name filters for python logger
type: list
DEFAULT_LOG_PATH:
default: null
description: File to which Ansible will log on the controller. When empty logging
is disabled.
env:
- name: ANSIBLE_LOG_PATH
ini:
- key: log_path, section: defaults
name: Ansible log file path
type: path
DEFAULT_LOOKUP_PLUGIN_PATH:
default: ~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup
description: Colon separated paths in which Ansible will search for Lookup Plugins.
env:
- name: ANSIBLE_LOOKUP_PLUGINS
ini:
- key: lookup_plugins, section: defaults
name: Lookup Plugins Path
type: pathspec
yaml: key: defaults.lookup_plugins
DEFAULT_MANAGED_STR:
default: Ansible managed
description: Sets the macro for the 'ansible_managed' variable available for M(template)
and M(win_template) modules. This is only relevant for those two modules.
env: []
ini:
- key: ansible_managed, section: defaults
name: Ansible managed
yaml: key: defaults.ansible_managed
DEFAULT_MODULE_ARGS:
default: ''
description: [This sets the default arguments to pass to the ``ansible`` adhoc binary
if no ``-a`` is specified.]
env:
- name: ANSIBLE_MODULE_ARGS
ini:
- key: module_args, section: defaults
name: Adhoc default arguments
DEFAULT_MODULE_COMPRESSION:
default: ZIP_DEFLATED
description: Compression scheme to use when transferring Python modules to the target.
env: []
ini:
- key: module_compression, section: defaults
name: Python module compression
DEFAULT_MODULE_LANG:
default: ' CONTROLLER_LANG '
deprecated: version: '2.9', why: Modules are coded to set their own locale if needed
for screenscraping
description: [Language locale setting to use for modules when they execute on the
target., If empty it tries to set itself to the LANG environment variable on
the controller., This is only used if DEFAULT_MODULE_SET_LOCALE is set to true]
env:
- name: ANSIBLE_MODULE_LANG
ini:
- key: module_lang, section: defaults
name: Target language environment
DEFAULT_MODULE_NAME:
default: command
description: Module to use with the ``ansible`` AdHoc command, if none is specified
via ``-m``.
env: []
ini:
- key: module_name, section: defaults
name: Default adhoc module
DEFAULT_MODULE_PATH:
default: ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
description: Colon separated paths in which Ansible will search for Modules.
env:
- name: ANSIBLE_LIBRARY
ini:
- key: library, section: defaults
name: Modules Path
type: pathspec
DEFAULT_MODULE_SET_LOCALE:
default: false
deprecated: version: '2.9', why: Modules are coded to set their own locale if needed
for screenscraping
description: [Controls if we set locale for modules when executing on the target.]
env:
- name: ANSIBLE_MODULE_SET_LOCALE
ini:
- key: module_set_locale, section: defaults
name: Target locale
type: boolean
DEFAULT_MODULE_UTILS_PATH:
default: ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils
description: Colon separated paths in which Ansible will search for Module utils
files, which are shared by modules.
env:
- name: ANSIBLE_MODULE_UTILS
ini:
- key: module_utils, section: defaults
name: Module Utils Path
type: pathspec
DEFAULT_NETCONF_PLUGIN_PATH:
default: ~/.ansible/plugins/netconf:/usr/share/ansible/plugins/netconf
description: Colon separated paths in which Ansible will search for Netconf Plugins.
env:
- name: ANSIBLE_NETCONF_PLUGINS
ini:
- key: netconf_plugins, section: defaults
name: Netconf Plugins Path
type: pathspec
DEFAULT_NO_LOG:
default: false
description: Toggle Ansible's display and logging of task details, mainly used to
avoid security disclosures.
env:
- name: ANSIBLE_NO_LOG
ini:
- key: no_log, section: defaults
name: No log
type: boolean
DEFAULT_NO_TARGET_SYSLOG:
default: false
description: Toggle Ansible logging to syslog on the target when it executes tasks.
env:
- name: ANSIBLE_NO_TARGET_SYSLOG
ini:
- key: no_target_syslog, section: defaults
name: No syslog on target
type: boolean
yaml: key: defaults.no_target_syslog
DEFAULT_NULL_REPRESENTATION:
default: null
description: What templating should return as a 'null' value. When not set it will
let Jinja2 decide.
env:
- name: ANSIBLE_NULL_REPRESENTATION
ini:
- key: null_representation, section: defaults
name: Represent a null
type: none
DEFAULT_POLL_INTERVAL:
default: 15
description: ['For asynchronous tasks in Ansible (covered in Asynchronous Actions
and Polling), this is how often to check back on the status of those tasks when
an explicit poll interval is not supplied. The default is a reasonably moderate
15 seconds which is a tradeoff between checking in frequently and providing
a quick turnaround when something may have completed.']
env:
- name: ANSIBLE_POLL_INTERVAL
ini:
- key: poll_interval, section: defaults
name: Async poll interval
type: integer
DEFAULT_PRIVATE_KEY_FILE:
default: null
description: ['Option for connections using a certificate or key file to authenticate,
rather than an agent or passwords, you can set the default value here to avoid
re-specifying --private-key with every invocation.']
