ansible-config list
Jump to navigation
Jump to search
ansible-config list
ACTION_WARNINGS: default: true description: - By default Ansible will issue a warning when received from a task action (module or action plugin) - These warnings can be silenced by adjusting this setting to False. env: - name: ANSIBLE_ACTION_WARNINGS ini: - key: action_warnings section: defaults name: Toggle action warnings type: boolean version_added: '2.5' AGNOSTIC_BECOME_PROMPT: default: true description: Display an agnostic become prompt instead of displaying a prompt containing the command line supplied become method env: - name: ANSIBLE_AGNOSTIC_BECOME_PROMPT ini: - key: agnostic_become_prompt section: privilege_escalation name: Display an agnostic become prompt type: boolean version_added: '2.5' yaml: key: privilege_escalation.agnostic_become_prompt ALLOW_WORLD_READABLE_TMPFILES: default: false deprecated: alternatives: world_readable_tmp collection_name: ansible.builtin version: '2.14' why: moved to shell plugins description: - This setting has been moved to the individual shell plugins as a plugin option :ref:`shell_plugins`. - The existing configuration settings are still accepted with the shell plugin adding additional options, like variables. - This message will be removed in 2.14. name: Allow world-readable temporary files type: boolean ANSIBLE_CONNECTION_PATH: default: null description: - Specify where to look for the ansible-connection script. This location will be checked before searching $PATH. - If null, ansible will start with the same directory as the ansible script. env: - name: ANSIBLE_CONNECTION_PATH ini: - key: ansible_connection_path section: persistent_connection name: Path of ansible-connection script type: path version_added: '2.8' yaml: key: persistent_connection.ansible_connection_path ANSIBLE_COW_ACCEPTLIST: default: - bud-frogs - bunny - cheese - daemon - default - dragon - elephant-in-snake - elephant - eyes - hellokitty - kitty - luke-koala - meow - milk - moofasa - moose - ren - sheep - small - stegosaurus - stimpy - supermilker - three-eyes - turkey - turtle - tux - udder - vader-koala - vader - www description: White list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates. env: - deprecated: alternatives: ANSIBLE_COW_ACCEPTLIST collection_name: ansible.builtin version: '2.15' why: normalizing names to new standard name: ANSIBLE_COW_WHITELIST - name: ANSIBLE_COW_ACCEPTLIST version_added: '2.11' ini: - deprecated: alternatives: cowsay_enabled_stencils collection_name: ansible.builtin version: '2.15' why: normalizing names to new standard key: cow_whitelist section: defaults - key: cowsay_enabled_stencils section: defaults version_added: '2.11' name: Cowsay filter acceptance list type: list ANSIBLE_COW_PATH: default: null description: Specify a custom cowsay path or swap in your cowsay implementation of choice env: - name: ANSIBLE_COW_PATH ini: - key: cowpath section: defaults name: Set path to cowsay command type: string yaml: key: display.cowpath ANSIBLE_COW_SELECTION: default: default description: This allows you to chose a specific cowsay stencil for the banners or use 'random' to cycle through them. env: - name: ANSIBLE_COW_SELECTION ini: - key: cow_selection section: defaults name: Cowsay filter selection ANSIBLE_FORCE_COLOR: default: false description: This option forces color mode even when running without a TTY or the "nocolor" setting is True. env: - name: ANSIBLE_FORCE_COLOR ini: - key: force_color section: defaults name: Force color output type: boolean yaml: key: display.force_color ANSIBLE_NOCOLOR: default: false description: This setting allows suppressing colorizing output, which is used to give a better indication of failure and status information. env: - name: ANSIBLE_NOCOLOR - name: NO_COLOR version_added: '2.11' ini: - key: nocolor section: defaults name: Suppress color output type: boolean yaml: key: display.nocolor ANSIBLE_NOCOWS: default: false description: If you have cowsay installed but want to avoid the 'cows' (why????), use this. env: - name: ANSIBLE_NOCOWS ini: - key: nocows section: defaults name: Suppress cowsay output type: boolean yaml: key: display.i_am_no_fun ANSIBLE_PIPELINING: default: false description: - Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer. - This can result in a very significant performance improvement when enabled. - However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default. - This option is disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled. - This is a global option, each connection plugin can override either by having more specific options or not supporting pipelining at all. env: - name: ANSIBLE_PIPELINING ini: - key: pipelining section: defaults - key: pipelining section: connection name: Connection pipelining type: boolean ANY_ERRORS_FATAL: default: false description: Sets the default value for the any_errors_fatal keyword, if True, Task failures will be considered fatal errors. env: - name: ANSIBLE_ANY_ERRORS_FATAL ini: - key: any_errors_fatal section: defaults name: Make Task failures fatal type: boolean version_added: '2.4' yaml: key: errors.any_task_errors_fatal BECOME_ALLOW_SAME_USER: default: false description: - This setting controls if become is skipped when remote user and become user are the same. I.E root sudo to root. - If executable, it will be run and the resulting stdout will be used as the password. env: - name: ANSIBLE_BECOME_ALLOW_SAME_USER ini: - key: become_allow_same_user section: privilege_escalation name: Allow becoming the same user type: boolean yaml: key: privilege_escalation.become_allow_same_user BECOME_PASSWORD_FILE: default: null description: - The password file to use for the become plugin. --become-password-file. - If executable, it will be run and the resulting stdout will be used as the password. env: - name: ANSIBLE_BECOME_PASSWORD_FILE ini: - key: become_password_file section: defaults name: Become password file type: path version_added: '2.12' BECOME_PLUGIN_PATH: default: ~/.ansible/plugins/become:/usr/share/ansible/plugins/become description: Colon separated paths in which Ansible will search for Become Plugins. env: - name: ANSIBLE_BECOME_PLUGINS ini: - key: become_plugins section: defaults name: Become plugins path type: pathspec version_added: '2.8' CACHE_PLUGIN: default: memory description: Chooses which cache plugin to use, the default 'memory' is ephemeral. env: - name: ANSIBLE_CACHE_PLUGIN ini: - key: fact_caching section: defaults name: Persistent Cache plugin yaml: key: facts.cache.plugin CACHE_PLUGIN_CONNECTION: default: null description: Defines connection or path information for the cache plugin env: - name: ANSIBLE_CACHE_PLUGIN_CONNECTION ini: - key: fact_caching_connection section: defaults name: Cache Plugin URI yaml: key: facts.cache.uri CACHE_PLUGIN_PREFIX: default: ansible_facts description: Prefix to use for cache plugin files/tables env: - name: ANSIBLE_CACHE_PLUGIN_PREFIX ini: - key: fact_caching_prefix section: defaults name: Cache Plugin table prefix yaml: key: facts.cache.prefix CACHE_PLUGIN_TIMEOUT: default: 86400 description: Expiration timeout for the cache plugin data env: - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT ini: - key: fact_caching_timeout section: defaults name: Cache Plugin expiration timeout type: integer yaml: key: facts.cache.timeout CALLABLE_ACCEPT_LIST: default: [] description: Whitelist of callable methods to be made available to template evaluation env: - deprecated: alternatives: ANSIBLE_CALLABLE_ENABLED collection_name: ansible.builtin version: '2.15' why: normalizing names to new standard name: ANSIBLE_CALLABLE_WHITELIST - name: ANSIBLE_CALLABLE_ENABLED version_added: '2.11' ini: - deprecated: alternatives: callable_enabled collection_name: ansible.builtin version: '2.15' why: normalizing names to new standard key: callable_whitelist section: defaults - key: callable_enabled section: defaults version_added: '2.11' name: Template 'callable' accept list type: list CALLBACKS_ENABLED: default: [] description: - List of enabled callbacks, not all callbacks need enabling, but many of those shipped with Ansible do as we don't want them activated by default. env: - deprecated: alternatives: ANSIBLE_CALLBACKS_ENABLED collection_name: ansible.builtin version: '2.15' why: normalizing names to new standard name: ANSIBLE_CALLBACK_WHITELIST - name: ANSIBLE_CALLBACKS_ENABLED version_added: '2.11' ini: - deprecated: alternatives: callbacks_enabled collection_name: ansible.builtin version: '2.15' why: normalizing names to new standard key: callback_whitelist section: defaults - key: callbacks_enabled section: defaults version_added: '2.11' name: Enable callback plugins that require it. type: list COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH: choices: - error - warning - ignore default: warning description: - When a collection is loaded that does not support the running Ansible version (via the collection metadata key `requires_ansible`), the default behavior is to issue a warning and continue anyway. Setting this value to `ignore` skips the warning entirely, while setting it to `fatal` will immediately halt Ansible