1 # config file for ansible -- https://ansible.com/
2 # ===============================================
4 # nearly all parameters can be overridden in ansible-playbook
5 # or with command line flags. ansible will read ANSIBLE_CONFIG,
6 # ansible.cfg in the current working directory, .ansible.cfg in
7 # the home directory or /etc/ansible/ansible.cfg, whichever it
12 # some basic default values...
14 #inventory = /etc/ansible/hosts
15 #library = /usr/share/my_modules/
16 #module_utils = /usr/share/my_module_utils/
17 #remote_tmp = ~/.ansible/tmp
18 #local_tmp = ~/.ansible/tmp
27 #module_set_locale = False
29 # plays will gather facts by default, which contain information about
32 # smart - gather by default, but don't regather if already gathered
33 # implicit - gather by default, turn off with gather_facts: False
34 # explicit - do not gather by default, must say gather_facts: True
37 # This only affects the gathering done by a play's gather_facts directive,
38 # by default gathering retrieves all facts subsets
39 # all - gather all subsets
40 # network - gather min and network facts
41 # hardware - gather hardware facts (longest facts to retrieve)
42 # virtual - gather min and virtual facts
43 # facter - import facts from facter
44 # ohai - import facts from ohai
45 # You can combine them using comma (ex: network,virtual)
46 # You can negate them using ! (ex: !hardware,!facter,!ohai)
47 # A minimal set of facts is always gathered.
50 # some hardware related facts are collected
51 # with a maximum timeout of 10 seconds. This
52 # option lets you increase or decrease that
53 # timeout to something more suitable for the
57 # additional paths to search for roles in, colon separated
58 #roles_path = /etc/ansible/roles
60 # uncomment this to disable SSH key host checking
61 #host_key_checking = False
63 # change the default callback, you can only have one 'stdout' type enabled at a time.
64 #stdout_callback = skippy
67 ## Ansible ships with some plugins that require whitelisting,
68 ## this is done to avoid running all of a type by default.
69 ## These setting lists those that you want enabled for your system.
70 ## Custom plugins should not need this unless plugin author specifies it.
72 # enable callback plugins, they can output to stdout but cannot be 'stdout' type.
73 #callback_whitelist = timer, mail
75 # Determine whether includes in tasks and handlers are "static" by
76 # default. As of 2.0, includes are dynamic by default. Setting these
77 # values to True will make includes behave more like they did in the
79 #task_includes_static = True
80 #handler_includes_static = True
82 # Controls if a missing handler for a notification event is an error or a warning
83 #error_on_missing_handler = True
85 # change this for alternative sudo implementations
88 # What flags to pass to sudo
89 # WARNING: leaving out the defaults might create unexpected behaviours
90 #sudo_flags = -H -S -n
95 # default user to use for playbooks if user is not specified
96 # (/usr/bin/ansible will use current user as default)
99 # logging is off by default unless this path is defined
100 # if so defined, consider logrotate
101 #log_path = /var/log/ansible.log
103 # default module name for /usr/bin/ansible
104 #module_name = command
106 # use this shell for commands executed under sudo
107 # you may need to change this to bin/bash in rare instances
108 # if sudo is constrained
109 #executable = /bin/sh
111 # if inventory variables overlap, does the higher precedence one win
112 # or are hash values merged together? The default is 'replace' but
113 # this can also be set to 'merge'.
114 #hash_behaviour = replace
116 # by default, variables from roles will be visible in the global variable
117 # scope. To prevent this, the following option can be enabled, and only
118 # tasks and handlers within the role will see the variables there
119 #private_role_vars = yes
121 # list any Jinja2 extensions to enable here:
122 #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
124 # if set, always use this private key file for authentication, same as
125 # if passing --private-key to ansible or ansible-playbook
126 #private_key_file = /path/to/file
128 # If set, configures the path to the Vault password file as an alternative to
129 # specifying --vault-password-file on the command line.
