Ansible Configuration and Inventory files
- Ansible Tutorial – Introduction and Installation of Ansible
- Ansible Configuration and Inventory files
- Ansible Local Testing: Vagrant and Virtualbox
- Ansible Ad-hoc commands usage
In the Ansible Configuration and Inventory section, we will get to know the basics of Ansible Configuration file and Ansible Inventory. We will get to know the nuances once we go along the tutorial.
The settings of ansible can be changed through a configuration file ( ansible.cfg ). The default configuration can be used out of the box. However, there could be reasons where you might need to tweak the settings to cater your needs.
During installation, a default configuration file gets created under /etc/ansible. This has the lowest order in terms of precedence. The precedence of ansible.cfg file follows the below order in the latest version of ansible.
- ANSIBLE_CONFIG (an environment variable)
- ansible.cfg (in the current directory)
- .ansible.cfg (in the home directory)
Lets go through some of the commonly tuned parameters within the ansible.cfg file. You can find the default configuration file at /etc/ansible/ansible.cfg
inventory = /etc/ansible/hosts
This defines the path where ansible searches for hosts file ( Inventory ). You can override it by specifying a different inventory file using -i <path> option on the command line.
forks = 5
By default, Ansible runs the command in parallel using multiple forks. You can increase this value depending on how much your system and network connection can handle. If you set the value to 1, the command gets executed serially, i.e one after the other.
ask_pass = False
This controls whether an Ansible playbook should prompt for a password by default. The default behavior is no. If using SSH keys for authentication, it’s probably not needed to change this setting.
ask_sudo_pass = False
Similar to ask_pass, this controls whether an Ansible playbook should prompt for a sudo password by default when sudoing. The default behavior is also no. Users on platforms where sudo passwords are enabled should consider changing this setting. But it is recommended to use passwordless sudo access to make it non-interactive.
roles_path = /opt/Ansible/roles #Additional Paths roles_path = /home/vagrant/Ansible/roles:/opt/Ansible/roles
roles_path indicate additional directories to search beyond the the ‘roles/’ subdirectory of a playbook project. Additional paths can be provided separated by colon characters, in the same way as other path strings. Roles will be first searched for in the playbook directory. Should a role not be found, it will indicate all the possible paths that were searched.
host_key_checking = True
By default, host key checking is on. If you understand the implications and wish to disable it, you may do so here by setting the value to False.
remote_user = root
This is the default username ansible will connect as. Ansible will always default to the current user if this is not defined
Hosts file contains the inventory of servers that will be managed through Ansible. There is a default hosts file located at /etc/ansible/hosts which is an ini file. You can specify a different inventory file using the -i <path> option on the command line.
Hosts and Groups
Inventory file contains both hosts and groups. Groups are nothing but collection of individual host. This way, it is easy for us to manage and execute command on multiple hosts by using their group name. Below examples will explain the various ways we can define an Inventory file.
Hosts example ( IP Address ):
192.168.33.10 192.168.33.20 192.168.33.30
Above inventory file contains series of IP address which Ansible can connect to.
Hosts example ( Hostname and Alias ):
app1.example.com app2.example.com db.example.com ansible_host=192.168.33.30
The above example contains host names and alias for an IP address. Here, db.example.com is an alias set for an host with an IP 192.168.33.30 using Ansible variable ‘ansible_host’.
Note: You can pass Ansible variables in the inventory file
192.168.22.10 [web] 192.168.33.10 192.168.33.20 [db] 192.168.33.30 192.168.33.40 [all] 192.168.33.10 192.168.33.20 192.168.33.30 192.168.33.40
The headings in brackets are group names, which are used in classifying systems and deciding what systems you are controlling at what times and for what purpose.
It is ok to put systems in more than one group, for instance a server could be both a webserver and a dbserver.
Group of Groups:
[web] 192.168.33.10 192.168.33.20 [db] 192.168.33.30 192.168.33.40 [all:children] web db
It is also possible to make groups of groups using the ‘:children’ suffix. This makes the configuration much simpler.
Group example ( with group variables ):
[web] 192.168.33.10 192.168.33.20 [db] 192.168.33.30 db2.example.com [db:vars] ansible_host=192.168.33.40 remote_user=vagrant
‘ansible_host’ and ‘remote_user’ are group variables for the group db.
Splitting Out Host and Group Specific Data:
The preferred practice in Ansible is actually not to store variables in the main inventory file.
In addition to storing variables directly in the INI file, host and group variables can be stored in individual files relative to the inventory file.
We will deep dive into this in the later section.