execution. env: - name: ANSIBLE_COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH ini: - key: collections_on_ansible_version_mismatch section: defaults name: Defines behavior when loading a collection that does not support the current Ansible version COLLECTIONS_PATHS: default: ~/.ansible/collections:/usr/share/ansible/collections description: 'Colon separated paths in which Ansible will search for collections content. Collections must be in nested *subdirectories*, not directly in these directories. For example, if ``COLLECTIONS_PATHS`` includes ``~/.ansible/collections``, and you want to add ``my.collection`` to that directory, it must be saved as ``~/.ansible/collections/ansible_collections/my/collection``. ' env: - name: ANSIBLE_COLLECTIONS_PATHS - name: ANSIBLE_COLLECTIONS_PATH version_added: '2.10' ini: - key: collections_paths section: defaults - key: collections_path section: defaults version_added: '2.10' name: ordered list of root paths for loading installed Ansible collections content type: pathspec COLLECTIONS_SCAN_SYS_PATH: default: true description: A boolean to enable or disable scanning the sys.path for installed collections env: - name: ANSIBLE_COLLECTIONS_SCAN_SYS_PATH ini: - key: collections_scan_sys_path section: defaults name: Scan PYTHONPATH for installed collections type: boolean COLOR_CHANGED: choices: &id001 - black - bright gray - blue - white - green - bright blue - cyan - bright green - red - bright cyan - purple - bright red - yellow - bright purple - dark gray - bright yellow - magenta - bright magenta - normal default: yellow description: Defines the color to use on 'Changed' task status env: - name: ANSIBLE_COLOR_CHANGED ini: - key: changed section: colors name: Color for 'changed' task status COLOR_CONSOLE_PROMPT: choices: *id001 default: white description: Defines the default color to use for ansible-console env: - name: ANSIBLE_COLOR_CONSOLE_PROMPT ini: - key: console_prompt section: colors name: Color for ansible-console's prompt task status version_added: '2.7' COLOR_DEBUG: choices: *id001 default: dark gray description: Defines the color to use when emitting debug messages env: - name: ANSIBLE_COLOR_DEBUG ini: - key: debug section: colors name: Color for debug statements COLOR_DEPRECATE: choices: *id001 default: purple description: Defines the color to use when emitting deprecation messages env: - name: ANSIBLE_COLOR_DEPRECATE ini: - key: deprecate section: colors name: Color for deprecation messages COLOR_DIFF_ADD: choices: *id001 default: green description: Defines the color to use when showing added lines in diffs env: - name: ANSIBLE_COLOR_DIFF_ADD ini: - key: diff_add section: colors name: Color for diff added display yaml: key: display.colors.diff.add COLOR_DIFF_LINES: choices: *id001 default: cyan description: Defines the color to use when showing diffs env: - name: ANSIBLE_COLOR_DIFF_LINES ini: - key: diff_lines section: colors name: Color for diff lines display COLOR_DIFF_REMOVE: choices: *id001 default: red description: Defines the color to use when showing removed lines in diffs env: - name: ANSIBLE_COLOR_DIFF_REMOVE ini: - key: diff_remove section: colors name: Color for diff removed display COLOR_ERROR: choices: *id001 default: red description: Defines the color to use when emitting error messages env: - name: ANSIBLE_COLOR_ERROR ini: - key: error section: colors name: Color for error messages yaml: key: colors.error COLOR_HIGHLIGHT: choices: *id001 default: white description: Defines the color to use for highlighting env: - name: ANSIBLE_COLOR_HIGHLIGHT ini: - key: highlight section: colors name: Color for highlighting COLOR_OK: choices: *id001 default: green description: Defines the color to use when showing 'OK' task status env: - name: ANSIBLE_COLOR_OK ini: - key: ok section: colors name: Color for 'ok' task status COLOR_SKIP: choices: *id001 default: cyan description: Defines the color to use when showing 'Skipped' task status env: - name: ANSIBLE_COLOR_SKIP ini: - key: skip section: colors name: Color for 'skip' task status COLOR_UNREACHABLE: choices: *id001 default: bright red description: Defines the color to use on 'Unreachable' status env: - name: ANSIBLE_COLOR_UNREACHABLE ini: - key: unreachable section: colors name: Color for 'unreachable' host state COLOR_VERBOSE: choices: *id001 default: blue description: Defines the color to use when emitting verbose messages. i.e those that show with '-v's. env: - name: ANSIBLE_COLOR_VERBOSE ini: - key: verbose section: colors name: Color for verbose messages COLOR_WARN: choices: *id001 default: bright purple description: Defines the color to use when emitting warning messages env: - name: ANSIBLE_COLOR_WARN ini: - key: warn section: colors name: Color for warning messages COMMAND_WARNINGS: default: false deprecated: collection_name: ansible.builtin version: '2.14' why: the command warnings feature is being removed description: - Ansible can issue a warning when the shell or command module is used and the command appears to be similar to an existing Ansible module. - These warnings can be silenced by adjusting this setting to False. You can also control this at the task level with the module option ``warn``. - As of version 2.11, this is disabled by default. env: - name: ANSIBLE_COMMAND_WARNINGS ini: - key: command_warnings section: defaults name: Command module warnings type: boolean version_added: '1.8' CONNECTION_FACTS_MODULES: default: arista.eos.eos: arista.eos.eos_facts asa: ansible.legacy.asa_facts cisco.asa.asa: cisco.asa.asa_facts cisco.ios.ios: cisco.ios.ios_facts cisco.iosxr.iosxr: cisco.iosxr.iosxr_facts cisco.nxos.nxos: cisco.nxos.nxos_facts community.network.ironware: community.network.ironware_facts eos: ansible.legacy.eos_facts exos: ansible.legacy.exos_facts extreme.exos.exos: extreme.exos.exos_facts extreme.slxos.slxos: extreme.slxos.slxos_facts extreme.voss.voss: extreme.voss.voss_facts frr: ansible.legacy.frr_facts frr.frr.frr: frr.frr.frr_facts ios: ansible.legacy.ios_facts iosxr: ansible.legacy.iosxr_facts ironware: ansible.legacy.ironware_facts junipernetworks.junos.junos: junipernetworks.junos.junos_facts junos: ansible.legacy.junos_facts nxos: ansible.legacy.nxos_facts slxos: ansible.legacy.slxos_facts voss: ansible.legacy.voss_facts vyos: ansible.legacy.vyos_facts vyos.vyos.vyos: vyos.vyos.vyos_facts description: Which modules to run during a play's fact gathering stage based on connection name: Map of connections to fact modules type: dict CONNECTION_PASSWORD_FILE: default: null description: The password file to use for the connection plugin. --connection-password-file. env: - name: ANSIBLE_CONNECTION_PASSWORD_FILE ini: - key: connection_password_file section: defaults name: Connection password file type: path version_added: '2.12' COVERAGE_REMOTE_OUTPUT: description: - Sets the output directory on the remote host to generate coverage reports to. - Currently only used for remote coverage on PowerShell modules. - This is for internal use only. env: - name: _ANSIBLE_COVERAGE_REMOTE_OUTPUT name: Sets the output directory and filename prefix to generate coverage run info. type: str vars: - name: _ansible_coverage_remote_output version_added: '2.9' COVERAGE_REMOTE_PATHS: default: '*' description: - A list of paths for files on the Ansible controller to run coverage for when executing on the remote host. - Only files that match the path glob will have its coverage collected. - Multiple path globs can be specified and are separated by ``:``. - Currently only used for remote coverage on PowerShell modules. - This is for internal use only. env: - name: _ANSIBLE_COVERAGE_REMOTE_PATH_FILTER name: Sets the list of paths to run coverage for. type: str version_added: '2.9' DEFAULT_ACTION_PLUGIN_PATH: default: ~/.ansible/plugins/action:/usr/share/ansible/plugins/action description: Colon separated paths in which Ansible will search for Action Plugins. env: - name: ANSIBLE_ACTION_PLUGINS ini: - key: action_plugins section: defaults name: Action plugins path type: pathspec yaml: key: plugins.action.path DEFAULT_ALLOW_UNSAFE_LOOKUPS: default: false description: - When enabled, this option allows lookup plugins (whether used in variables as ``{{lookup('foo')}}`` or as a loop as with_foo) to return data that is not marked 'unsafe'. - By default, such data is marked as unsafe to prevent the templating engine from evaluating any jinja2 templating language, as this could represent a security risk. This option is provided to allow for backward compatibility, however users should first consider adding allow_unsafe=True to any lookups which may be expected to contain data which may be run through the templating engine late env: [] ini: - key: allow_unsafe_lookups section: defaults name: Allow unsafe lookups type: boolean version_added: 2.2.3 DEFAULT_ASK_PASS: default: false description: - This controls whether an Ansible playbook should prompt for a login password. If using SSH keys for authentication, you probably do not needed to change this setting. env: - name: ANSIBLE_ASK_PASS ini: - key: ask_pass section: defaults name: Ask for the login password type: boolean yaml: key: defaults.ask_pass