130 #vault_password_file = /path/to/vault_password_file
132 # format of string {{ ansible_managed }} available within Jinja2
133 # templates indicates to users editing templates files will be replaced.
134 # replacing {file}, {host} and {uid} and strftime codes with proper values.
135 #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
136 # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
137 # in some situations so the default is a static string:
138 #ansible_managed = Ansible managed
140 # by default, ansible-playbook will display "Skipping [host]" if it determines a task
141 # should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
142 # messages. NOTE: the task header will still be shown regardless of whether or not the
144 #display_skipped_hosts = True
146 # by default, if a task in a playbook does not include a name: field then
147 # ansible-playbook will construct a header that includes the task's action but
148 # not the task's args. This is a security feature because ansible cannot know
149 # if the *module* considers an argument to be no_log at the time that the
150 # header is printed. If your environment doesn't have a problem securing
151 # stdout from ansible-playbook (or you have manually specified no_log in your
152 # playbook on all of the tasks where you have secret information) then you can
153 # safely set this to True to get more informative messages.
154 #display_args_to_stdout = False
156 # by default (as of 1.3), Ansible will raise errors when attempting to dereference
157 # Jinja2 variables that are not set in templates or action lines. Uncomment this line
158 # to revert the behavior to pre-1.3.
159 #error_on_undefined_vars = False
161 # by default (as of 1.6), Ansible may display warnings based on the configuration of the
162 # system running ansible itself. This may include warnings about 3rd party packages or
163 # other conditions that should be resolved if possible.
164 # to disable these warnings, set the following value to False:
165 #system_warnings = True
167 # by default (as of 1.4), Ansible may display deprecation warnings for language
168 # features that should no longer be used and will be removed in future versions.
169 # to disable these warnings, set the following value to False:
170 deprecation_warnings = false
172 # (as of 1.8), Ansible can optionally warn when usage of the shell and
173 # command module appear to be simplified by using a default Ansible module
174 # instead. These warnings can be silenced by adjusting the following
175 # setting or adding warn=yes or warn=no to the end of the command line
176 # parameter string. This will for example suggest using the git module
177 # instead of shelling out to the git command.
178 # command_warnings = False
181 # set plugin path directories here, separate with colons
182 #action_plugins = /usr/share/ansible/plugins/action
183 #cache_plugins = /usr/share/ansible/plugins/cache
184 #callback_plugins = /usr/share/ansible/plugins/callback
185 #connection_plugins = /usr/share/ansible/plugins/connection
186 #lookup_plugins = /usr/share/ansible/plugins/lookup
187 #inventory_plugins = /usr/share/ansible/plugins/inventory
188 #vars_plugins = /usr/share/ansible/plugins/vars
189 #filter_plugins = /usr/share/ansible/plugins/filter
190 #test_plugins = /usr/share/ansible/plugins/test
191 #terminal_plugins = /usr/share/ansible/plugins/terminal
192 #strategy_plugins = /usr/share/ansible/plugins/strategy
195 # by default, ansible will use the 'linear' strategy but you may want to try
199 # by default callbacks are not loaded for /bin/ansible, enable this if you
200 # want, for example, a notification or logging callback to also apply to
202 #bin_ansible_callbacks = False
205 # don't like cows? that's unfortunate.
206 # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
209 # set which cowsay stencil you'd like to use by default. When set to 'random',
210 # a random stencil will be selected for each task. The selection will be filtered
211 # against the `cow_whitelist` option below.
212 #cow_selection = default
213 #cow_selection = random
215 # when using the 'random' option for cowsay, stencils will be restricted to this list.
216 # it should be formatted as a comma-separated list with no spaces between names.
217 # NOTE: line continuations here are for formatting purposes only, as the INI parser
218 # in python does not support them.
219 #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
220 # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
221 # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
223 # don't like colors either?
