Ansible configuration – ansible.cfg environment variables

Watch the video above for an in depth guide on working with various Ansible configuration options.

One important aspect of working with Ansible is understanding how to configure it via the ansible.cfg INI file or using environment variables. In the video above, you will dive into Ansible configuration options.

This is part of my free Ansible tutorial for beginners.

Ansible Configuration options

Understanding Ansible Configuration Files

Ansible’s configuration begins with understanding the different options of configuration files. These files allow you to define various settings and features for your Ansible runtime. The main configuration file for Ansible is called ansible.cfg. However, there are other ways to set Ansible configurations. Each Ansible configuration has its precedence.

1. Environment Variables: When you set Ansible env variables, they will take precedence over all other configurations. Setting an environment variable for Ansible in your shell, as below, will override all other configuration settings.

   export ANSIBLE_ACTION_WARNINGS=false

Environment variables are a powerful way to set global Ansible configurations, but they may be overridden by more specific settings.

2. Local ansible.cfg Configuration File: Another way to configure Ansible is by using an ansible.cfg configuration file in your current working directory. The cfg file is, typically, in INI format, allowing you to define configurations specific to your current project.

   # Create a local configuration file named ansible.cfg and add your config options
   touch ansible.cfg

Settings in local configuration files take precedence over the global ansible.cfg file. Here is a reference of all Anisble configuration settings.

3. ansible.cfg in the home directory: You can also place a configuration file in the home directory.
4. Global Configuration File ( /etc/ansible/ansible.cfg): The global configuration file, often located in the /etc directory, serves as the default configuration for Ansible. It sets the base configuration that applies across your entire Ansible installation.

   # View the global Ansible configuration file
   cat /etc/ansible/ansible.cfg

Global settings are overridden by both environment variables and local configuration files.

Exploring Ansible Configuration Options

Now, let’s delve into some of the key configuration options you can define in your Ansible config files. These settings will impact how Ansible operates in your environment.

• Actions and Warnings: You can control how Ansible handles actions and warnings using the action_warnings configuration option. This setting influences how Ansible communicates errors and warnings during playbook execution.
• Colors: The colors configuration option allows you to specify color preferences for Ansible’s output. You can customize the display to make it more visually appealing and informative.
• Cache Plugins: If you need to change the cache plugin for Ansible, you can do so by configuring the fact_cache option. This can be useful when optimizing performance or handling caching differently.
• Inventory: Setting the inventory is crucial for Ansible to know which hosts to manage. You can define the default inventory in your configuration file using the inventory= option.

Securing Ansible Configuration Files

An important consideration when working with Ansible configuration files is folder permission security. To ensure the integrity of your configuration, make sure that the directory containing your ansible.cfg file does not have world-writable permissions. This prevents unauthorized modifications to your config file, ensuring that only the necessary users and groups can make changes.

# Example of secure permissions for the directory containing ansible.cfg
drwxr-xr-x  ansible_directory

By following these permission guidelines, you can safeguard your Ansible config file hence minimize the risk of unauthorized ansible settings being added and ran.

Ansible Inventories

Managing Hosts with Inventories

Ansible inventories are essential for organizing and managing the hosts you want to control with Ansible. An inventory is a list of hostnames or IP addresses grouped into categories, making it easier to target specific hosts for tasks and playbooks.

To define an inventory, you can use either environment variables or configuration files. The key configuration options for inventories are inventory_default_host_list and ansible_inventory. These options allow you to specify the default inventory file or directory for Ansible to use.

Conclusion

In this guide, we’ve explored Ansible configuration options. Watch the video embedded above, for a clear step by step guidance. This will help you to understand how to configure Ansible . By mastering these configuration concepts, you’ll be better equipped to work with Ansible in your IT automation tasks.

Stay tuned for more in-depth insights into Ansible and other automation topics in future posts. If you have any questions , feel free to reach out.

Video captions for Ansible configuration

This is where we ended the last part, and this is going to help us talk about Ansible configuration. So, I will do another one: ansible --list-hosts. When we do this, we are told that our inventory is empty. If you want to list the hosts for the inventory that we have here, we have to define it explicitly. We will have to tell Ansible to use this as an inventory.

When you do that, it’s going to list all the hosts that you have in this inventory file. That inventory file, and we’re going to look at inventories at some point. But I want to use this as an example of ansible.cfg. So, let’s talk about Ansible configuration. If you come here, I will put all the links in the description. We are going to talk about the precedence of Ansible configuration. Now, configuration simply allows you to set various settings or various features for Ansible. For example, usually, you’ll have an ansible.cfg file, and this is a file that you can use to define various things for Ansible.

The default way is for you to use an ansible.cfg, but there are different ways for which you can set Ansible configurations. So, the first one is, and this is the one that will always take precedence, so this will override everything else that is Ansible: the environment variable. If you set an environment variable for Ansible in your shell, then that will always take precedence. So, you can set an environment variable here, and that’s going to take precedence over all these other configuration files. You can also have your files in ansible.cfg in the working directory. So, the working directory is where your current files are. So, here, where we have this, you can create a file called ansible.cfg.

This is an INI file. I mean, .INI configurations for Ansible that you put here will override all the configurations that you have in the ansible.cfg in the home directory. Let’s just confirm if we have an Ansible.cfg in the home directory. For this, let me just come back here, and I will cd without anything. That’s going to take me to the home directory, and I’m going to do ls -la, and here you can see we have ansible, but we don’t have ansible.cfg. So, if you need to create an ansible.cfg file, you could create one inside here, and it will override the one that is in /etc. I don’t know whether I have this. Let me confirm if I have ansible /etc, so this will exist depending on how you install the ansible. If you installed it via Python pip, you’re probably not going to have this directory. So, since I installed mine in Ubuntu via WSL, I know I should have it. So, I’m just going to do ls -lh /etc and then I’m going to paste, and you can see we do have ansible.cfg inside there. And we can even see what’s inside this file. Let’s just look at what we have here.

And you can see it’s just a small file without anything.

Right, and you’re going to see how we can disable an ansible configuration file.

What is the importance of an ansible configuration file? You can set up different things for your ansible. For instance, in my case here, we can set up a default inventory. So, you can see we have I’ve created this manually ansible.cfg, but if I run that configuration, if I run this ansible-config init --disabled, ansible.cfg is going to create an ansible configuration with lots and lots of different options you can have for an ansible configuration file. But since we’ve set it as disabled, all of them are going to be commented out. If you don’t want them commented out, just remove --disabled, and this is going to give you configurations that are not disabled, which is something you don’t want because it’s going to set those settings for your ansible.

So, if I do that, enter, you’ll not see that ansible.cfg has all these options that you can have: actions, warnings, if there are any warnings, you’ll get warnings on the terminal. You can change cowsay settings, you can change cow path. This is just, I don’t know why people use this package or plugin or module, whatever it is, but it just brings output in the form of a cow saying something or any of these other options: a panda saying something. All this, I don’t know why people use it, but it’s fun, apparently. Now, you can also set the default root path for ansible config files on the controller home ansible. All these are settings you can have. So, that comments out aligns that one as well, comments out align. So, as I was saying, if you want them to be uncommented…

Ansible. I’m just going to copy that.

And I’m going to delete this, so I can just do control-delete, and that’s going to delete that line, that specific word. That’s something you can do in your Linux shell. If you want to delete something, you can maybe want to delete this entire thing. You don’t want to delete it one at a time. You can just do Ctrl-Del, and that’s going to delete it. If you want to go to the first line, you can do Ctrl-A. That’s going to take you to the first line of the line. And I’m going to add an “a” there. If you want to go to the end, you can do Ctrl-E. Is it Ctrl-E? Okay, apparently, that doesn’t work here. Ctrl-U.

Okay, that also doesn’t work here. Ctrl-U will undo, apparently. Here, if we do enter, you’ll see it has regenerated the file. By this time around, it has not commented out all this. So, this means that these are the settings for your ansible. Okay, so you can see this could really affect how your ansible runs if you remove --disabled. So, these are the current settings for your ansible.

Right, so I don’t really need to have all this, so I will add it with disabled, or I can just remove the file. rm, let’s see, tab, so rm and tab. That’s just going to autocomplete ansible, and I can remove that file.

If you want to create it, I can do touch, so Ctrl-A takes you to the beginning of the line, Ctrl-D deletes that word, and then I can just do touch, and that’s going to create an empty ansible.cfg file for me. And now, if I want to tell it the inventory to use, let’s just go and see the different options that you can have. Okay, so let’s go and search for ansible configuration.

Let’s click on that. Let’s see what options it’s going to give me: configuring ansible. [Music] Configuration file, environmental configuration. So, you can also set your environment variables, and this is going to take precedence over everything else. Okay, so anything set with the environment variable, that’s going to override any configuration you have in your ansible.cfg. Okay, so for more details, a full listing of configurations, look at the configuration settings. So, when you come

here, click on that search result, and it’s going to give you all these options. These are the different settings that you can set up in your ansible.

Or something here that I know they usually say, and it’s important: when you create your ansible configuration here on your computer, make sure that the directory where your ansible.cfg has been created, make sure that that directory doesn’t have world write permission. World write permission simply means that only the user and the group should be able to write to that file. The rest you’d read, but they shouldn’t write. So you can check for that. Currently, it’s inside this directory, ansible. So, if you do ls -lh, let’s see, okay, that’s for that.

Let me copy this, select that because I want to see the permissions for this, and then explain it a bit. So, we are going to do ls -lh for this directory.

Okay, let me go back one directory. All right, so for this directory where our ansible.cfg file is, it needs to be such that the user doesn’t have the write permissions. So here, what you have is this is the user. The “D” simply stands for directory. The first “rwx” simply means that this is a directory, and then you can see for the user, the owner, actually, the owner of this file can read, write, execute, and then for the group, the second part is for the group.

The group can execute and read, and then the last part, which is the world or other, this, you can see they can only execute. So, the permission for that is okay for what Ansible commands, because if you come here, you’ll see they say that your ansible.cfg file should not be in a world-writable working directory. So, make sure that the permissions are set up such that only the user of that file, the owner of the file, can write, execute to that file. And yeah, and for the group, you can just make it execute and read. For the rest of the world, make sure it’s only read.

These are the different things that you can set in the ansible.cfg file. So that’s action warnings, and you saw something about that if you generate the file. You’ll see there was something about action warnings. So just take notes of everything here, how to use this documentation. In the ini.cfg, you can add it using action warnings. And then environment, if you are setting up an environment variable, the variable name will be ansible action warnings. If you’re inside there in ini.cfg, and you want to define this action, that’s what you’ll use.

If you want to define, let’s see something else here that you can use. If you want to set up a become file password file, you’ll use this as the name of the variable. So, let’s come back into VS Code, and let’s generate the CFG file again. And I’m going to explain it from there. So, I’ll do Ctrl-R, and I can search for ansible. Ctrl-R simply just lets you search for a command that you had run earlier. So, ansible config, this is the one that I want. This is not the one I want, actually. I want the one with disabled, but it doesn’t matter because I just want to show the names of the variable. So, in this case, I’m just going to use the one which doesn’t have dash-disabled. So, when you do Ctrl-R, you can search for a previous command that you’re in. In this case, I was looking for ansible config init –disabled, but this one will do.

So, if I press enter, it’s going to run that command again. So, if I come here, you can look at action warnings. So, that’s how it is defined inside of ansible.cfg. Let’s look at something else first: colors, all this. You can see this is how they will be defined. All right, so become password file. If you have to add a directory or something, some path, you can add it like that. Make sure you add quotations for something that has multiple words in it. Add the quotations around it. The thing I wanted to stress here is if you are looking through the documentation, don’t ever get lost. If you want to change the cache plugin for ansible, the environment variable you’ll use in your ini, the variable name you’ll use is fact cache. So, you’ll just write fact cache.

Let’s say this is the one we want to add: fact caching. And then come back here, and maybe you want to add it there. Ctrl-V is equals to whatever you want to add there. That’s important to know because if you’re using environment variables, you’ll use it with that, right? But most cases, you’ll probably just define everything inside of ansible.cfg. But if you have to use an environment variable, let me just give you an example of that because in Shell, even in Kubernetes when you’re doing certain things, you’ll always find yourself using environment variables.

So, to set up environment variables, let’s say we want to do it for something that we’d already seen, which is up here: action warnings. So, if you want to set an environment variable and you want to use the Linux shell for this, you can just copy that name.

Copy and to set it in your shell, we can just come in here and I will do export.

ansible_action_warnings is equals to…

In this case, let’s say is equals to false. So, if you do this and we press enter and then we echo the current variable.

We echo the current variable.

You’ll see that it will tell us that it is false. So just remember that if you set up an environment variable, it will override the value that you have in your ansible file, ansible.cfg file. So, you can set up your environment variables here for simplicity’s sake and for better code, put them in your ansible.cfg file. This is easier to maintain and easier to remember.

So, let’s end by defining an inventory file. So, here I’m just going to do Ctrl-F because I want to find inventory, the inventory.

Environment variable, default host list. The key is inventory. If you are to define it in the ini file, you just use inventory_default_host_list. If you are to define it in environment variable, you’ll use ansible_inventory. And that is usually defined under defaults. You can just add it here: inventory is equals to. If you have a directory, you can even put the name of the directory, the path to the directory. But in this case, I can just use “inventory”. So, inventory for that file. So, before I save, let’s just run that command again. There’s something we read about ansible. I’ll just do Ctrl-R to search for the one we learned about: list_hosts. List hosts. [Music] This one: error invalid type configuration option setting default.

All right, so if I do anything, let’s just delete everything else here. Ctrl-X, Ctrl-A, Ctrl-V. But I will comment this one out.

You can comment it out with a semicolon. Ctrl-S.

Right, so this is what… Let me do Ctrl-L, and

then ansible_host_list. Now, you can see it cannot identify our inventory file. But if we uncomment this, we can let ansible know where our inventory file is. inventory is equals to that. So, un-comment comments and save, and if you run it now, we don’t need to tell ansible where our inventory file is. You remember there’s a version we did whereby we used -i to tell it which file to use as an inventory file.

So, if you have multiple inventories, you can put them in a directory. Let’s say we put all of this inside of… Create a directory. We can call it “inventory.” [Music] Let me just call them “inventories,” and then I will move this inside here. Move, yes, I’m sure. So, when I do this, Ctrl-S, let’s see, enter, and “ansible” to list all hosts. It’s going to list all the hosts inside there. So, you can have multiple inventories, and this is something that’s important. If you have production servers, you have test servers, staging servers, you can place them in different inventory files for easier management.

So, in this video, it’s kind of a long one, but this is something that you’ll find yourself using, and it’s important to know how to go about it. Even if you can find a tutorial to help you, it’s important to know where you can go if you go to the documentation and you need to change a certain value, maybe Jinja something. You can just take that and put that in your ansible.cfg file. Or if you want to do it using the environment variable, you can use export ansible_variable_name is equals to the value you want for this variable.

So, that’s it for this part. This has been a long one, but I hope it will answer all your questions, all the questions that you have for ansible configuration. See you next time, see you in the next part, and in the next part, let’s start talking about inventories. So, we’ve looked at ansible configuration. The next part is inventory. Let’s begin talking about ansible inventories, and you’re going to see what are these in brackets and why are this like this? Why is everything like this? And can we have different files for our inventory? Let’s see all about that in the next part.