DEFAULT_ASK_VAULT_PASS: default: false description: - This controls whether an Ansible playbook should prompt for a vault password. env: - name: ANSIBLE_ASK_VAULT_PASS ini: - key: ask_vault_pass section: defaults name: Ask for the vault password(s) type: boolean DEFAULT_BECOME: default: false description: Toggles the use of privilege escalation, allowing you to 'become' another user after login. env: - name: ANSIBLE_BECOME ini: - key: become section: privilege_escalation name: Enable privilege escalation (become) type: boolean DEFAULT_BECOME_ASK_PASS: default: false description: Toggle to prompt for privilege escalation password. env: - name: ANSIBLE_BECOME_ASK_PASS ini: - key: become_ask_pass section: privilege_escalation name: Ask for the privilege escalation (become) password type: boolean DEFAULT_BECOME_EXE: default: null description: executable to use for privilege escalation, otherwise Ansible will depend on PATH env: - name: ANSIBLE_BECOME_EXE ini: - key: become_exe section: privilege_escalation name: Choose 'become' executable DEFAULT_BECOME_FLAGS: default: null description: Flags to pass to the privilege escalation executable. env: - name: ANSIBLE_BECOME_FLAGS ini: - key: become_flags section: privilege_escalation name: Set 'become' executable options DEFAULT_BECOME_METHOD: default: sudo description: Privilege escalation method to use when `become` is enabled. env: - name: ANSIBLE_BECOME_METHOD ini: - key: become_method section: privilege_escalation name: Choose privilege escalation method DEFAULT_BECOME_USER: default: root description: The user your login/remote user 'becomes' when using privilege escalation, most systems will use 'root' when no user is specified. env: - name: ANSIBLE_BECOME_USER ini: - key: become_user section: privilege_escalation name: Set the user you 'become' via privilege escalation yaml: key: become.user DEFAULT_CACHE_PLUGIN_PATH: default: ~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache description: Colon separated paths in which Ansible will search for Cache Plugins. env: - name: ANSIBLE_CACHE_PLUGINS ini: - key: cache_plugins section: defaults name: Cache Plugins Path type: pathspec DEFAULT_CALLBACK_PLUGIN_PATH: default: ~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback description: Colon separated paths in which Ansible will search for Callback Plugins. env: - name: ANSIBLE_CALLBACK_PLUGINS ini: - key: callback_plugins section: defaults name: Callback Plugins Path type: pathspec yaml: key: plugins.callback.path DEFAULT_CLICONF_PLUGIN_PATH: default: ~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf description: Colon separated paths in which Ansible will search for Cliconf Plugins. env: - name: ANSIBLE_CLICONF_PLUGINS ini: - key: cliconf_plugins section: defaults name: Cliconf Plugins Path type: pathspec DEFAULT_CONNECTION_PLUGIN_PATH: default: ~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection description: Colon separated paths in which Ansible will search for Connection Plugins. env: - name: ANSIBLE_CONNECTION_PLUGINS ini: - key: connection_plugins section: defaults name: Connection Plugins Path type: pathspec yaml: key: plugins.connection.path DEFAULT_DEBUG: default: false description: - Toggles debug output in Ansible. This is *very* verbose and can hinder multiprocessing. Debug output can also include secret information despite no_log settings being enabled, which means debug mode should not be used in production. env: - name: ANSIBLE_DEBUG ini: - key: debug section: defaults name: Debug mode type: boolean DEFAULT_EXECUTABLE: default: /bin/sh description: - This indicates the command to use to spawn a shell under for Ansible's execution needs on a target. Users may need to change this in rare instances when shell usage is constrained, but in most cases it may be left as is. env: - name: ANSIBLE_EXECUTABLE ini: - key: executable section: defaults name: Target shell executable DEFAULT_FACT_PATH: default: null description: - This option allows you to globally configure a custom path for 'local_facts' for the implied M(ansible.builtin.setup) task when using fact gathering. - 'If not set, it will fallback to the default from the M(ansible.builtin.setup) module: ``/etc/ansible/facts.d``.' - This does **not** affect user defined tasks that use the M(ansible.builtin.setup) module. env: - name: ANSIBLE_FACT_PATH ini: - key: fact_path section: defaults name: local fact path type: string yaml: key: facts.gathering.fact_path DEFAULT_FILTER_PLUGIN_PATH: default: ~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter description: Colon separated paths in which Ansible will search for Jinja2 Filter Plugins. env: - name: ANSIBLE_FILTER_PLUGINS ini: - key: filter_plugins section: defaults name: Jinja2 Filter Plugins Path type: pathspec DEFAULT_FORCE_HANDLERS: default: false description: - This option controls if notified handlers run on a host even if a failure occurs on that host. - When false, the handlers will not run if a failure has occurred on a host. - This can also be set per play or on the command line. See Handlers and Failure for more details. env: - name: ANSIBLE_FORCE_HANDLERS ini: - key: force_handlers section: defaults name: Force handlers to run after failure type: boolean version_added: 1.9.1 DEFAULT_FORKS: default: 5 description: Maximum number of forks Ansible will use to execute tasks on target hosts. env: - name: ANSIBLE_FORKS ini: - key: forks section: defaults name: Number of task forks type: integer DEFAULT_GATHERING: choices: - smart - explicit - implicit default: implicit description: - This setting controls the default policy of fact gathering (facts discovered about remote systems). - 'When ''implicit'' (the default), the cache plugin will be ignored and facts will be gathered per play unless ''gather_facts: False'' is set.' - When 'explicit' the inverse is true, facts will not be gathered unless directly requested in the play. - The 'smart' value means each new host that has no facts discovered will be scanned, but if the same host is addressed in multiple plays it will not be contacted again in the playbook run. - This option can be useful for those wishing to save fact gathering time. Both 'smart' and 'explicit' will use the cache plugin. env: - name: ANSIBLE_GATHERING ini: - key: gathering section: defaults name: Gathering behaviour version_added: '1.6' DEFAULT_GATHER_SUBSET: default: - all description: - Set the `gather_subset` option for the M(ansible.builtin.setup) task in the implicit fact gathering. See the module documentation for specifics. - It does **not** apply to user defined M(ansible.builtin.setup) tasks. env: - name: ANSIBLE_GATHER_SUBSET ini: - key: gather_subset section: defaults name: Gather facts subset type: list version_added: '2.1' DEFAULT_GATHER_TIMEOUT: default: 10 description: - Set the timeout in seconds for the implicit fact gathering. - It does **not** apply to user defined M(ansible.builtin.setup) tasks. env: - name: ANSIBLE_GATHER_TIMEOUT ini: - key: gather_timeout section: defaults name: Gather facts timeout type: integer yaml: key: defaults.gather_timeout DEFAULT_HASH_BEHAVIOUR: choices: merge: Any dictionary variable will be recursively merged with new definitions across the different variable definition sources. replace: Any variable that is defined more than once is overwritten using the order from variable precedence rules (highest wins). default: replace description: - This setting controls how duplicate definitions of dictionary variables (aka hash, map, associative array) are handled in Ansible. - This does not affect variables whose values are scalars (integers, strings) or arrays. - '**WARNING**, changing this setting is not recommended as this is fragile and makes your content (plays, roles, collections) non portable, leading to continual confusion and misuse. Don''t change this setting unless you think you have an absolute need for it.' - We recommend avoiding reusing variable names and relying on the ``combine`` filter and ``vars`` and ``varnames`` lookups to create merged versions of the individual variables. In our experience this is rarely really needed and a sign that too much complexity has been introduced into the data structures and plays. - For some uses you can also look into custom vars_plugins to merge on input, even substituting the default ``host_group_vars`` that is in charge of parsing the ``host_vars/`` and ``group_vars/`` directories. Most users of this setting are only interested in inventory scope, but the setting itself affects all sources and makes debugging even harder. - All playbooks and roles in the official examples repos assume the default for this setting. - Changing the setting to ``merge`` applies across variable sources, but many sources will internally still overwrite the variables. For example ``include_vars`` will dedupe variables internally before updating Ansible, with 'last defined' overwriting previous definitions in same file. - The Ansible project recommends you **avoid ``merge`` for new projects.