Detailed profiles
Most of the configuration file is a comment line item default configuration. INI file follows the format, divided into several categories configured, the following will be introduced separately.
Until then, look at the location of configuration files, and how to get the configuration file templates from the official website.
Location profile
Ansible only one profile ansible.cfg. Profiles may exist in a plurality of positions, to find the first one in the following order effect:
- ANSIBLE_CONFIG (environment variable)
- ansible.cfg (current command execution directory)
- ~ / .Ansible.cfg (under the user's home directory)
- /etc/ansible/ansible.cfg
Only the first to find the configuration file to take effect. Further priority is higher than the environment variable profile, but also a a separately provided. Name of the variable corresponding to each configuration item, can be found in the following official documents:
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#common-options
There are command-line parameter to specify the way, this is a higher priority than the above configuration. But playbook settings specified a higher priority and will not be covered by the command-line parameters.
Get Configuration file templates
After Ansible installation, the default configuration file is generated in the / etc / ansible / directory. But if it is installed by a pip or source code, then you do not, need to be created manually. You can go to the official github next date:
$ mkdir /etc/ansible
$ cd /etc/ansible
$ wget https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg[defaults]
Define the general connection configuration classes:
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts # 定义Inventory,用于定义主机列表配置
#library = /usr/share/my_modules/ # 自定了lib库存放目录
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp # 临时文件远程主机存放目录
#local_tmp = ~/.ansible/tmp # 临时文件本地存放目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5 # 默认开启的并发数
#poll_interval = 15 # 默认轮询时间间隔
#sudo_user = root # 默认sudo用户
#ask_sudo_pass = True # 是否需要sudo密码
#ask_pass = True # 是否需要密码
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles # 默认下载的Roles存在的目录
# uncomment this to disable SSH key host checking
#host_key_checking = False # 首次连接是否需要检查key认证,建议放开注释设为False
# SSH timeout
#timeout = 10 # 默认超时时间
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log # 执行日志存放目录
# default module name for /usr/bin/ansible
#module_name = command # 默认执行模块
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action # 各类插件的存放目录
#become_plugins = /usr/share/ansible/plugins/become
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory # getfact 缓存的主机信息存放方式
# retry files
# When a playbook fails a .retry file can be created that will be placed in ~/
# You can enable this feature by setting retry_files_enabled to True
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry # 错误重启文件存放目录Most of these configurations above all keep the default. Only one host_key_checking = Falsecan let go of the comment.
[privilege_escalation]
For safety reasons, and sometimes do not want to directly deploy applications directly to root user, this time on the need to give ordinary users sudo permission, which is the main part of the configuration sudo user configuration for the right to mention:
[privilege_escalation]
#become=True # 是否sudo
#become_method=sudo # sudo方式
#become_user=root # sudo后变为root用户
#become_ask_pass=False # sodu后是否验证密码[paramiko_connection]
This function is not part of the common understanding under the:
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False # 不记录新主机的key以提升效率
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False # 禁用sudo功能[ssh_connection]
Ansible default ssh connection to the host, here is some configuration SSH connection:
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False # 管道加速功能,需配合requiretty使用方可生效This configuration options are not many, most, or keep the default.
[accelerate]
Ansible acceleration connection configuration:
[accelerate]
#accelerate_port = 5099 # 加速连接端口
#accelerate_timeout = 30 # 命令执行超时时间,单位秒
#accelerate_connect_timeout = 5.0 # 连接超时时间,单位秒
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30 # 上一个活动连接的时间,单位分数
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yesHere configuration items will be involved in providing Ansible connection speeds, or keep the default majority
[selinux]
selinux hardly used, or keep the default configuration:
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes[colors]
The output color setting. The original configuration has been very good, almost without modification, keep the default:
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyanInventory configuration in detail
Inventory management is Ansible host configuration file, the default location is / etc / ansible / hosts, this is defined at the beginning of ansible.cfg profile.
Also you can use the command line ansible -i parameter to specify the Inventory file to use.
Note: Use # to write a comment content.
Host and group definitions
Written in parentheses internal representation of the group name. Hostname can be an IP address can also be Hostname. The host name can appear more than once, which can be written in more than one group.