env:
- name: ANSIBLE_PRIVATE_KEY_FILE
ini:
- key: private_key_file, section: defaults
name: Private key file
type: path
DEFAULT_PRIVATE_ROLE_VARS:
default: false
description: [Makes role variables inaccessible from other roles., This was introduced
as a way to reset role variables to default values if a role is used more than
once in a playbook.]
env:
- name: ANSIBLE_PRIVATE_ROLE_VARS
ini:
- key: private_role_vars, section: defaults
name: Private role variables
type: boolean
yaml: key: defaults.private_role_vars
DEFAULT_REMOTE_PORT:
default: null
description: Port to use in remote connections, when blank it will use the connection
plugin default.
env:
- name: ANSIBLE_REMOTE_PORT
ini:
- key: remote_port, section: defaults
name: Remote port
type: integer
yaml: key: defaults.remote_port
DEFAULT_REMOTE_USER:
default: null
description: [Sets the login user for the target machines, 'When blank it uses the
connection plugin''s default, normally the user currently executing Ansible.']
env:
- name: ANSIBLE_REMOTE_USER
ini:
- key: remote_user, section: defaults
name: Login/Remote User
DEFAULT_ROLES_PATH:
default: ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
description: Colon separated paths in which Ansible will search for Roles.
env:
- name: ANSIBLE_ROLES_PATH
expand_relative_paths: true
ini:
- key: roles_path, section: defaults
name: Roles path
type: pathspec
yaml: key: defaults.roles_path
DEFAULT_SCP_IF_SSH:
default: smart
description: [Preferred method to use when transferring files over ssh., 'When set
to smart, Ansible will try them until one succeeds or they all fail.', 'If set
to True, it will force ''scp'', if False it will use ''sftp''.']
env:
- name: ANSIBLE_SCP_IF_SSH
ini:
- key: scp_if_ssh, section: ssh_connection
DEFAULT_SELINUX_SPECIAL_FS:
default: fuse, nfs, vboxsf, ramfs, 9p
description: ['Some filesystems do not support safe operations and/or return inconsistent
errors, this setting makes Ansible ''tolerate'' those in the list w/o causing
fatal errors.', Data corruption may occur and writes are not always verified
when a filesystem is in the list.]
env: []
ini:
- key: special_context_filesystems, section: selinux
name: Problematic file systems
type: list
DEFAULT_SFTP_BATCH_MODE:
default: true
description: 'TODO: write it'
env:
- name: ANSIBLE_SFTP_BATCH_MODE
ini:
- key: sftp_batch_mode, section: ssh_connection
type: boolean
yaml: key: ssh_connection.sftp_batch_mode
DEFAULT_SQUASH_ACTIONS:
default: apk, apt, dnf, homebrew, openbsd_pkg, pacman, pip, pkgng, yum, zypper
deprecated: alternatives: a list directly with the module argument, version: '2.11',
why: Loop squashing is deprecated and this configuration will no longer be used
description: ['Ansible can optimise actions that call modules that support list
parameters when using ``with_`` looping. Instead of calling the module once
for each item, the module is called once with the full list.', 'The default
value for this setting is only for certain package managers, but it can be used
for any module.', 'Currently, this is only supported for modules that have a
name or pkg parameter, and only when the item is the only thing being passed
to the parameter.']
env:
- name: ANSIBLE_SQUASH_ACTIONS
ini:
- key: squash_actions, section: defaults
name: Squashable actions
type: list
version_added: '2.0'
DEFAULT_SSH_TRANSFER_METHOD:
default: null
description: unused?
env:
- name: ANSIBLE_SSH_TRANSFER_METHOD
ini:
- key: transfer_method, section: ssh_connection
DEFAULT_STDOUT_CALLBACK:
default: default
description: ['Set the main callback used to display Ansible output, you can only
have one at a time.', 'You can have many other callbacks, but just one can be
in charge of stdout.']
env:
- name: ANSIBLE_STDOUT_CALLBACK
ini:
- key: stdout_callback, section: defaults
name: Main display callback plugin
DEFAULT_STRATEGY:
default: linear
description: Set the default strategy used for plays.
env:
- name: ANSIBLE_STRATEGY
ini:
- key: strategy, section: defaults
name: Implied strategy
version_added: '2.3'
DEFAULT_STRATEGY_PLUGIN_PATH:
default: ~/.ansible/plugins/strategy:/usr/share/ansible/plugins/strategy
description: Colon separated paths in which Ansible will search for Strategy Plugins.
env:
- name: ANSIBLE_STRATEGY_PLUGINS
ini:
- key: strategy_plugins, section: defaults
name: Strategy Plugins Path
type: pathspec
DEFAULT_SU:
default: false
description: Toggle the use of "su" for tasks.
env:
- name: ANSIBLE_SU
ini:
- key: su, section: defaults
type: boolean
yaml: key: defaults.su
DEFAULT_SU_EXE:
default: su
deprecated: alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_exe.'
description: specify an "su" executable, otherwise it relies on PATH.