** - It is the intention of the Ansible developers to eventually deprecate and remove this setting, but it is being kept as some users do heavily rely on it. New projects should **avoid 'merge'**. env: - name: ANSIBLE_HASH_BEHAVIOUR ini: - key: hash_behaviour section: defaults name: Hash merge behaviour type: string DEFAULT_HOST_LIST: default: /etc/ansible/hosts description: Comma separated list of Ansible inventory sources env: - name: ANSIBLE_INVENTORY expand_relative_paths: true ini: - key: inventory section: defaults name: Inventory Source type: pathlist yaml: key: defaults.inventory DEFAULT_HTTPAPI_PLUGIN_PATH: default: ~/.ansible/plugins/httpapi:/usr/share/ansible/plugins/httpapi description: Colon separated paths in which Ansible will search for HttpApi Plugins. env: - name: ANSIBLE_HTTPAPI_PLUGINS ini: - key: httpapi_plugins section: defaults name: HttpApi Plugins Path type: pathspec DEFAULT_INTERNAL_POLL_INTERVAL: default: 0.001 description: - This sets the interval (in seconds) of Ansible internal processes polling each other. Lower values improve performance with large playbooks at the expense of extra CPU load. Higher values are more suitable for Ansible usage in automation scenarios, when UI responsiveness is not required but CPU usage might be a concern. - The default corresponds to the value hardcoded in Ansible <= 2.1 env: [] ini: - key: internal_poll_interval section: defaults name: Internal poll interval type: float version_added: '2.2' DEFAULT_INVENTORY_PLUGIN_PATH: default: ~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory description: Colon separated paths in which Ansible will search for Inventory Plugins. env: - name: ANSIBLE_INVENTORY_PLUGINS ini: - key: inventory_plugins section: defaults name: Inventory Plugins Path type: pathspec DEFAULT_JINJA2_EXTENSIONS: default: [] description: - This is a developer-specific feature that allows enabling additional Jinja2 extensions. - See the Jinja2 documentation for details. If you do not know what these do, you probably don't need to change this settingĀ :) env: - name: ANSIBLE_JINJA2_EXTENSIONS ini: - key: jinja2_extensions section: defaults name: Enabled Jinja2 extensions DEFAULT_JINJA2_NATIVE: default: false description: This option preserves variable types during template operations. This requires Jinja2 >= 2.10. env: - name: ANSIBLE_JINJA2_NATIVE ini: - key: jinja2_native section: defaults name: Use Jinja2's NativeEnvironment for templating type: boolean version_added: 2.7 yaml: key: jinja2_native DEFAULT_KEEP_REMOTE_FILES: default: false description: - Enables/disables the cleaning up of the temporary files Ansible used to execute the tasks on the remote. - If this option is enabled it will disable ``ANSIBLE_PIPELINING``. env: - name: ANSIBLE_KEEP_REMOTE_FILES ini: - key: keep_remote_files section: defaults name: Keep remote files type: boolean DEFAULT_LIBVIRT_LXC_NOSECLABEL: default: false description: - This setting causes libvirt to connect to lxc containers by passing --noseclabel to virsh. This is necessary when running on systems which do not have SELinux. env: - deprecated: alternatives: the ``ANSIBLE_LIBVIRT_LXC_NOSECLABEL`` environment variable collection_name: ansible.builtin version: '2.12' why: environment variables without ``ANSIBLE_`` prefix are deprecated name: LIBVIRT_LXC_NOSECLABEL - name: ANSIBLE_LIBVIRT_LXC_NOSECLABEL ini: - key: libvirt_lxc_noseclabel section: selinux name: No security label on Lxc type: boolean version_added: '2.1' DEFAULT_LOAD_CALLBACK_PLUGINS: default: false description: - Controls whether callback plugins are loaded when running /usr/bin/ansible. This may be used to log activity from the command line, send notifications, and so on. Callback plugins are always loaded for ``ansible-playbook``. env: - name: ANSIBLE_LOAD_CALLBACK_PLUGINS ini: - key: bin_ansible_callbacks section: defaults name: Load callbacks for adhoc type: boolean version_added: '1.8' DEFAULT_LOCAL_TMP: default: ~/.ansible/tmp description: Temporary directory for Ansible to use on the controller. env: - name: ANSIBLE_LOCAL_TEMP ini: - key: local_tmp section: defaults name: Controller temporary directory type: tmppath DEFAULT_LOG_FILTER: default: [] description: List of logger names to filter out of the log file env: - name: ANSIBLE_LOG_FILTER ini: - key: log_filter section: defaults name: Name filters for python logger type: list DEFAULT_LOG_PATH: default: null description: File to which Ansible will log on the controller. When empty logging is disabled. env: - name: ANSIBLE_LOG_PATH ini: - key: log_path section: defaults name: Ansible log file path type: path DEFAULT_LOOKUP_PLUGIN_PATH: default: ~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup description: Colon separated paths in which Ansible will search for Lookup Plugins. env: - name: ANSIBLE_LOOKUP_PLUGINS ini: - key: lookup_plugins section: defaults name: Lookup Plugins Path type: pathspec yaml: key: defaults.lookup_plugins DEFAULT_MANAGED_STR: default: Ansible managed description: Sets the macro for the 'ansible_managed' variable available for M(ansible.builtin.template) and M(ansible.windows.win_template) modules. This is only relevant for those two modules. env: [] ini: - key: ansible_managed section: defaults name: Ansible managed yaml: key: defaults.ansible_managed DEFAULT_MODULE_ARGS: default: null description: - This sets the default arguments to pass to the ``ansible`` adhoc binary if no ``-a`` is specified. env: - name: ANSIBLE_MODULE_ARGS ini: - key: module_args section: defaults name: Adhoc default arguments DEFAULT_MODULE_COMPRESSION: default: ZIP_DEFLATED description: Compression scheme to use when transferring Python modules to the target. env: [] ini: - key: module_compression section: defaults name: Python module compression DEFAULT_MODULE_NAME: default: command description: Module to use with the ``ansible`` AdHoc command, if none is specified via ``-m``. env: [] ini: - key: module_name section: defaults name: Default adhoc module DEFAULT_MODULE_PATH: default: ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules description: Colon separated paths in which Ansible will search for Modules. env: - name: ANSIBLE_LIBRARY ini: - key: library section: defaults name: Modules Path type: pathspec DEFAULT_MODULE_UTILS_PATH: default: ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils description: Colon separated paths in which Ansible will search for Module utils files, which are shared by modules. env: - name: ANSIBLE_MODULE_UTILS ini: - key: module_utils section: defaults name: Module Utils Path type: pathspec DEFAULT_NETCONF_PLUGIN_PATH: default: ~/.ansible/plugins/netconf:/usr/share/ansible/plugins/netconf description: Colon separated paths in which Ansible will search for Netconf Plugins. env: - name: ANSIBLE_NETCONF_PLUGINS ini: - key: netconf_plugins section: defaults name: Netconf Plugins Path type: pathspec DEFAULT_NO_LOG: default: false description: Toggle Ansible's display and logging of task details, mainly used to avoid security disclosures. env: - name: ANSIBLE_NO_LOG ini: - key: no_log section: defaults name: No log type: boolean DEFAULT_NO_TARGET_SYSLOG: default: false description: - Toggle Ansible logging to syslog on the target when it executes tasks. On Windows hosts this will disable a newer style PowerShell modules from writting to the event log. env: - name: ANSIBLE_NO_TARGET_SYSLOG ini: - key: no_target_syslog section: defaults name: No syslog on target type: boolean vars: - name: ansible_no_target_syslog version_added: '2.10' yaml: key: defaults.no_target_syslog DEFAULT_NULL_REPRESENTATION: default: null description: What templating should return as a 'null' value. When not set it will let Jinja2 decide. env: - name: ANSIBLE_NULL_REPRESENTATION ini: - key: null_representation section: defaults name: Represent a null type: none DEFAULT_POLL_INTERVAL: default: 15 description: - For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), this is how often to check back on the status of those tasks when an explicit poll interval is not supplied. The default is a reasonably moderate 15 seconds which is a tradeoff between checking in frequently and providing a quick turnaround when something may have completed. env: - name: ANSIBLE_POLL_INTERVAL ini: - key: poll_interval section: defaults name: Async poll interval type: integer DEFAULT_PRIVATE_KEY_FILE: default: null description: - Option for connections using a certificate or key file to authenticate, rather than an agent or passwords, you can set the default value here to avoid re-specifying --private-key with every invocation. env: - name: ANSIBLE_PRIVATE_KEY_FILE ini: - key: private_key_file section: defaults name: Private key file type: path DEFAULT_PRIVATE_ROLE_VARS: default: false description: - Makes role variables inaccessible from other roles. - This was introduced as a way to reset role variables to default values if a role is used more than once in a playbook. env: - name: ANSIBLE_PRIVATE_ROLE_VARS ini: - key: private_role_vars section: defaults name: Private role variables type: boolean yaml: key: defaults.private_role_vars DEFAULT_REMOTE_PORT: default: null description: Port to use in remote connections, when blank it will use the connection plugin default. env: - name: ANSIBLE_REMOTE_PORT ini: - key: remote_port section: defaults name: Remote port type: integer yaml: key: defaults.remote_port DEFAULT_REMOTE_USER: description: - Sets the login user for the target machines - When blank it uses the connection plugin's default, normally the user currently executing Ansible. env: - name: ANSIBLE_REMOTE_USER ini: - key: remote_user section: defaults name: Login/Remote User DEFAULT_ROLES_PATH: default: ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles description: Colon separated paths in which Ansible will search for Roles. env: - name: ANSIBLE_ROLES_PATH expand_relative_paths: true ini: - key: roles_path section: defaults name: Roles path type: pathspec yaml: key: defaults.roles_path DEFAULT_SELINUX_SPECIAL_FS: default: fuse, nfs, vboxsf, ramfs, 9p, vfat description: - Some filesystems do not support safe operations and/or return inconsistent errors, this setting makes Ansible 'tolerate' those in the list w/o causing fatal errors. - Data corruption may occur and writes are not always verified when a filesystem is in the list. env: - name: ANSIBLE_SELINUX_SPECIAL_FS version_added: '2.9' ini: - key: special_context_filesystems section: selinux name: Problematic file systems type: list DEFAULT_STDOUT_CALLBACK: default: default description: - Set the main callback used to display Ansible output, you can only have one at a time. - You can have many other callbacks, but just one can be in charge of stdout. env: - name: ANSIBLE_STDOUT_CALLBACK ini: - key: stdout_callback section: defaults name: Main display callback plugin DEFAULT_STRATEGY: default: linear description: Set the default strategy used for plays. env: - name: ANSIBLE_STRATEGY ini: - key: strategy section: defaults name: Implied strategy version_added: '2.3' DEFAULT_STRATEGY_PLUGIN_PATH: default: ~/.ansible/plugins/strategy:/usr/share/ansible/plugins/strategy description: Colon separated paths in which Ansible will search for Strategy Plugins. env: - name: ANSIBLE_STRATEGY_PLUGINS ini: - key: strategy_plugins section: defaults name: Strategy Plugins Path type: pathspec DEFAULT_SU: default: false description: Toggle the use of "su" for tasks. env: - name: ANSIBLE_SU ini: - key: su section: defaults type: boolean yaml: key: defaults.su DEFAULT_SYSLOG_FACILITY: default: LOG_USER description: Syslog facility to use when Ansible logs to the remote target env: - name: ANSIBLE_SYSLOG_FACILITY ini: - key: syslog_facility section: defaults name: syslog facility DEFAULT_TERMINAL_PLUGIN_PATH: default: ~/.ansible/plugins/terminal:/usr/share/ansible/plugins/terminal description: Colon separated paths in which Ansible will search for Terminal Plugins. env: - name: ANSIBLE_TERMINAL_PLUGINS ini: - key: terminal_plugins section: defaults name: Terminal Plugins Path type: pathspec DEFAULT_TEST_PLUGIN_PATH: default: ~/.ansible/plugins/test:/usr/share/ansible/plugins/test description: Colon separated paths in which Ansible will search for Jinja2 Test Plugins. env: - name: ANSIBLE_TEST_PLUGINS ini: - key: test_plugins section: defaults name: Jinja2 Test Plugins Path type: pathspec DEFAULT_TIMEOUT: default: 10 description: This is the default timeout for connection plugins to use. env: - name: ANSIBLE_TIMEOUT ini: - key: timeout section: defaults name: Connection timeout type: integer DEFAULT_TRANSPORT: default: smart description: Default connection plugin to use, the 'smart' option will toggle between 'ssh' and 'paramiko' depending on controller OS and ssh versions env: - name: ANSIBLE_TRANSPORT ini: - key: transport section: defaults name: Connection plugin DEFAULT_UNDEFINED_VAR_BEHAVIOR: default: true description: - When True, this causes ansible templating to fail steps that reference variable names that are likely typoed. - Otherwise, any '{{ template_expression }}' that contains undefined variables will be rendered in a template or ansible action line exactly as written. env: - name: ANSIBLE_ERROR_ON_UNDEFINED_VARS ini: - key: error_on_undefined_vars section: defaults name: Jinja2 fail on undefined type: boolean version_added: '1.3' DEFAULT_VARS_PLUGIN_PATH: default: ~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars description: Colon separated paths in which Ansible will search for Vars Plugins. env: - name: ANSIBLE_VARS_PLUGINS ini: - key: vars_plugins section: defaults name: Vars Plugins Path type: pathspec DEFAULT_VAULT_ENCRYPT_IDENTITY: description: The vault_id to use for encrypting by default. If multiple vault_ids are provided, this specifies which to use for encryption. The --encrypt-vault-id cli option overrides the configured value. env: - name: ANSIBLE_VAULT_ENCRYPT_IDENTITY ini: - key: vault_encrypt_identity section: defaults name: Vault id to use for encryption yaml: key: defaults.vault_encrypt_identity DEFAULT_VAULT_IDENTITY: default: default description: The label to use for the default vault id label in cases where a vault id label is not provided env: - name: ANSIBLE_VAULT_IDENTITY ini: - key: vault_identity section: defaults name: Vault id label yaml: key: defaults.vault_identity DEFAULT_VAULT_IDENTITY_LIST: default: [] description: A list of vault-ids to use by default. Equivalent to multiple --vault-id args. Vault-ids are tried in order. env: - name: ANSIBLE_VAULT_IDENTITY_LIST ini: - key: vault_identity_list section: defaults name: Default vault ids type: list yaml: key: defaults.vault_identity_list DEFAULT_VAULT_ID_MATCH: default: false description: If true, decrypting vaults with a vault id will only try the password from the matching vault-id env: - name: ANSIBLE_VAULT_ID_MATCH ini: - key: vault_id_match section: defaults name: Force vault id match yaml: key: defaults.vault_id_match DEFAULT_VAULT_PASSWORD_FILE: default: null description: - The vault password file to use. Equivalent to --vault-password-file or --vault-id - If executable, it will be run and the resulting stdout will be used as the password. env: - name: ANSIBLE_VAULT_PASSWORD_FILE ini: - key: vault_password_file section: defaults name: Vault password file type: path yaml: key: defaults.vault_password_file DEFAULT_VERBOSITY: default: 0 description: Sets the default verbosity, equivalent to the number of ``-v`` passed in the command line. env: - name: ANSIBLE_VERBOSITY ini: - key: verbosity section: defaults name: Verbosity type: integer DEPRECATION_WARNINGS: default: true description: Toggle to control the showing of deprecation warnings env: - name: ANSIBLE_DEPRECATION_WARNINGS ini: - key: deprecation_warnings section: defaults name: Deprecation messages type: boolean DEVEL_WARNING: default: true description: Toggle to control showing warnings related to running devel env: - name: ANSIBLE_DEVEL_WARNING ini: - key: devel_warning section: defaults name: Running devel warning type: boolean DIFF_ALWAYS: default: false description: Configuration toggle to tell modules to show differences when in 'changed' status, equivalent to ``--diff``. env: - name: ANSIBLE_DIFF_ALWAYS ini: - key: always section: diff name: Show differences type: bool DIFF_CONTEXT: default: 3 description: How many lines of context to show when displaying the differences between files. env: - name: ANSIBLE_DIFF_CONTEXT ini: - key: context section: diff name: Difference context type: integer DISPLAY_ARGS_TO_STDOUT: default: false description: - 'Normally ``ansible-playbook`` will print a header for each task that is run. These headers will contain the name: field from the task if you specified one. If you didn''t then ``ansible-playbook`` uses the task''s action to help you tell which task is presently running. Sometimes you run many of the same action and so you want more information about the task to differentiate it from others of the same action. If you set this variable to True in the config then ``ansible-playbook`` will also include the task''s arguments in the header.' - This setting defaults to False because there is a chance that you have sensitive values in your parameters and you do not want those to be printed. - 'If you set this to True you should be sure that you have secured your environment''s stdout (no one can shoulder surf your screen and you aren''t saving stdout to an insecure file) or made sure that all of your playbooks explicitly added the ``no_log: True`` parameter to tasks which have sensitive values See How do I keep secret data in my playbook? for more information.' env: - name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT ini: - key: display_args_to_stdout section: defaults name: Show task arguments type: boolean version_added: '2.1' DISPLAY_SKIPPED_HOSTS: default: true description: Toggle to control displaying skipped task/host entries in a task in the default callback env: - deprecated: alternatives: the ``ANSIBLE_DISPLAY_SKIPPED_HOSTS`` environment variable collection_name: ansible.builtin version: '2.12' why: environment variables without ``ANSIBLE_`` prefix are deprecated name: DISPLAY_SKIPPED_HOSTS - name: ANSIBLE_DISPLAY_SKIPPED_HOSTS ini: - key: display_skipped_hosts section: defaults name: Show skipped results type: boolean DOCSITE_ROOT_URL: default: https://docs.ansible.com/ansible-core/ description: Root docsite URL used to generate docs URLs in