If the host uses a non-default SSH port, you can specify a colon SSH port number after the hostname.
Configuration example ::
# 配置示例
# 可以用IP地址
192.168.1.1
# 也可以使用Hostname
www.ansible.com
docs.ansible.com:2222
# 使用中括号表示一个分组的开始,主机与主机之间可以有空行不影响分组
[webservers]
web1.ansible.com
# 用[10:20]表示连续的数组,包括10和20
web[10:20].ansible.com
[dbservers]
db-a.ansible.com
# 也可以用中括号处理连续的字母
db-[b:f].ansible.comCustom Variables
For some non-standard configuration requirements, can be set in the Inventory configuration. Which can meet the requirements set for some personalization host.
Ansible support a variety of ways to modify or customize variables, Inventory is one of them modifications.
Define the host variables
when defining the host can define a host variable at the same time:
[webserverrs]
web1.ansible.com http_port=8000 # 自定义http_port的端口号为8000Defined set of variables
can be defined set of variables, and modify a set of hosts or custom variables:
[groupservers]
web1.ansible.com
web2.ansible.com
[groupservers:vars]
http_port=8000Groups the Default
Ansible also defined the two default groups:
- all: includes all hosts
- ungrouped: contains no group of all hosts
Nested groups
Inventory in the group may also contain other groups, it is nested. Nested in the name of a large group to add: children, members expressed nested group name instead of the host name:
[apache]
httpd1.ansible.com
httpd2.ansible.com
[nginx]
ngx1.ansible.com
ngx2.ansible.com
[webservers:children]
apache
nginx
[webservers:vars]
ntp_server=ntp1.aliyun.comAlso you can set the set of variables, the common set of variables and the same for nested groups.
Multiple variable definitions
In addition to the variables defined in the Inventory, Inventory can also be independent of the configuration file defines a file separately.
The following variables are provided a variety of ways, arranged in order of priority:
- command line values (eg “-u user”)
- role defaults
- inventory file or script group vars
- inventory group_vars/all
- playbook group_vars/all
- inventory group_vars/*
- playbook group_vars/*
- inventory file or script host vars
- inventory HOST_VARS / *
- playbook HOST_VARS / *
- host facts / cached set_facts
- play vars
- play vars_prompt
- play vars_files
- role vars (defined in role/vars/main.yml)
- block vars (only for tasks in block)
- task vars (only for the task)
- include_vars
- set_facts / registered vars
- role (and include_role) params
- include params
- extra vars (always win precedence)
More commonly used is the following four:
- Inventory Profiles
- Playbook region defined in vars
- Roles in vars file in the directory (roles / X / vars / main.yml)
- Group_vars files in the directory and hosts_vars
Vars profile defined separately, such as a host Foosball, and webservers belongs raleigh group, then the variable is defined in the following three valid host name or file name of the group defined:
- /etc/ansible/group_vars/raleigh
- /etc/ansible/group_vars/webservers
- /etc/ansible/host_vars/foosball
SSH connection parameters for
When Ansible Inventory SSH specified remote host based, also built parameters for the designated connection when the interactive mode, the following parameters are listed more common:
- ansible_ssh_host: Specifies the connection to the host
- ansible_ssh_port: Specifies the SSH connection port, the default 22
- ansible_ssh_user: connecting the user specify SSH
- ansible_ssh_pass: Specifies the SSH connection password
- ansible_ssh_private_key_file: Specify the private key file
Connection to use the connection plug, plug-in will use its own variables, such as the above these is. The following are a few common connection variables are plug-ins can be identified, the effect is the same.
The following three are connected with common variables:
- ansible_host
- ansible_port
- ansible_user
Here are three general, should be above specific overwritten on priority.
SSH plug-in which a total of variables, set the way these variables and the corresponding names, including the default values, environment variables, all of the corresponding variable names, you can check the official document:
https://docs.ansible.com/ansible/latest/plugins /connection/ssh.html#ssh-connection
All connections view, see here:
https://docs.ansible.com/ansible/latest/plugins/connection.html?highlight=ansible_ssh_host