env:
- name: ANSIBLE_SU_EXE
ini:
- key: su_exe, section: defaults
name: su executable
DEFAULT_SU_FLAGS:
default: ''
deprecated: alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_flags.'
description: Flags to pass to su
env:
- name: ANSIBLE_SU_FLAGS
ini:
- key: su_flags, section: defaults
name: su flags
DEFAULT_SU_USER:
default: null
deprecated: alternatives: become, version: '2.9', why: 'In favor of Ansible Become,
which is a generic framework. See become_user.'
description: User you become when using "su", leaving it blank will use the default
configured on the target (normally root)
env:
- name: ANSIBLE_SU_USER
ini:
- key: su_user, section: defaults
name: su user
DEFAULT_SYSLOG_FACILITY:
default: LOG_USER
description: Syslog facility to use when Ansible logs to the remote target
env:
- name: ANSIBLE_SYSLOG_FACILITY
ini:
- key: syslog_facility, section: defaults
name: syslog facility
DEFAULT_TASK_INCLUDES_STATIC:
default: false
deprecated: alternatives: 'None, as its already built into the decision between
include_tasks and import_tasks', version: '2.12', why: include itself is deprecated
and this setting will not matter in the future
description: ['The `include` tasks can be static or dynamic, this toggles the default
expected behaviour if autodetection fails and it is not explicitly set in task.']
env:
- name: ANSIBLE_TASK_INCLUDES_STATIC
ini:
- key: task_includes_static, section: defaults
name: Task include static
type: boolean
version_added: '2.1'
DEFAULT_TERMINAL_PLUGIN_PATH:
default: ~/.ansible/plugins/terminal:/usr/share/ansible/plugins/terminal
description: Colon separated paths in which Ansible will search for Terminal Plugins.
env:
- name: ANSIBLE_TERMINAL_PLUGINS
ini:
- key: terminal_plugins, section: defaults
name: Terminal Plugins Path
type: pathspec
DEFAULT_TEST_PLUGIN_PATH:
default: ~/.ansible/plugins/test:/usr/share/ansible/plugins/test
description: Colon separated paths in which Ansible will search for Jinja2 Test
Plugins.
env:
- name: ANSIBLE_TEST_PLUGINS
ini:
- key: test_plugins, section: defaults
name: Jinja2 Test Plugins Path
type: pathspec
DEFAULT_TIMEOUT:
default: 10
description: This is the default timeout for connection plugins to use.
env:
- name: ANSIBLE_TIMEOUT
ini:
- key: timeout, section: defaults
name: Connection timeout
type: integer
DEFAULT_TRANSPORT:
default: smart
description: Default connection plugin to use, the 'smart' option will toggle between
'ssh' and 'paramiko' depending on controller OS and ssh versions
env:
- name: ANSIBLE_TRANSPORT
ini:
- key: transport, section: defaults
name: Connection plugin
DEFAULT_UNDEFINED_VAR_BEHAVIOR:
default: true
description: ['When True, this causes ansible templating to fail steps that reference
variable names that are likely typoed.', 'Otherwise, any '' template_expression
'' that contains undefined variables will be rendered in a template or ansible
action line exactly as written.']
env:
- name: ANSIBLE_ERROR_ON_UNDEFINED_VARS
ini:
- key: error_on_undefined_vars, section: defaults
name: Jinja2 fail on undefined
type: boolean
version_added: '1.3'
DEFAULT_VARS_PLUGIN_PATH:
default: ~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars
description: Colon separated paths in which Ansible will search for Vars Plugins.
env:
- name: ANSIBLE_VARS_PLUGINS
ini:
- key: vars_plugins, section: defaults
name: Vars Plugins Path
type: pathspec
DEFAULT_VAULT_ENCRYPT_IDENTITY:
default: null
description: The vault_id to use for encrypting by default. If multiple vault_ids
are provided, this specifies which to use for encryption. The --encrypt-vault-id
cli option overrides the configured value.
env:
- name: ANSIBLE_VAULT_ENCRYPT_IDENTITY
ini:
- key: vault_encrypt_identity, section: defaults
name: Vault id to use for encryption
yaml: key: defaults.vault_encrypt_identity
DEFAULT_VAULT_IDENTITY:
default: default
description: The label to use for the default vault id label in cases where a vault
id label is not provided
env:
- name: ANSIBLE_VAULT_IDENTITY
ini:
- key: vault_identity, section: defaults
name: Vault id label
yaml: key: defaults.vault_identity
DEFAULT_VAULT_IDENTITY_LIST:
default: []
description: A list of vault-ids to use by default. Equivalent to multiple --vault-id
args. Vault-ids are tried in order.
