The ansible.cfg
file is a crucial component in the Ansible ecosystem, providing a centralized configuration point to customize the behavior of Ansible. This article explores the structure, key sections, and settings of the ansible.cfg
file, and provides best practices for its usage.
What is ansible.cfg?
The ansible.cfg
file is an INI-like configuration file used to define various settings and parameters that influence how Ansible operates. This file can be placed in different locations, with Ansible searching for it in the following order of precedence:
- ANSIBLE_CONFIG environment variable (if set)
ansible.cfg
file in the current working directory.ansible.cfg
file in the user’s home directory/etc/ansible/ansible.cfg
file (global configuration)
Each of these configuration files can override the settings specified in the others, with the highest precedence being given to the environment variable.
Structure of ansible.cfg
The ansible.cfg
file is divided into sections, each containing various parameters that can be customized. Here are some of the key sections and their important settings:
[defaults] This section contains the default settings for Ansible, including the inventory file location, remote user, and module path.
[defaults] inventory = /path/to/inventory remote_user = your_user host_key_checking = False
[privilege_escalation] This section manages settings for privilege escalation, such as
sudo
.[privilege_escalation] become = True become_method = sudo become_user = root
[ssh_connection] This section contains settings related to SSH connections.
[ssh_connection] ssh_args = -o ControlMaster=auto -o ControlPersist=60s
[paramiko_connection] This section configures settings specific to Paramiko, an alternative to SSH.
[paramiko_connection] pipelining = True
[inventory] This section deals with the configuration of the inventory.
[inventory] enable_plugins = host_list, script, yaml, ini, auto
[logging] This section manages Ansible’s logging settings.
[logging] log_path = /var/log/ansible.log
Key Settings and Their Usage
Inventory File: The
inventory
setting in the[defaults]
section specifies the location of the inventory file.inventory = /path/to/inventory
Remote User: The
remote_user
setting defines the user Ansible will use to connect to remote hosts.remote_user = ansible
Host Key Checking: Disabling host key checking can be useful in development environments.
host_key_checking = False
Privilege Escalation: The
become
settings allow you to specify whether Ansible should use privilege escalation and the method to use.become = True become_method = sudo
SSH Arguments: Custom SSH arguments can be set to control SSH behavior.
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
Logging: Setting up a log file helps in debugging and auditing Ansible runs.
log_path = /var/log/ansible.log
Best Practices for Using ansible.cfg
Environment-Specific Configuration: Maintain different
ansible.cfg
files for different environments (development, testing, production) and use the ANSIBLE_CONFIG environment variable to switch between them.Version Control: Include your
ansible.cfg
file in version control to track changes and ensure consistency across different team members.Secure Privilege Escalation: Avoid hardcoding sensitive information in the
ansible.cfg
file. Use Ansible Vault or environment variables for sensitive data.Optimize SSH Connections: Use SSH pipelining and control persistence to improve performance and reduce connection overhead.
Centralized Logging: Configure centralized logging to collect logs from all Ansible runs, which aids in troubleshooting and compliance.
Modular Configuration: Split complex configurations into multiple files if needed, and include them as required to maintain clarity and manageability.
Conclusion
The ansible.cfg
file is a powerful tool that allows you to tailor Ansible’s behavior to fit your specific needs. By understanding and leveraging the various sections and settings available, you can optimize your Ansible automation workflows, improve security, and ensure consistency across your IT environments. Following best practices in configuring and managing ansible.cfg
will lead to more efficient and maintainable automation processes. For detailed information on each configuration option, refer to the official Ansible documentation.
Academy
Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.
My book Ansible By Examples: 200+ Automation Examples For Linux and aws System Administrator and DevOps
Donate
Want to keep this project going? Please donate