The ansible.cfg file is a crucial component in the Ansible ecosystem, providing a centralized configuration point to customize the behavior of Ansible. This article explores the structure, key sections, and settings of the ansible.cfg file, and provides best practices for its usage.

What is ansible.cfg?

The ansible.cfg file is an INI-like configuration file used to define various settings and parameters that influence how Ansible operates. This file can be placed in different locations, with Ansible searching for it in the following order of precedence:

  1. ANSIBLE_CONFIG environment variable (if set)
  2. ansible.cfg file in the current working directory
  3. .ansible.cfg file in the user’s home directory
  4. /etc/ansible/ansible.cfg file (global configuration)

Each of these configuration files can override the settings specified in the others, with the highest precedence being given to the environment variable.

Structure of ansible.cfg

The ansible.cfg file is divided into sections, each containing various parameters that can be customized. Here are some of the key sections and their important settings:

  1. [defaults] This section contains the default settings for Ansible, including the inventory file location, remote user, and module path.

    [defaults]
    inventory = /path/to/inventory
    remote_user = your_user
    host_key_checking = False
    
  2. [privilege_escalation] This section manages settings for privilege escalation, such as sudo.

    [privilege_escalation]
    become = True
    become_method = sudo
    become_user = root
    
  3. [ssh_connection] This section contains settings related to SSH connections.

    [ssh_connection]
    ssh_args = -o ControlMaster=auto -o ControlPersist=60s
    
  4. [paramiko_connection] This section configures settings specific to Paramiko, an alternative to SSH.

    [paramiko_connection]
    pipelining = True
    
  5. [inventory] This section deals with the configuration of the inventory.

    [inventory]
    enable_plugins = host_list, script, yaml, ini, auto
    
  6. [logging] This section manages Ansible’s logging settings.

    [logging]
    log_path = /var/log/ansible.log
    

Key Settings and Their Usage

  1. Inventory File: The inventory setting in the [defaults] section specifies the location of the inventory file.

    inventory = /path/to/inventory
    
  2. Remote User: The remote_user setting defines the user Ansible will use to connect to remote hosts.

    remote_user = ansible
    
  3. Host Key Checking: Disabling host key checking can be useful in development environments.

    host_key_checking = False
    
  4. Privilege Escalation: The become settings allow you to specify whether Ansible should use privilege escalation and the method to use.

    become = True
    become_method = sudo
    
  5. SSH Arguments: Custom SSH arguments can be set to control SSH behavior.

    ssh_args = -o ControlMaster=auto -o ControlPersist=60s
    
  6. Logging: Setting up a log file helps in debugging and auditing Ansible runs.

    log_path = /var/log/ansible.log
    

Best Practices for Using ansible.cfg

  1. Environment-Specific Configuration: Maintain different ansible.cfg files for different environments (development, testing, production) and use the ANSIBLE_CONFIG environment variable to switch between them.

  2. Version Control: Include your ansible.cfg file in version control to track changes and ensure consistency across different team members.

  3. Secure Privilege Escalation: Avoid hardcoding sensitive information in the ansible.cfg file. Use Ansible Vault or environment variables for sensitive data.

  4. Optimize SSH Connections: Use SSH pipelining and control persistence to improve performance and reduce connection overhead.

  5. Centralized Logging: Configure centralized logging to collect logs from all Ansible runs, which aids in troubleshooting and compliance.

  6. Modular Configuration: Split complex configurations into multiple files if needed, and include them as required to maintain clarity and manageability.

Conclusion

The ansible.cfg file is a powerful tool that allows you to tailor Ansible’s behavior to fit your specific needs. By understanding and leveraging the various sections and settings available, you can optimize your Ansible automation workflows, improve security, and ensure consistency across your IT environments. Following best practices in configuring and managing ansible.cfg will lead to more efficient and maintainable automation processes. For detailed information on each configuration option, refer to the official Ansible documentation.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and aws System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Patreon Buy me a Pizza