env:
- name: ANSIBLE_VAULT_IDENTITY_LIST
ini:
- key: vault_identity_list, section: defaults
name: Default vault ids
type: list
yaml: key: defaults.vault_identity_list
DEFAULT_VAULT_ID_MATCH:
default: false
description: If true, decrypting vaults with a vault id will only try the password
from the matching vault-id
env:
- name: ANSIBLE_VAULT_ID_MATCH
ini:
- key: vault_id_match, section: defaults
name: Force vault id match
yaml: key: defaults.vault_id_match
DEFAULT_VAULT_PASSWORD_FILE:
default: null
description: The vault password file to use. Equivalent to --vault-password-file
or --vault-id
env:
- name: ANSIBLE_VAULT_PASSWORD_FILE
ini:
- key: vault_password_file, section: defaults
name: Vault password file
type: path
yaml: key: defaults.vault_password_file
DEFAULT_VERBOSITY:
default: 0
description: Sets the default verbosity, equivalent to the number of ``-v`` passed
in the command line.
env:
- name: ANSIBLE_VERBOSITY
ini:
- key: verbosity, section: defaults
name: Verbosity
type: integer
DEPRECATION_WARNINGS:
default: true
description: Toggle to control the showing of deprecation warnings
env:
- name: ANSIBLE_DEPRECATION_WARNINGS
ini:
- key: deprecation_warnings, section: defaults
name: Deprecation messages
type: boolean
DIFF_ALWAYS:
default: false
description: Configuration toggle to tell modules to show differences when in 'changed'
status, equivalent to ``--diff``.
env:
- name: ANSIBLE_DIFF_ALWAYS
ini:
- key: always, section: diff
name: Show differences
type: bool
DIFF_CONTEXT:
default: 3
description: How many lines of context to show when displaying the differences between
files.
env:
- name: ANSIBLE_DIFF_CONTEXT
ini:
- key: context, section: diff
name: Difference context
type: integer
DISPLAY_ARGS_TO_STDOUT:
default: false
description: ['Normally ``ansible-playbook`` will print a header for each task that
is run. These headers will contain the name: field from the task if you specified
one. If you didn''t then ``ansible-playbook`` uses the task''s action to help
you tell which task is presently running. Sometimes you run many of the same
action and so you want more information about the task to differentiate it from
others of the same action. If you set this variable to True in the config then
``ansible-playbook`` will also include the task''s arguments in the header.',
This setting defaults to False because there is a chance that you have sensitive
values in your parameters and you do not want those to be printed., 'If you
set this to True you should be sure that you have secured your environment''s
stdout (no one can shoulder surf your screen and you aren''t saving stdout to
an insecure file) or made sure that all of your playbooks explicitly added the
``no_log: True`` parameter to tasks which have sensitive values See How do I
keep secret data in my playbook? for more information.']
env:
- name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT
ini:
- key: display_args_to_stdout, section: defaults
name: Show task arguments
type: boolean
version_added: '2.1'
DISPLAY_SKIPPED_HOSTS:
default: true
description: Toggle to control displaying skipped task/host entries in a task in
the default callback
env:
- deprecated: alternatives: the "ANSIBLE_DISPLAY_SKIPPED_HOSTS" environment variable,
version: '2.12', why: environment variables without "ANSIBLE_" prefix are deprecated
name: DISPLAY_SKIPPED_HOSTS
- name: ANSIBLE_DISPLAY_SKIPPED_HOSTS
ini:
- key: display_skipped_hosts, section: defaults
name: Show skipped results
type: boolean
DOCSITE_ROOT_URL:
default: https://docs.ansible.com/ansible/
description: Root docsite URL used to generate docs URLs in warning/error text;
must be an absolute URL with valid scheme and trailing slash.
ini:
- key: docsite_root_url, section: defaults
name: Root docsite URL
version_added: '2.8'
DOC_FRAGMENT_PLUGIN_PATH:
default: ~/.ansible/plugins/doc_fragments:/usr/share/ansible/plugins/doc_fragments
description: Colon separated paths in which Ansible will search for Documentation
Fragments Plugins.
env:
- name: ANSIBLE_DOC_FRAGMENT_PLUGINS
ini:
- key: doc_fragment_plugins, section: defaults
name: documentation fragment plugins path
type: pathspec
ENABLE_TASK_DEBUGGER:
default: false
description: ['Whether or not to enable the task debugger, this previously was done
as a strategy plugin.', Now all strategy plugins can inherit this behavior.
The debugger defaults to activating when, a task is failed on unreachable. Use
the debugger keyword for more flexibility.]
env:
- name: ANSIBLE_ENABLE_TASK_DEBUGGER
ini:
- key: enable_task_debugger, section: defaults
name: Whether to enable the task debugger
type: boolean
version_added: '2.5'
ERROR_ON_MISSING_HANDLER:
default: true
description: Toggle to allow missing handlers to become a warning instead of an
error when notifying.
env:
- name: ANSIBLE_ERROR_ON_MISSING_HANDLER
ini:
- key: error_on_missing_handler, section: defaults
name: Missing handler error
type: boolean
FACTS_MODULES:
default: [smart]
description: Which modules to run during a play's fact gathering stage, using the
default of 'smart' will try to figure it out based on connection type.
env:
- name: ANSIBLE_FACTS_MODULES
ini:
- key: facts_modules, section: defaults
name: Gather Facts Modules
type: list
vars:
- name: ansible_facts_modules
GALAXY_IGNORE_CERTS:
default: false
description: ['If set to yes, ansible-galaxy will not validate TLS certificates.
