Skip to content

Hope you are clear on the concept and installation of Ansible program. Lets configure our Ansible environment now.

See all parts of  Automation with Ansible Guides here

Configuration file location and precedence

Ansible program is fully depends on the the ansible configuration file which can be stored in multiple locations depends on your project preference. You can store your ansible.cfg at below locations and see the preference order. (top item has the most priority)

  • $ANSIBLE_CONFIG – Environment variable
  • ./ansible.cfg – cfg file in current directory
  • ~/.ansible.cfg – home directory
  • /etc/ansible/ansible.cfg – default cfg

As you can see above, ansible will search for the $ANSIBLE_CONFIG variable and load that config if available. If not set, program will try to load config from current working directory, then from our home directory and if all those not available, ansible load config file from default location – /etc/ansible/ansible.cfg.

Here see a simple configuration file

[Defaults]
#inventory file location
inventory = ./inventory

#which user credential ansible has to use to connect to host
remote_user = someuser

#whether it should ask for "someuser" password"
ask_pass = false

You can see other important sections of configuration files.

[devops@ansible-box dep-install]$ grep '^[' /etc/ansible/ansible.cfg
[defaults]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]

You can see the configuration file ansible has used during command execution (-v) or by checking the version.

[root@ansible-box ansible]# ansible --version
ansible 2.5.3
  config file = /root/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

Privilege Escalation

For some of the tasks in our plays, we might need privilege escalation. For example, installing a package, restarting a service etc. For this purpose we have a section called privilege_escalation in our ansible configuration file.

[privilege_escalation]
#enable privilege escalation
become = true

#set to use sudo for privilege escalation
become_method = sudo

#privilege escalation user
become_user = root

#enable prompting for the privilege escalation password
become_ask_pass = true

In above example, ansible will automatically escalate privilege to root by using sudo and also it will ask for sudo password for the user. You can turn this off by become_ask_pass = false settigns.

Let’s learn about Ansible Inventory in next part.

See all parts of  Automation with Ansible Guides here

Disclaimer:

The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.

Avatar photo


https://www.linkedin.com/in/gineesh/ https://twitter.com/GiniGangadharan
Gineesh Madapparambath is the founder of techbeatly and he is the author of the book - ๐—”๐—ป๐˜€๐—ถ๐—ฏ๐—น๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐—ฅ๐—ฒ๐—ฎ๐—น-๐—Ÿ๐—ถ๐—ณ๐—ฒ ๐—”๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป. He has worked as a Systems Engineer, Automation Specialist, and content author. His primary focus is on Ansible Automation, Containerisation (OpenShift & Kubernetes), and Infrastructure as Code (Terraform). (aka Gini Gangadharan - iamgini.com)

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.