Simplifying Deployments with the Ansible Configuration File

While it is possible to specify multiple arguments when running ad-hoc commands or playbooks, a most convenient way is to create a custom configuration file to tell Ansible how it should behave when running such commands. This file is called the Ansible configuration file and can be found in three different locations after the installation:

  • The generic file in /etc/ansible/ansible.cfg.
  • The user specific file in the user’s home directory in ~/.ansible.cfg.
  • The ansible.cfg file in the project directory. This is the most common used path to place the ansible configuration file as it takes precedence over the other paths.

To find out which configuration file your Ansible is currently using, use the ansible –version command.

In the output above we can see that the path used is /etc/ansible/ansible.cfg

To have an idea about the settings defined in the Ansible configuration file, you can read the content of /etc/ansible/ansible.cfg. This file is generated while installing Ansible. You can use this file as your main configuration file or you may create you own customized one.

In the Ansible configuration, many settings can be defined. The most important are listed below:

Here are the explanation of these parameters:

  • inventory: which inventory file to use. This will avoid you to provide the -i argument and specifying the inventory file.
  • become: specifies if privilege escalation is used on managed hosts. Usually set to True.
  • become_user: specifies which user account to use on the remote host. Typically configured as root.
  • become_ask_pass: specifies whether or not a password should be asked for. Takes value of either True or False. If set to False, make sure your Ansible user can run sudo commands without having to provide the sudo password by modifying this corresponding settings in the sudoers file.
  • remote_user: name of the user account on the managed machine. If it is not set, the local user name will be used.

The Ansible configuration file is a great way to configure how Ansible will connect and run tasks on remote hosts. For example, by specifying the inventory path used in this file, you will not have to add the -i argument to provide the inventory file path while running Ansible commands, and by specifying the other become options, you will not have to pass the -b if you want to run admin tasks.

Ansible uses /etc/ansible/hosts as the default location for the inventory file. However, we will use the configuration file to tell Ansible to use our own inventory file located in /home/user/install/.

Add these lines to specify the path of the inventory file

Let’s run now some Ansible commands without specifying the inventory file.

Thanks to the configuration file, Ansible is aware of the inventory file location to use. But let’s go further and tell it how to run commands that need privileges.

Add the following lines to the configuration file:

After the file is saved. It should look like this:

Here is the inventory file we will use

We will test now some admin tasks

Let’s try restarting the firewalld service

While running the above, we had to pass the -K argument to provide the sudo password. Obviously, we can avoid this by changing the become_ask_pass to False and assigning the Ansible user the privilege to run commands without a password on the sudoers file through visudo.

The same command can now be run with no password provided.

The Ansible configuration is an essential brick while configuring your Ansible deployment, so make sure all your settings are there to ease your journey before starting to automate your tasks.

 

Find this post interesting. Share it!

2 Comments

  1. Pingback: Ansible for the Impatient Beginners – vAdmin-Land

  2. Pingback: Ansible Modules and Ad-hoc Commands – vAdmin-Land

Leave a Comment

Your email address will not be published. Required fields are marked *