This can be useful for testing against a server with a self-signed certificate.']
env:
- name: ANSIBLE_GALAXY_IGNORE
ini:
- key: ignore_certs, section: galaxy
name: Galaxy validate certs
type: boolean
GALAXY_ROLE_SKELETON:
default: null
description: Role skeleton directory to use as a template for the ``init`` action
in ``ansible-galaxy``, same as ``--role-skeleton``.
env:
- name: ANSIBLE_GALAXY_ROLE_SKELETON
ini:
- key: role_skeleton, section: galaxy
name: Galaxy skeleton direcotry
type: path
GALAXY_ROLE_SKELETON_IGNORE:
default: [^.git$, ^.*/.git_keep$]
description: patterns of files to ignore inside a galaxy role skeleton directory
env:
- name: ANSIBLE_GALAXY_ROLE_SKELETON_IGNORE
ini:
- key: role_skeleton_ignore, section: galaxy
name: Galaxy skeleton ignore
type: list
GALAXY_SERVER:
default: https://galaxy.ansible.com
description: URL to prepend when roles don't specify the full URI, assume they are
referencing this server as the source.
env:
- name: ANSIBLE_GALAXY_SERVER
ini:
- key: server, section: galaxy
yaml: key: galaxy.server
GALAXY_TOKEN:
default: null
description: GitHub personal access token
env:
- name: ANSIBLE_GALAXY_TOKEN
ini:
- key: token, section: galaxy
yaml: key: galaxy.token
HOST_KEY_CHECKING:
default: true
description: Set this to "False" if you want to avoid host key checking by the underlying
tools Ansible uses to connect to the host
env:
- name: ANSIBLE_HOST_KEY_CHECKING
ini:
- key: host_key_checking, section: defaults
name: Check host keys
type: boolean
HOST_PATTERN_MISMATCH:
choices: [warning, error, ignore]
default: warning
description: This setting changes the behaviour of mismatched host patterns, it
allows you to force a fatal error, a warning or just ignore it
env:
- name: ANSIBLE_HOST_PATTERN_MISMATCH
ini:
- key: host_pattern_mismatch, section: inventory
name: Control host pattern mismatch behaviour
version_added: '2.8'
INJECT_FACTS_AS_VARS:
default: true
description: ['Facts are available inside the `ansible_facts` variable, this setting
also pushes them as their own vars in the main namespace.', 'Unlike inside the
`ansible_facts` dictionary, these will have an `ansible_` prefix.']
env:
- name: ANSIBLE_INJECT_FACT_VARS
ini:
- key: inject_facts_as_vars, section: defaults
type: boolean
version_added: '2.5'
INTERPRETER_PYTHON:
default: auto_legacy
description: ['Path to the Python interpreter to be used for module execution on
remote targets, or an automatic discovery mode. Supported discovery modes are
``auto``, ``auto_silent``, and ``auto_legacy`` (the default). All discovery
modes employ a lookup table to use the included system Python (on distributions
known to include one), falling back to a fixed ordered list of well-known Python
interpreter locations if a platform-specific default is not available. The fallback
behavior will issue a warning that the interpreter should be set explicitly
(since interpreters installed later may change which one is used). This warning
behavior can be disabled by setting ``auto_silent``. The default value of ``auto_legacy``
provides all the same behavior, but for backwards-compatibility with older Ansible
releases that always defaulted to ``/usr/bin/python``, will use that interpreter
if present (and issue a warning that the default behavior will change to that
of ``auto`` in a future Ansible release.']
env:
- name: ANSIBLE_PYTHON_INTERPRETER
ini:
- key: interpreter_python, section: defaults
name: Python interpreter path (or automatic discovery behavior) used for module
execution
vars:
- name: ansible_python_interpreter
version_added: '2.8'
INTERPRETER_PYTHON_DISTRO_MAP:
default:
centos: &id001 '6': /usr/bin/python, '8': /usr/libexec/platform-python
fedora: '23': /usr/bin/python3
redhat: *id001
rhel: *id001
ubuntu: '14': /usr/bin/python, '16': /usr/bin/python3
name: Mapping of known included platform pythons for various Linux distros
version_added: '2.8'
INTERPRETER_PYTHON_FALLBACK:
default: [/usr/bin/python, python3.7, python3.6, python3.5, python2.7, python2.6,
/usr/libexec/platform-python, /usr/bin/python3, python]
name: Ordered list of Python interpreters to check for in discovery
version_added: '2.8'
INVALID_TASK_ATTRIBUTE_FAILED:
default: true
description: If 'false', invalid attributes for a task will result in warnings instead
of errors
env:
- name: ANSIBLE_INVALID_TASK_ATTRIBUTE_FAILED
ini:
- key: invalid_task_attribute_failed, section: defaults
name: Controls whether invalid attributes for a task result in errors instead of
warnings
type: boolean
version_added: '2.7'
INVENTORY_ANY_UNPARSED_IS_FAILED:
default: false
description: 'If ''true'', it is a fatal error when any given inventory source cannot
be successfully parsed by any available inventory plugin; otherwise, this situation
only attracts a warning.
'
env:
- name: ANSIBLE_INVENTORY_ANY_UNPARSED_IS_FAILED
ini:
- key: any_unparsed_is_failed, section: inventory
name: Controls whether any unparseable inventory source is a fatal error
type: boolean
version_added: '2.7'
INVENTORY_CACHE_ENABLED:
default: false
description: Toggle to turn on inventory caching
env:
- name: ANSIBLE_INVENTORY_CACHE
ini:
- key: cache, section: inventory
name: Inventory caching enabled
type: bool
INVENTORY_CACHE_PLUGIN:
description: The plugin for caching inventory. If INVENTORY_CACHE_PLUGIN is not
provided CACHE_PLUGIN can be used instead.
env:
- name: ANSIBLE_INVENTORY_CACHE_PLUGIN
ini:
- key: cache_plugin, section: inventory
name: Inventory cache plugin
INVENTORY_CACHE_PLUGIN_CONNECTION:
description: The inventory cache connection. If INVENTORY_CACHE_PLUGIN_CONNECTION
is not provided CACHE_PLUGIN_CONNECTION can be used instead.
env:
- name: ANSIBLE_INVENTORY_CACHE_CONNECTION
ini:
- key: cache_connection, section: inventory
name: Inventory cache plugin URI to override the defaults section
INVENTORY_CACHE_PLUGIN_PREFIX:
default: ansible_facts
description: The table prefix for the cache plugin. If INVENTORY_CACHE_PLUGIN_PREFIX
is not provided CACHE_PLUGIN_PREFIX can be used instead.
env:
- name: ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX
ini:
- key: cache_prefix, section: inventory
name: Inventory cache plugin table prefix
INVENTORY_CACHE_TIMEOUT:
default: 3600
description: Expiration timeout for the inventory cache plugin data. If INVENTORY_CACHE_TIMEOUT
is not provided CACHE_TIMEOUT can be used instead.
env:
- name: ANSIBLE_INVENTORY_CACHE_TIMEOUT
ini:
- key: cache_timeout, section: inventory
name: Inventory cache plugin expiration timeout
INVENTORY_ENABLED:
default: [host_list, script, auto, yaml, ini, toml]
description: List of enabled inventory plugins, it also determines the order in
which they are used.
env:
- name: ANSIBLE_INVENTORY_ENABLED
ini:
- key: enable_plugins, section: inventory
name: Active Inventory plugins
type: list
INVENTORY_EXPORT:
default: false
description: Controls if ansible-inventory will accurately reflect Ansible's view
into inventory or its optimized for exporting.
env:
- name: ANSIBLE_INVENTORY_EXPORT
ini:
- key: export, section: inventory
name: Set ansible-inventory into export mode
type: bool
INVENTORY_IGNORE_EXTS:
default: '(BLACKLIST_EXTS + ( ''.orig'', ''.ini'', ''.cfg'', ''.retry''))'
description: List of extensions to ignore when using a directory as an inventory
source
env:
- name: ANSIBLE_INVENTORY_IGNORE
ini:
- key: inventory_ignore_extensions, section: defaults
- key: ignore_extensions, section: inventory
name: Inventory ignore extensions
type: list
INVENTORY_IGNORE_PATTERNS:
default: []
description: List of patterns to ignore when using a directory as an inventory source
env:
- name: ANSIBLE_INVENTORY_IGNORE_REGEX
ini:
- key: inventory_ignore_patterns, section: defaults
- key: ignore_patterns, section: inventory
name: Inventory ignore patterns
type: list
INVENTORY_UNPARSED_IS_FAILED:
default: false
description: 'If ''true'' it is a fatal error if every single potential inventory
source fails to parse, otherwise this situation will only attract a warning.
'
env:
- name: ANSIBLE_INVENTORY_UNPARSED_FAILED
ini:
- key: unparsed_is_failed, section: inventory
name: Unparsed Inventory failure
type: bool
LOCALHOST_WARNING:
default: true
description: [By default Ansible will issue a warning when there are no hosts in
the inventory., These warnings can be silenced by adjusting this setting to
False.]
env:
- name: ANSIBLE_LOCALHOST_WARNING
ini:
- key: localhost_warning, section: defaults
name: Warning when using implicit inventory with only localhost
type: boolean
version_added: '2.6'
MAX_FILE_SIZE_FOR_DIFF:
default: 104448
description: Maximum size of files to be considered for diff display
env:
- name: ANSIBLE_MAX_DIFF_SIZE
ini:
- key: max_diff_size, section: defaults
name: Diff maximum file size
type: int
NETCONF_SSH_CONFIG:
default: null
description: This variable is used to enable bastion/jump host with netconf connection.
If set to True the bastion/jump host ssh settings should be present in ~/.ssh/config
file, alternatively it can be set to custom ssh configuration file path to read
the bastion/jump host settings.
env:
- name: ANSIBLE_NETCONF_SSH_CONFIG
ini:
- key: ssh_config, section: netconf_connection
yaml: key: netconf_connection.ssh_config
NETWORK_GROUP_MODULES:
default: [eos, nxos, ios, iosxr, junos, enos, ce, vyos, sros, dellos9, dellos10,
dellos6, asa, aruba, aireos, bigip, ironware, onyx, netconf]
description: 'TODO: write it'
env:
- deprecated: alternatives: the "ANSIBLE_NETWORK_GROUP_MODULES" environment variable,
version: '2.12', why: environment variables without "ANSIBLE_" prefix are deprecated
name: NETWORK_GROUP_MODULES
- name: ANSIBLE_NETWORK_GROUP_MODULES
ini:
- key: network_group_modules, section: defaults
name: Network module families
type: list
yaml: key: defaults.network_group_modules
OLD_PLUGIN_CACHE_CLEARING:
default: false
description: Previouslly Ansible would only clear some of the plugin loading caches
when loading new roles, this led to some behaviours in which a plugin loaded in
prevoius plays would be unexpectedly 'sticky'. This setting allows to return to
that behaviour.
env:
- name: ANSIBLE_OLD_PLUGIN_CACHE_CLEAR
ini:
- key: old_plugin_cache_clear, section: defaults
type: boolean
version_added: '2.8'
PARAMIKO_HOST_KEY_AUTO_ADD:
default: false
description: 'TODO: write it'
env:
- name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD
ini:
- key: host_key_auto_add, section: paramiko_connection
type: boolean
PARAMIKO_LOOK_FOR_KEYS:
default: true
description: 'TODO: write it'
env:
- name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS
ini:
- key: look_for_keys, section: paramiko_connection
name: look for keys
type: boolean
PERSISTENT_COMMAND_TIMEOUT:
default: 30
description: This controls the amount of time to wait for response from remote device
before timing out presistent connection.
env:
- name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
ini:
- key: command_timeout, section: persistent_connection
name: Persistence command timeout
type: int
PERSISTENT_CONNECT_RETRY_TIMEOUT:
default: 15
description: This controls the retry timeout for presistent connection to connect
to the local domain socket.
env:
- name: ANSIBLE_PERSISTENT_CONNECT_RETRY_TIMEOUT
ini:
- key: connect_retry_timeout, section: persistent_connection
name: Persistence connection retry timeout
type: integer
PERSISTENT_CONNECT_TIMEOUT:
default: 30
description: This controls how long the persistent connection will remain idle before
it is destroyed.
env:
- name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT
ini:
- key: connect_timeout, section: persistent_connection
name: Persistence timeout
type: integer
PERSISTENT_CONTROL_PATH_DIR:
default: ~/.ansible/pc
description: Path to socket to be used by the connection persistence system.
env:
- name: ANSIBLE_PERSISTENT_CONTROL_PATH_DIR
ini:
- key: control_path_dir, section: persistent_connection
name: Persistence socket path
type: path
PLAYBOOK_VARS_ROOT:
choices: [top, bottom, all]
default: top
description: ['This sets which playbook dirs will be used as a root to process vars
plugins, which includes finding host_vars/group_vars', The ``top`` option follows
the traditional behaviour of using the top playbook in the chain to find the
root directory., The ``bottom`` option follows the 2.4.0 behaviour of using
the current playbook to find the root directory., The ``all`` option examines
from the first parent to the current playbook.]
env:
- name: ANSIBLE_PLAYBOOK_VARS_ROOT
ini:
- key: playbook_vars_root, section: defaults
name: playbook vars files root
version_added: 2.4.1
PLUGIN_FILTERS_CFG:
default: null
description: [A path to configuration for filtering which plugins installed on the
system are allowed to be used., 'See :ref:`plugin_filtering_config` for details
of the filter file''s format.', ' The default is /etc/ansible/plugin_filters.yml']
ini:
- deprecated: alternatives: the "defaults" section instead, version: '2.12', why: Specifying
"plugin_filters_cfg" under the "default" section is deprecated
key: plugin_filters_cfg
section: default
- key: plugin_filters_cfg, section: defaults
name: Config file for limiting valid plugins
type: path
version_added: 2.5.0
PYTHON_MODULE_RLIMIT_NOFILE:
default: 0
description: ['Attempts to set RLIMIT_NOFILE soft limit to the specified value when
executing Python modules (can speed up subprocess usage on Python 2.x. See https://bugs.python.org/issue11284).
The value will be limited by the existing hard limit. Default value of 0 does
not attempt to adjust existing system-defined limits.']
env:
- name: ANSIBLE_PYTHON_MODULE_RLIMIT_NOFILE
ini:
- key: python_module_rlimit_nofile, section: defaults
name: Adjust maximum file descriptor soft limit during Python module execution
vars:
- name: ansible_python_module_rlimit_nofile
version_added: '2.8'
RETRY_FILES_ENABLED:
default: false
description: This controls whether a failed Ansible playbook should create a .retry
file.
env:
- name: ANSIBLE_RETRY_FILES_ENABLED
ini:
- key: retry_files_enabled, section: defaults
name: Retry files
type: bool
RETRY_FILES_SAVE_PATH:
default: null
description: This sets the path in which Ansible will save .retry files when a playbook
fails and retry files are enabled.