224 # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
227 # if set to a persistent type (not 'memory', for example 'redis') fact values
228 # from previous runs in Ansible will be stored. This may be useful when
229 # wanting to use, for example, IP information from one group of servers
230 # without having to talk to them in the same playbook run to get their
231 # current IP information.
232 #fact_caching = memory
236 # When a playbook fails by default a .retry file will be created in ~/
237 # You can disable this feature by setting retry_files_enabled to False
238 # and you can change the location of the files by setting retry_files_save_path
240 #retry_files_enabled = False
241 #retry_files_save_path = ~/.ansible-retry
244 # Ansible can optimise actions that call modules with list parameters
245 # when looping. Instead of calling the module once per with_ item, the
246 # module is called once with all items at once. Currently this only works
247 # under limited circumstances, and only with parameters named 'name'.
248 #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
250 # prevents logging of task data, off by default
253 # prevents logging of tasks, but only on the targets, data is still logged on the master/controller
254 #no_target_syslog = False
256 # controls whether Ansible will raise an error or warning if a task has no
257 # choice but to create world readable temporary files to execute a module on
258 # the remote machine. This option is False by default for security. Users may
259 # turn this on to have behaviour more like Ansible prior to 2.1.x. See
260 # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
261 # for more secure ways to fix this than enabling this option.
262 #allow_world_readable_tmpfiles = False
264 # controls the compression level of variables sent to
265 # worker processes. At the default of 0, no compression
266 # is used. This value must be an integer from 0 to 9.
267 #var_compression_level = 9
269 # controls what compression method is used for new-style ansible modules when
270 # they are sent to the remote system. The compression types depend on having
271 # support compiled into both the controller's python and the client's python.
272 # The names should match with the python Zipfile compression types:
273 # * ZIP_STORED (no compression. available everywhere)
274 # * ZIP_DEFLATED (uses zlib, the default)
275 # These values may be set per host via the ansible_module_compression inventory
277 #module_compression = 'ZIP_DEFLATED'
279 # This controls the cutoff point (in bytes) on --diff for files
280 # set to 0 for unlimited (RAM may suffer!).
281 #max_diff_size = 1048576
283 # This controls how ansible handles multiple --tags and --skip-tags arguments
284 # on the CLI. If this is True then multiple arguments are merged together. If
285 # it is False, then the last specified argument is used and the others are ignored.
286 # This option will be removed in 2.8.
287 #merge_multiple_cli_flags = True
289 # Controls showing custom stats at the end, off by default
290 #show_custom_stats = True
292 # Controls which files to ignore when using a directory as inventory with
293 # possibly multiple sources (both static and dynamic)
294 #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
296 # This family of modules use an alternative execution path optimized for network appliances
297 # only update this setting if you know how this works, otherwise it can break module execution
298 #network_group_modules=['eos', 'nxos', 'ios', 'iosxr', 'junos', 'vyos']
300 # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
301 # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
302 # jinja2 templating language which will be run through the templating engine.
303 # ENABLING THIS COULD BE A SECURITY RISK
304 #allow_unsafe_lookups = False
306 # set default errors for all plays
307 #any_errors_fatal = False
310 # enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini'
311 #enable_plugins = host_list, virtualbox, yaml, constructed
313 # ignore these extensions when parsing a directory as inventory source
314 #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
316 # ignore files matching these patterns when parsing a directory as inventory source
319 # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
320 #unparsed_is_failed=False
322 [privilege_escalation]
326 #become_ask_pass=False
328 [paramiko_connection]
330 # uncomment this line to cause the paramiko connection plugin to not record new host
331 # keys encountered. Increases performance on new host additions. Setting works independently of the
332 # host key checking setting above.
333 #record_host_keys=False
335 # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
336 # line to disable this behaviour.
