Hope you are clear on the concept and installation of Ansible program. Lets configure our Ansible environment now.
See all parts of Automation with Ansible Guides here
Configuration file location and precedence
Ansible program is fully depends on the the ansible configuration file which can be stored in multiple locations depends on your project preference. You can store your ansible.cfg at below locations and see the preference order. (top item has the most priority)
- $ANSIBLE_CONFIG – Environment variable
- ./ansible.cfg – cfg file in current directory
- ~/.ansible.cfg – home directory
- /etc/ansible/ansible.cfg – default cfg
As you can see above, ansible will search for the $ANSIBLE_CONFIG variable and load that config if available. If not set, program will try to load config from current working directory, then from our home directory and if all those not available, ansible load config file from default location – /etc/ansible/ansible.cfg.
Here see a simple configuration file
[Defaults]
#inventory file location
inventory = ./inventory
#which user credential ansible has to use to connect to host
remote_user = someuser
#whether it should ask for "someuser" password"
ask_pass = false
You can see other important sections of configuration files.
[devops@ansible-box dep-install]$ grep '^[' /etc/ansible/ansible.cfg
[defaults]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
You can see the configuration file ansible has used during command execution (-v) or by checking the version.
[root@ansible-box ansible]# ansible --version
ansible 2.5.3
config file = /root/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Privilege Escalation
For some of the tasks in our plays, we might need privilege escalation. For example, installing a package, restarting a service etc. For this purpose we have a section called privilege_escalation in our ansible configuration file.
[privilege_escalation]
#enable privilege escalation
become = true
#set to use sudo for privilege escalation
become_method = sudo
#privilege escalation user
become_user = root
#enable prompting for the privilege escalation password
become_ask_pass = true
In above example, ansible will automatically escalate privilege to root by using sudo and also it will ask for sudo password for the user. You can turn this off by become_ask_pass = false settigns.
Let’s learn about Ansible Inventory in next part.
See all parts of Automation with Ansible Guides here