warning/error text; must be an absolute URL with valid scheme and trailing slash. ini: - key: docsite_root_url section: defaults name: Root docsite URL version_added: '2.8' DOC_FRAGMENT_PLUGIN_PATH: default: ~/.ansible/plugins/doc_fragments:/usr/share/ansible/plugins/doc_fragments description: Colon separated paths in which Ansible will search for Documentation Fragments Plugins. env: - name: ANSIBLE_DOC_FRAGMENT_PLUGINS ini: - key: doc_fragment_plugins section: defaults name: documentation fragment plugins path type: pathspec DUPLICATE_YAML_DICT_KEY: choices: - warn - error - ignore default: warn description: - By default Ansible will issue a warning when a duplicate dict key is encountered in YAML. - These warnings can be silenced by adjusting this setting to False. env: - name: ANSIBLE_DUPLICATE_YAML_DICT_KEY ini: - key: duplicate_dict_key section: defaults name: Controls ansible behaviour when finding duplicate keys in YAML. type: string version_added: '2.9' ENABLE_TASK_DEBUGGER: default: false description: - Whether or not to enable the task debugger, this previously was done as a strategy plugin. - Now all strategy plugins can inherit this behavior. The debugger defaults to activating when - a task is failed on unreachable. Use the debugger keyword for more flexibility. env: - name: ANSIBLE_ENABLE_TASK_DEBUGGER ini: - key: enable_task_debugger section: defaults name: Whether to enable the task debugger type: boolean version_added: '2.5' ERROR_ON_MISSING_HANDLER: default: true description: Toggle to allow missing handlers to become a warning instead of an error when notifying. env: - name: ANSIBLE_ERROR_ON_MISSING_HANDLER ini: - key: error_on_missing_handler section: defaults name: Missing handler error type: boolean FACTS_MODULES: default: - smart description: Which modules to run during a play's fact gathering stage, using the default of 'smart' will try to figure it out based on connection type. env: - name: ANSIBLE_FACTS_MODULES ini: - key: facts_modules section: defaults name: Gather Facts Modules type: list vars: - name: ansible_facts_modules GALAXY_CACHE_DIR: default: ~/.ansible/galaxy_cache description: - The directory that stores cached responses from a Galaxy server. - This is only used by the ``ansible-galaxy collection install`` and ``download`` commands. - Cache files inside this dir will be ignored if they are world writable. env: - name: ANSIBLE_GALAXY_CACHE_DIR ini: - key: cache_dir section: galaxy type: path version_added: '2.11' GALAXY_DISPLAY_PROGRESS: default: null description: - Some steps in ``ansible-galaxy`` display a progress wheel which can cause issues on certain displays or when outputing the stdout to a file. - This config option controls whether the display wheel is shown or not. - The default is to show the display wheel if stdout has a tty. env: - name: ANSIBLE_GALAXY_DISPLAY_PROGRESS ini: - key: display_progress section: galaxy type: bool version_added: '2.10' GALAXY_IGNORE_CERTS: default: false description: - If set to yes, ansible-galaxy will not validate TLS certificates. This can be useful for testing against a server with a self-signed certificate. env: - name: ANSIBLE_GALAXY_IGNORE ini: - key: ignore_certs section: galaxy name: Galaxy validate certs type: boolean GALAXY_ROLE_SKELETON: description: Role or collection skeleton directory to use as a template for the ``init`` action in ``ansible-galaxy``, same as ``--role-skeleton``. env: - name: ANSIBLE_GALAXY_ROLE_SKELETON ini: - key: role_skeleton section: galaxy name: Galaxy role or collection skeleton directory type: path GALAXY_ROLE_SKELETON_IGNORE: default: - ^.git$ - ^.*/.git_keep$ description: patterns of files to ignore inside a Galaxy role or collection skeleton directory env: - name: ANSIBLE_GALAXY_ROLE_SKELETON_IGNORE ini: - key: role_skeleton_ignore section: galaxy name: Galaxy skeleton ignore type: list GALAXY_SERVER: default: https://galaxy.ansible.com description: URL to prepend when roles don't specify the full URI, assume they are referencing this server as the source. env: - name: ANSIBLE_GALAXY_SERVER ini: - key: server section: galaxy yaml: key: galaxy.server GALAXY_SERVER_LIST: description: - A list of Galaxy servers to use when installing a collection. - The value corresponds to the config ini header ``[galaxy_server.{{item}}]`` which defines the server details. - See :ref:`galaxy_server_config` for more details on how to define a Galaxy server. - The order of servers in this list is used to as the order in which a collection is resolved. - Setting this config option will ignore the :ref:`galaxy_server` config option. env: - name: ANSIBLE_GALAXY_SERVER_LIST ini: - key: server_list section: galaxy type: list version_added: '2.9' GALAXY_TOKEN_PATH: default: ~/.ansible/galaxy_token description: Local path to galaxy access token file env: - name: ANSIBLE_GALAXY_TOKEN_PATH ini: - key: token_path section: galaxy type: path version_added: '2.9' HOST_KEY_CHECKING: default: true description: Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host env: - name: ANSIBLE_HOST_KEY_CHECKING ini: - key: host_key_checking section: defaults name: Check host keys type: boolean HOST_PATTERN_MISMATCH: choices: - warning - error - ignore default: warning description: This setting changes the behaviour of mismatched host patterns, it allows you to force a fatal error, a warning or just ignore it env: - name: ANSIBLE_HOST_PATTERN_MISMATCH ini: - key: host_pattern_mismatch section: inventory name: Control host pattern mismatch behaviour version_added: '2.8' INJECT_FACTS_AS_VARS: default: true description: - Facts are available inside the `ansible_facts` variable, this setting also pushes them as their own vars in the main namespace. - Unlike inside the `ansible_facts` dictionary, these will have an `ansible_` prefix. env: - name: ANSIBLE_INJECT_FACT_VARS ini: - key: inject_facts_as_vars section: defaults type: boolean version_added: '2.5' INTERPRETER_PYTHON: default: auto description: - Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. Supported discovery modes are ``auto`` (the default), ``auto_silent``, ``auto_legacy``, and ``auto_legacy_silent``. All discovery modes employ a lookup table to use the included system Python (on distributions known to include one), falling back to a fixed ordered list of well-known Python interpreter locations if a platform-specific default is not available. The fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters installed later may change which one is used). This warning behavior can be disabled by setting ``auto_silent`` or ``auto_legacy_silent``. The value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility with older Ansible releases that always defaulted to ``/usr/bin/python``, will use that interpreter if present. env: - name: ANSIBLE_PYTHON_INTERPRETER ini: - key: interpreter_python section: defaults name: Python interpreter path (or automatic discovery behavior) used for module execution vars: - name: ansible_python_interpreter version_added: '2.8' INTERPRETER_PYTHON_DISTRO_MAP: default: centos: &id002 '6': /usr/bin/python '8': /usr/libexec/platform-python '9': /usr/bin/python3 debian: '10': /usr/bin/python3 '8': /usr/bin/python fedora: '23': /usr/bin/python3 oracle: *id002 redhat: *id002 rhel: *id002 ubuntu: '14': /usr/bin/python '16': /usr/bin/python3 name: Mapping of known included platform pythons for various Linux distros version_added: '2.8' INTERPRETER_PYTHON_FALLBACK: default: - python3.10 - python3.9 - python3.8 - python3.7 - python3.6 - python3.5 - /usr/bin/python3 - /usr/libexec/platform-python - python2.7 - python2.6 - /usr/bin/python - python name: Ordered list of Python interpreters to check for in discovery type: list vars: - name: ansible_interpreter_python_fallback version_added: '2.8' INVALID_TASK_ATTRIBUTE_FAILED: default: true description: If 'false', invalid attributes for a task will result in warnings instead of errors env: - name: ANSIBLE_INVALID_TASK_ATTRIBUTE_FAILED ini: - key: invalid_task_attribute_failed section: defaults name: Controls whether invalid attributes for a task result in errors instead of warnings type: boolean version_added: '2.7' INVENTORY_ANY_UNPARSED_IS_FAILED: default: false description: 'If ''true'', it is a fatal error when any given inventory source cannot be successfully parsed by any available inventory plugin; otherwise, this situation only attracts a warning. ' env: - name: ANSIBLE_INVENTORY_ANY_UNPARSED_IS_FAILED ini: - key: any_unparsed_is_failed section: inventory name: Controls whether any unparseable inventory source is a fatal error type: boolean version_added: '2.7' INVENTORY_CACHE_ENABLED: default: false description: - Toggle to turn on inventory caching. - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory configuration. - This message will be removed in 2.16. env: - name: ANSIBLE_INVENTORY_CACHE ini: - key: cache section: inventory name: Inventory caching enabled type: bool INVENTORY_CACHE_PLUGIN: description: - The plugin for caching inventory. - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. - This message will be removed in 2.16. env: - name: ANSIBLE_INVENTORY_CACHE_PLUGIN ini: - key: cache_plugin section: inventory name: Inventory cache plugin INVENTORY_CACHE_PLUGIN_CONNECTION: description: - The inventory cache connection. - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. - This message will be removed in 2.16. env: - name: ANSIBLE_INVENTORY_CACHE_CONNECTION ini: - key: cache_connection section: inventory name: Inventory cache plugin URI to override the defaults section INVENTORY_CACHE_PLUGIN_PREFIX: default: ansible_inventory_ description: - The table prefix for the cache plugin. - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. - This message will be removed in 2.16. env: - name: ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX ini: - key: cache_prefix section: inventory name: Inventory cache plugin table prefix INVENTORY_CACHE_TIMEOUT: default: 3600 description: - Expiration timeout for the inventory cache plugin data. - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. - This message will be removed in 2.16. env: - name: ANSIBLE_INVENTORY_CACHE_TIMEOUT ini: - key: cache_timeout section: inventory name: Inventory cache plugin expiration timeout INVENTORY_ENABLED: default: - host_list - script - auto - yaml - ini - toml description: List of enabled inventory plugins, it also determines the order in which they are used. env: - name: ANSIBLE_INVENTORY_ENABLED ini: - key: enable_plugins section: inventory name: Active Inventory plugins type: list INVENTORY_EXPORT: default: false description: Controls if ansible-inventory will accurately reflect Ansible's view into inventory or its optimized for exporting. env: - name: ANSIBLE_INVENTORY_EXPORT ini: - key: export section: inventory name: Set ansible-inventory into export mode type: bool INVENTORY_IGNORE_EXTS: default: '{{(REJECT_EXTS + (''.orig'', ''.ini'', ''.cfg'', ''.retry''))}}' description: List of extensions to ignore when using a directory as an inventory source env: - name: ANSIBLE_INVENTORY_IGNORE ini: - key: inventory_ignore_extensions section: defaults - key: ignore_extensions section: inventory name: Inventory ignore extensions type: list INVENTORY_IGNORE_PATTERNS: default: [] description: List of patterns to ignore when using a directory as an inventory source env: - name: ANSIBLE_INVENTORY_IGNORE_REGEX ini: - key: inventory_ignore_patterns section: defaults - key: ignore_patterns section: inventory name: Inventory ignore patterns type: list INVENTORY_UNPARSED_IS_FAILED: default: false description: 'If ''true'' it is a fatal error if every single potential inventory source fails to parse, otherwise this situation will only attract a warning. ' env: - name: ANSIBLE_INVENTORY_UNPARSED_FAILED ini: - key: unparsed_is_failed section: inventory name: Unparsed Inventory failure type: bool JINJA2_NATIVE_WARNING: default: true description: Toggle to control showing warnings related to running a Jinja version older than required for jinja2_native env: - name: ANSIBLE_JINJA2_NATIVE_WARNING ini: - key: jinja2_native_warning section: defaults name: Running older than required Jinja version for jinja2_native warning type: boolean LOCALHOST_WARNING: default: true description: - By default Ansible will issue a warning when there are no hosts in the inventory. - These warnings can be silenced by adjusting this setting to False. env: - name: ANSIBLE_LOCALHOST_WARNING ini: - key: localhost_warning section: defaults name: Warning when using implicit inventory with only localhost type: boolean version_added: '2.6' MAX_FILE_SIZE_FOR_DIFF: default: 104448 description: Maximum size of files to be considered for diff display env: - name: ANSIBLE_MAX_DIFF_SIZE ini: - key: max_diff_size section: defaults name: Diff maximum file size type: int MODULE_IGNORE_EXTS: default: '{{(REJECT_EXTS + (''.yaml'', ''.yml'', ''.ini''))}}' description: - List of extensions to ignore when looking for modules to load - This is for rejecting script and binary module fallback extensions env: - name: ANSIBLE_MODULE_IGNORE_EXTS ini: - key: module_ignore_exts section: defaults name: Module ignore extensions type: list NETCONF_SSH_CONFIG: default: null description: This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump host ssh settings should be present in ~/.ssh/config file, alternatively it can be set to custom ssh configuration file path to read the bastion/jump host settings. env: - name: ANSIBLE_NETCONF_SSH_CONFIG ini: - key: ssh_config section: netconf_connection yaml: key: netconf_connection.ssh_config NETWORK_GROUP_MODULES: default: - eos - nxos - ios - iosxr - junos - enos - ce - vyos - sros - dellos9 - dellos10 - dellos6 - asa - aruba - aireos - bigip - ironware - onyx - netconf - exos - voss - slxos description: 'TODO: write it' env: - deprecated: alternatives: the ``ANSIBLE_NETWORK_GROUP_MODULES`` environment variable collection_name: ansible.builtin version: '2.12' why: environment variables without ``ANSIBLE_`` prefix are deprecated name: NETWORK_GROUP_MODULES - name: ANSIBLE_NETWORK_GROUP_MODULES ini: - key: network_group_modules section: defaults name: Network module families type: list yaml: key: defaults.network_group_modules OLD_PLUGIN_CACHE_CLEARING: default: false description: Previously Ansible would only clear some of the plugin loading caches when loading new roles, this led to some behaviours in which a plugin loaded in prevoius plays would be unexpectedly 'sticky'. This setting allows to return to that behaviour. env: - name: ANSIBLE_OLD_PLUGIN_CACHE_CLEAR ini: - key: old_plugin_cache_clear section: defaults type: boolean version_added: '2.8' PARAMIKO_HOST_KEY_AUTO_ADD: default: false description: 'TODO: write it' env: - name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD ini: - key: host_key_auto_add section: paramiko_connection type: boolean PARAMIKO_LOOK_FOR_KEYS: default: true description: 'TODO: write it' env: - name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS ini: - key: look_for_keys section: paramiko_connection name: look for keys type: boolean PERSISTENT_COMMAND_TIMEOUT: default: 30 description: This controls the amount of time to wait for response from remote device before timing out persistent connection. env: - name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT ini: - key: command_timeout section: persistent_connection name: Persistence command timeout type: int PERSISTENT_CONNECT_RETRY_TIMEOUT: default: 15 description: This controls the retry timeout for persistent connection to connect to the local domain socket. env: - name: ANSIBLE_PERSISTENT_CONNECT_RETRY_TIMEOUT ini: - key: connect_retry_timeout section: persistent_connection name: Persistence connection retry timeout type: integer PERSISTENT_CONNECT_TIMEOUT: default: 30 description: This controls how long the persistent connection will remain idle before it is destroyed. env: - name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT ini: - key: connect_timeout section: persistent_connection name: Persistence timeout type: integer PERSISTENT_CONTROL_PATH_DIR: default: ~/.ansible/pc description: Path to socket to be used by the connection persistence system. env: - name: ANSIBLE_PERSISTENT_CONTROL_PATH_DIR ini: - key: control_path_dir section: persistent_connection name: Persistence socket path type: path PLAYBOOK_DIR: description: - A number of non-playbook CLIs have a ``--playbook-dir`` argument; this sets the default value for it. env: - name: ANSIBLE_PLAYBOOK_DIR ini: - key: playbook_dir section: defaults name: playbook dir override for non-playbook CLIs (ala --playbook-dir) type: path version_added: '2.9' PLAYBOOK_VARS_ROOT: choices: - top - bottom - all default: top description: - This sets which playbook dirs will be used as a root to process vars plugins, which includes finding host_vars/group_vars - The ``top`` option follows the traditional behaviour of using the top playbook in the chain to find the root directory. - The ``bottom`` option follows the 2.4.0 behaviour of using the current playbook to find the root directory. - The ``all`` option examines from the first parent to the current playbook. env: - name: ANSIBLE_PLAYBOOK_VARS_ROOT ini: - key: playbook_vars_root section: defaults name: playbook vars files root version_added: 2.4.1 PLUGIN_FILTERS_CFG: default: null description: - A path to configuration for filtering which plugins installed on the system are allowed to be used. - See :ref:`plugin_filtering_config` for details of the filter file's format. - ' The default is /etc/ansible/plugin_filters.yml' ini: - deprecated: alternatives: the "defaults" section instead collection_name: ansible.builtin version: '2.12' why: specifying "plugin_filters_cfg" under the "default" section is deprecated key: plugin_filters_cfg section: default - key: plugin_filters_cfg section: defaults name: Config file for limiting valid plugins type: path version_added: 2.5.0 PYTHON_MODULE_RLIMIT_NOFILE: default: 0 description: - Attempts to set RLIMIT_NOFILE soft limit to the specified value when executing Python modules (can speed up subprocess usage on Python 2.x. See https://bugs.python.org/issue11284). The value will be limited by the existing hard limit. Default value of 0 does not attempt to adjust existing system-defined