339 # paramiko will default to looking for SSH keys initially when trying to
340 # authenticate to remote devices. This is a problem for some network devices
341 # that close the connection after a key failure. Uncomment this line to
342 # disable the Paramiko look for keys function
343 #look_for_keys = False
345 # When using persistent connections with Paramiko, the connection runs in a
346 # background process. If the host doesn't already have a valid SSH key, by
347 # default Ansible will prompt to add the host key. This will cause connections
348 # running in background processes to fail. Uncomment this line to have
349 # Paramiko automatically add host keys.
350 #host_key_auto_add = True
354 # ssh arguments to use
355 # Leaving off ControlPersist will result in poor performance, so use
356 # paramiko on older platforms rather than removing it, -C controls compression use
357 #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
359 # The base directory for the ControlPath sockets.
360 # This is the "%(directory)s" in the control_path option
363 # control_path_dir = /tmp/.ansible/cp
364 #control_path_dir = ~/.ansible/cp
366 # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
367 # port and username (empty string in the config). The hash mitigates a common problem users
368 # found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
369 # In those cases, a "too long for Unix domain socket" ssh error would occur.
372 # control_path = %(directory)s/%%h-%%r
375 # Enabling pipelining reduces the number of SSH operations required to
376 # execute a module on the remote server. This can result in a significant
377 # performance improvement when enabled, however when using "sudo:" you must
378 # first disable 'requiretty' in /etc/sudoers
380 # By default, this option is disabled to preserve compatibility with
381 # sudoers configurations that have requiretty (the default on many distros).
385 # Control the mechanism for transferring files (old)
386 # * smart = try sftp and then try scp [default]
387 # * True = use scp only
388 # * False = use sftp only
391 # Control the mechanism for transferring files (new)
392 # If set, this will override the scp_if_ssh option
393 # * sftp = use sftp to transfer files
394 # * scp = use scp to transfer files
395 # * piped = use 'dd' over SSH to transfer files
396 # * smart = try sftp, scp, and piped, in that order [default]
397 #transfer_method = smart
399 # if False, sftp will not use batch mode to transfer files. This may cause some
400 # types of file transfer failures impossible to catch however, and should
401 # only be disabled if your sftp version has problems with batch mode
402 #sftp_batch_mode = False
404 [persistent_connection]
406 # Configures the persistent connection timeout value in seconds. This value is
407 # how long the persistent connection will remain idle before it is destroyed.
408 # If the connection doesn't receive a request before the timeout value
409 # expires, the connection is shutdown. The default value is 30 seconds.
410 #connect_timeout = 30
412 # Configures the persistent connection retry timeout. This value configures the
413 # the retry timeout that ansible-connection will wait to connect
414 # to the local domain socket. This value must be larger than the
415 # ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout).
416 # The default value is 15 seconds.
417 #connect_retry_timeout = 15
419 # The command timeout value defines the amount of time to wait for a command
420 # or RPC call before timing out. The value for the command timeout must
421 # be less than the value of the persistent connection idle timeout (connect_timeout)
422 # The default value is 10 second.
423 #command_timeout = 10
426 #accelerate_port = 5099
427 #accelerate_timeout = 30
428 #accelerate_connect_timeout = 5.0
430 # The daemon timeout is measured in minutes. This time is measured
431 # from the last activity to the accelerate daemon.
432 #accelerate_daemon_timeout = 30
434 # If set to yes, accelerate_multi_key will allow multiple
435 # private keys to be uploaded to it, though each user must
436 # have access to the system via SSH to add a new key. The default
438 #accelerate_multi_key = yes
441 # file systems that require special treatment when dealing with security context
442 # the default behaviour that copies the existing context or uses the user default
443 # needs to be changed to use the file system dependent context.
444 #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
446 # Set this to yes to allow libvirt_lxc connections to work without SELinux.
447 #libvirt_lxc_noseclabel = yes
452 #warn = bright purple
466 # Always print diff when running ( same as always running with -D/--diff )
469 # Set how many context lines to show in diff