env:
- name: ANSIBLE_RETRY_FILES_SAVE_PATH
ini:
- key: retry_files_save_path, section: defaults
name: Retry files path
type: path
SHOW_CUSTOM_STATS:
default: false
description: This adds the custom stats set via the set_stats plugin to the default
output
env:
- name: ANSIBLE_SHOW_CUSTOM_STATS
ini:
- key: show_custom_stats, section: defaults
name: Display custom stats
type: bool
STRING_CONVERSION_ACTION:
default: warn
description: ['Action to take when a module parameter value is converted to a string
(this does not affect variables). For string parameters, values such as ''1.00'',
"[''a'', ''b'',]", and ''yes'', ''y'', etc. will be converted by the YAML parser
unless fully quoted.', 'Valid options are ''error'', ''warn'', and ''ignore''.',
'Since 2.8, this option defaults to ''warn'' but will change to ''error'' in 2.12.']
env:
- name: ANSIBLE_STRING_CONVERSION_ACTION
ini:
- key: string_conversion_action, section: defaults
type: string
version_added: '2.8'
STRING_TYPE_FILTERS:
default: [string, to_json, to_nice_json, to_yaml, ppretty, json]
description: [This list of filters avoids 'type conversion' when templating variables,
'Useful when you want to avoid conversion into lists or dictionaries for JSON
strings, for example.']
env:
- name: ANSIBLE_STRING_TYPE_FILTERS
ini:
- key: dont_type_filters, section: jinja2
name: Filters to preserve strings
type: list
SYSTEM_WARNINGS:
default: true
description: [Allows disabling of warnings related to potential issues on the system
running ansible itself (not on the managed hosts), These may include warnings
about 3rd party packages or other conditions that should be resolved if possible.]
env:
- name: ANSIBLE_SYSTEM_WARNINGS
ini:
- key: system_warnings, section: defaults
name: System warnings
type: boolean
TAGS_RUN:
default: []
description: default list of tags to run in your plays, Skip Tags has precedence.
env:
- name: ANSIBLE_RUN_TAGS
ini:
- key: run, section: tags
name: Run Tags
type: list
version_added: '2.5'
TAGS_SKIP:
default: []
description: default list of tags to skip in your plays, has precedence over Run
Tags
env:
- name: ANSIBLE_SKIP_TAGS
ini:
- key: skip, section: tags
name: Skip Tags
type: list
version_added: '2.5'
TASK_DEBUGGER_IGNORE_ERRORS:
default: true
description: [This option defines whether the task debugger will be invoked on a
failed task when ignore_errors=True is specified., 'True specifies that the
debugger will honor ignore_errors, False will not honor ignore_errors.']
env:
- name: ANSIBLE_TASK_DEBUGGER_IGNORE_ERRORS
ini:
- key: task_debugger_ignore_errors, section: defaults
name: Whether a failed task with ignore_errors=True will still invoke the debugger
type: boolean
version_added: '2.7'
TRANSFORM_INVALID_GROUP_CHARS:
choices: [always, never, ignore, silently]
default: never
description: [Make ansible transform invalid characters in group names supplied
by inventory sources., If 'never' it will allow for the group name but warn
about the issue., 'When ''ignore'', it does the same as ''never'', without issuing
a warning.', When 'always' it will replace any invalid charachters with '_'
(underscore) and warn the user, 'When ''silently'', it does the same as ''always'',
without issuing a warning.']
env:
- name: ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS
ini:
- key: force_valid_group_names, section: defaults
name: Transform invalid characters in group names
type: string
version_added: '2.8'
USE_PERSISTENT_CONNECTIONS:
default: false
description: Toggles the use of persistence for connections.
env:
- name: ANSIBLE_USE_PERSISTENT_CONNECTIONS
ini:
- key: use_persistent_connections, section: defaults
name: Persistence
type: boolean
VARIABLE_PRECEDENCE:
default: [all_inventory, groups_inventory, all_plugins_inventory, all_plugins_play,
groups_plugins_inventory, groups_plugins_play]
description: Allows to change the group variable precedence merge order.
env:
- name: ANSIBLE_PRECEDENCE
ini:
- key: precedence, section: defaults
name: Group variable precedence
type: list
version_added: '2.4'
VERBOSE_TO_STDERR:
default: false
description: [Force 'verbose' option to use stderr instead of stdout]
env:
- name: ANSIBLE_VERBOSE_TO_STDERR
ini:
- key: verbose_to_stderr, section: defaults
type: bool
version_added: '2.8'
YAML_FILENAME_EXTENSIONS:
default: [.yml, .yaml, .json]
description: [Check all of these extensions when looking for 'variable' files which
should be YAML or JSON or vaulted versions of these., 'This affects vars_files,
include_vars, inventory and vars plugins among others.']
env:
- name: ANSIBLE_YAML_FILENAME_EXT
ini:
- key: yaml_valid_extensions, section: defaults
name: Valid YAML extensions
type: list以上是关于ansible 配置文件设置的主要内容,如果未能解决你的问题,请参考以下文章