limits. env: - name: ANSIBLE_PYTHON_MODULE_RLIMIT_NOFILE ini: - key: python_module_rlimit_nofile section: defaults name: Adjust maximum file descriptor soft limit during Python module execution vars: - name: ansible_python_module_rlimit_nofile version_added: '2.8' RETRY_FILES_ENABLED: default: false description: This controls whether a failed Ansible playbook should create a .retry file. env: - name: ANSIBLE_RETRY_FILES_ENABLED ini: - key: retry_files_enabled section: defaults name: Retry files type: bool RETRY_FILES_SAVE_PATH: default: null description: - This sets the path in which Ansible will save .retry files when a playbook fails and retry files are enabled. - This file will be overwritten after each run with the list of failed hosts from all plays. env: - name: ANSIBLE_RETRY_FILES_SAVE_PATH ini: - key: retry_files_save_path section: defaults name: Retry files path type: path RUN_VARS_PLUGINS: choices: - demand - start default: demand description: - This setting can be used to optimize vars_plugin usage depending on user's inventory size and play selection. - Setting to C(demand) will run vars_plugins relative to inventory sources anytime vars are 'demanded' by tasks. - Setting to C(start) will run vars_plugins relative to inventory sources after importing that inventory source. env: - name: ANSIBLE_RUN_VARS_PLUGINS ini: - key: run_vars_plugins section: defaults name: When should vars plugins run relative to inventory type: str version_added: '2.10' SHOW_CUSTOM_STATS: default: false description: This adds the custom stats set via the set_stats plugin to the default output env: - name: ANSIBLE_SHOW_CUSTOM_STATS ini: - key: show_custom_stats section: defaults name: Display custom stats type: bool STRING_CONVERSION_ACTION: default: warn description: - Action to take when a module parameter value is converted to a string (this does not affect variables). For string parameters, values such as '1.00', "['a', 'b',]", and 'yes', 'y', etc. will be converted by the YAML parser unless fully quoted. - Valid options are 'error', 'warn', and 'ignore'. - Since 2.8, this option defaults to 'warn' but will change to 'error' in 2.12. env: - name: ANSIBLE_STRING_CONVERSION_ACTION ini: - key: string_conversion_action section: defaults type: string version_added: '2.8' STRING_TYPE_FILTERS: default: - string - to_json - to_nice_json - to_yaml - to_nice_yaml - ppretty - json description: - This list of filters avoids 'type conversion' when templating variables - Useful when you want to avoid conversion into lists or dictionaries for JSON strings, for example. env: - name: ANSIBLE_STRING_TYPE_FILTERS ini: - key: dont_type_filters section: jinja2 name: Filters to preserve strings type: list SYSTEM_WARNINGS: default: true description: - Allows disabling of warnings related to potential issues on the system running ansible itself (not on the managed hosts) - These may include warnings about 3rd party packages or other conditions that should be resolved if possible. env: - name: ANSIBLE_SYSTEM_WARNINGS ini: - key: system_warnings section: defaults name: System warnings type: boolean TAGS_RUN: default: [] description: default list of tags to run in your plays, Skip Tags has precedence. env: - name: ANSIBLE_RUN_TAGS ini: - key: run section: tags name: Run Tags type: list version_added: '2.5' TAGS_SKIP: default: [] description: default list of tags to skip in your plays, has precedence over Run Tags env: - name: ANSIBLE_SKIP_TAGS ini: - key: skip section: tags name: Skip Tags type: list version_added: '2.5' TASK_DEBUGGER_IGNORE_ERRORS: default: true description: - This option defines whether the task debugger will be invoked on a failed task when ignore_errors=True is specified. - True specifies that the debugger will honor ignore_errors, False will not honor ignore_errors. env: - name: ANSIBLE_TASK_DEBUGGER_IGNORE_ERRORS ini: - key: task_debugger_ignore_errors section: defaults name: Whether a failed task with ignore_errors=True will still invoke the debugger type: boolean version_added: '2.7' TASK_TIMEOUT: default: 0 description: - Set the maximum time (in seconds) that a task can run for. - If set to 0 (the default) there is no timeout. env: - name: ANSIBLE_TASK_TIMEOUT ini: - key: task_timeout section: defaults name: Task Timeout type: integer version_added: '2.10' TRANSFORM_INVALID_GROUP_CHARS: choices: - always - never - ignore - silently default: never description: - Make ansible transform invalid characters in group names supplied by inventory sources. - If 'never' it will allow for the group name but warn about the issue. - When 'ignore', it does the same as 'never', without issuing a warning. - When 'always' it will replace any invalid characters with '_' (underscore) and warn the user - When 'silently', it does the same as 'always', without issuing a warning. env: - name: ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS ini: - key: force_valid_group_names section: defaults name: Transform invalid characters in group names type: string version_added: '2.8' USE_PERSISTENT_CONNECTIONS: default: false description: Toggles the use of persistence for connections. env: - name: ANSIBLE_USE_PERSISTENT_CONNECTIONS ini: - key: use_persistent_connections section: defaults name: Persistence type: boolean VALIDATE_ACTION_GROUP_METADATA: default: true description: - A toggle to disable validating a collection's 'metadata' entry for a module_defaults action group. Metadata containing unexpected fields or value types will produce a warning when this is True. env: - name: ANSIBLE_VALIDATE_ACTION_GROUP_METADATA ini: - key: validate_action_group_metadata section: defaults type: bool version_added: '2.12' VARIABLE_PLUGINS_ENABLED: default: - host_group_vars description: Whitelist for variable plugins that require it. env: - name: ANSIBLE_VARS_ENABLED ini: - key: vars_plugins_enabled section: defaults name: Vars plugin enabled list type: list version_added: '2.10' VARIABLE_PRECEDENCE: default: - all_inventory - groups_inventory - all_plugins_inventory - all_plugins_play - groups_plugins_inventory - groups_plugins_play description: Allows to change the group variable precedence merge order. env: - name: ANSIBLE_PRECEDENCE ini: - key: precedence section: defaults name: Group variable precedence type: list version_added: '2.4' VERBOSE_TO_STDERR: default: false description: - Force 'verbose' option to use stderr instead of stdout env: - name: ANSIBLE_VERBOSE_TO_STDERR ini: - key: verbose_to_stderr section: defaults type: bool version_added: '2.8' WIN_ASYNC_STARTUP_TIMEOUT: default: 5 description: - For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), this is how long, in seconds, to wait for the task spawned by Ansible to connect back to the named pipe used on Windows systems. The default is 5 seconds. This can be too low on slower systems, or systems under heavy load. - This is not the total time an async command can run for, but is a separate timeout to wait for an async command to start. The task will only start to be timed against its async_timeout once it has connected to the pipe, so the overall maximum duration the task can take will be extended by the amount specified here. env: - name: ANSIBLE_WIN_ASYNC_STARTUP_TIMEOUT ini: - key: win_async_startup_timeout section: defaults name: Windows Async Startup Timeout type: integer vars: - name: ansible_win_async_startup_timeout version_added: '2.10' WORKER_SHUTDOWN_POLL_COUNT: default: 0 description: - The maximum number of times to check Task Queue Manager worker processes to verify they have exited cleanly. - After this limit is reached any worker processes still running will be terminated. - This is for internal use only. env: - name: ANSIBLE_WORKER_SHUTDOWN_POLL_COUNT name: Worker Shutdown Poll Count type: integer version_added: '2.10' WORKER_SHUTDOWN_POLL_DELAY: default: 0.1 description: - The number of seconds to sleep between polling loops when checking Task Queue Manager worker processes to verify they have exited cleanly. - This is for internal use only. env: - name: ANSIBLE_WORKER_SHUTDOWN_POLL_DELAY name: Worker Shutdown Poll Delay type: float version_added: '2.10' YAML_FILENAME_EXTENSIONS: default: - .yml - .yaml - .json description: - Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these. - This affects vars_files, include_vars, inventory and vars plugins among others. env: - name: ANSIBLE_YAML_FILENAME_EXT ini: - key: yaml_valid_extensions section: defaults name: Valid YAML extensions type: list
See also
- Ansible: modules, plugins, Playbooks (examples)
ansible-playbook
,ansible-vault
,ansible-inventory
,ansible-config
, Ansible Tower, Ansible Galaxy (Roles) (ansible-galaxy
),ansible-cmdb
,gather facts
,ansible.cfg
,Ansible Molecule
, Ansible collections,register
,template
,--ask-pass
,--ask-become-pass
,remote_user:
,/etc/ansible/hosts
,ansible-doc
,ansible-lint
,.ansible/
,--forks
,--start-at-task
,changelog
,inventory
,Notify:
,ansible HOSTNAME -m ping
,gathering
,/usr/bin/ansible
,ansible -m ping
,ansible.builtin
,hosts: (Ansible)
,set fact:
,when:
,blockinfile:
,become method:
,include:
,git:
, AWX,ansible --help
, Tags, Ansible variables, versions
Advertising: