はじめに
Ansible Advent Calendar 2017 、10日目の記事です。
ネタ枠です。
Ansibleのタスク出力に cowsay が使えることはよく知られていると思います。
__________________
< PLAY [localhost] >
------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
_________________________
< TASK [Gathering Facts] >
-------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
cowsayをインストールすると特に何を有効にするでもなくAnsibleのメッセージがcowsay化されてしまい、cowsayを使えると知らない人は パニック に陥ることがあるかもしれません。 ちなみに2年前の私です。
そんなAnsibleのcowsay出力なのですが、cowsayと並ぶおもしろコマンド、 echo-sd で出力をやらせてみることにしました。
ちなみにこの記事でやった方法はコアなソースコードを臆せず触っていく、いわゆる 脳筋プレイ です。
本来であれば以下の記事のように、 Callback Plugins の仕組みを使ってやるのがAnsibleのデザインに沿っています。
どこをいじるか
やりたいことは「 Ansibleがcowsayしているところを突き止め、echo-sdに差し替える 」ことです。
というわけなので、Ansibleコードを覗き見て、cowsayとの繋ぎ位置を突き止めてみます。
OSSなのでソースは 見放題 & 改造し放題 、すばらしいですね。
とりあえずリポジトリ内検索で素直に「cowsay」と検索してみましょう。
ヒットしたファイルは4つ。
- lib/ansible/utils/display.py
- docs/docsite/rst/faq.rst
- examples/ansible.cfg
- lib/ansible/config/base.yml
ほとんど見るまでもなさそうですね。
十中八九 display.py が犯人でしょう。
b_COW_PATHS = (
b"/usr/bin/cowsay",
b"/usr/games/cowsay",
b"/usr/local/bin/cowsay", # BSD path for cowsay
b"/opt/local/bin/cowsay", # MacPorts path for cowsay
)
こんなのが含まれているので犯人で間違いなさそうです。
OSごとで微妙にcowsayコマンドのパスが違うのを吸収するようになっているようです。すばらしい。
改造の準備
改造のため、ソースを取得してきます。コードベースには最新安定版の v2.4.2.0-1 を使います。
# Ansibleリポジトリをクローン
$ git clone https://github.com/ansible/ansible.git
$ cd ansible
$ git checkout v2.4.2.0-1
# 実行環境をセットアップ
$ source ./hacking/env-setup
$ ansible --version
ansible 2.4.2.0 (detached HEAD e3a8bf02ac) last updated 2017/12/10 02:06:21 (GMT +900)
config file = None
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /opt/ansible/lib/ansible
executable location = /opt/ansible/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
実行確認を行うPlaybookはこちら。
- hosts: localhost
user: ansible
tasks:
- name: Display message
debug:
msg: "突然の死"
これが通常時のメッセージです。
$ ansible-playbook -i hosts echo-sd.yml
PLAY [localhost] *********************************************************************************************
TASK [Gathering Facts] ***************************************************************************************
ok: [localhost]
TASK [Display message] ***************************************************************************************
ok: [localhost] => {
"msg": "突然の死"
}
PLAY RECAP ***************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0
どういじるか
非常に短絡的ですが、こんな感じでcowsayの代わりにecho-sdをぶち込んでみたらどうなるでしょうか。
b_COW_PATHS = (
b"/usr/local/bin/echo-sd", # echo-sdのパス
)
上手くいったら儲けもの、祈る気持ちでレッツトライ...!
$ ansible-playbook -i hosts echo-sd.yml
ok: [localhost]
ok: [localhost] => {
"msg": "echo-sd !!!"
}
localhost : ok=2 changed=0 unreachable=0 failed=0
$ echo-sd 何も出ない
_人人人人人人人_
> 何も出ない <
 ̄Y^Y^Y^Y^Y^Y^Y^ ̄
まぁ、上手くいかないこと自体は予想通りです。真面目にやりましょう。
完成版
先に完成版からです。結果的に2つのファイルをいじることになりました。解説は後で順を追ってしていくので、とりあえず折りたたんでおきます。
lib/ansible/utils/display.py
# (c) 2014, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import errno
import fcntl
import getpass
import locale
import logging
import os
import random
import subprocess
import sys
import textwrap
import time
from struct import unpack, pack
from termios import TIOCGWINSZ
from ansible import constants as C
from ansible.errors import AnsibleError
from ansible.module_utils._text import to_bytes, to_text
from ansible.utils.color import stringc
try:
# Python 2
input = raw_input
except NameError:
# Python 3, we already have raw_input
pass
logger = None
# TODO: make this a logging callback instead
if C.DEFAULT_LOG_PATH:
path = C.DEFAULT_LOG_PATH
if (os.path.exists(path) and os.access(path, os.W_OK)) or os.access(os.path.dirname(path), os.W_OK):
logging.basicConfig(filename=path, level=logging.DEBUG, format='%(asctime)s %(name)s %(message)s')
mypid = str(os.getpid())
user = getpass.getuser()
logger = logging.getLogger("p=%s u=%s | " % (mypid, user))
else:
print("[WARNING]: log file at %s is not writeable and we cannot create it, aborting\n" % path, file=sys.stderr)
b_ECHO_SD_PATHS = (
b"/usr/local/bin/echo-sd", # path for echo-sd
)
b_ECHO_SD_STYLES = (
b"vertical",
b"tanzaku",
b"default",
)
class Display:
def __init__(self, verbosity=0):
self.columns = None
self.verbosity = verbosity
# list of all deprecation messages to prevent duplicate display
self._deprecations = {}
self._warns = {}
self._errors = {}
self.b_echo_sd = None
self.nonsd = C.ANSIBLE_SD_SELECTION
self.set_echo_sd_info()
self._set_column_width()
def set_echo_sd_info(self):
if not C.ANSIBLE_NOSD:
for b_echo_sd_path in b_ECHO_SD_PATHS:
if os.path.exists(b_echo_sd_path):
self.b_echo_sd = b_echo_sd_path
def display(self, msg, color=None, stderr=False, screen_only=False, log_only=False):
""" Display a message to the user
Note: msg *must* be a unicode string to prevent UnicodeError tracebacks.
"""
nocolor = msg
if color:
msg = stringc(msg, color)
if not log_only:
if not msg.endswith(u'\n'):
msg2 = msg + u'\n'
else:
msg2 = msg
msg2 = to_bytes(msg2, encoding=self._output_encoding(stderr=stderr))
if sys.version_info >= (3,):
# Convert back to text string on python3
# We first convert to a byte string so that we get rid of
# characters that are invalid in the user's locale
msg2 = to_text(msg2, self._output_encoding(stderr=stderr), errors='replace')
if not stderr:
fileobj = sys.stdout
else:
fileobj = sys.stderr
fileobj.write(msg2)
try:
fileobj.flush()
except IOError as e:
# Ignore EPIPE in case fileobj has been prematurely closed, eg.
# when piping to "head -n1"
if e.errno != errno.EPIPE:
raise
if logger and not screen_only:
msg2 = nocolor.lstrip(u'\n')
msg2 = to_bytes(msg2)
if sys.version_info >= (3,):
# Convert back to text string on python3
# We first convert to a byte string so that we get rid of
# characters that are invalid in the user's locale
msg2 = to_text(msg2, self._output_encoding(stderr=stderr))
if color == C.COLOR_ERROR:
logger.error(msg2)
else:
logger.info(msg2)
def v(self, msg, host=None):
return self.verbose(msg, host=host, caplevel=0)
def vv(self, msg, host=None):
return self.verbose(msg, host=host, caplevel=1)
def vvv(self, msg, host=None):
return self.verbose(msg, host=host, caplevel=2)
def vvvv(self, msg, host=None):
return self.verbose(msg, host=host, caplevel=3)
def vvvvv(self, msg, host=None):
return self.verbose(msg, host=host, caplevel=4)
def vvvvvv(self, msg, host=None):
return self.verbose(msg, host=host, caplevel=5)
def debug(self, msg):
if C.DEFAULT_DEBUG:
self.display("%6d %0.5f: %s" % (os.getpid(), time.time(), msg), color=C.COLOR_DEBUG)
def verbose(self, msg, host=None, caplevel=2):
if self.verbosity > caplevel:
if host is None:
self.display(msg, color=C.COLOR_VERBOSE)
else:
self.display("<%s> %s" % (host, msg), color=C.COLOR_VERBOSE, screen_only=True)
def deprecated(self, msg, version=None, removed=False):
''' used to print out a deprecation message.'''
if not removed and not C.DEPRECATION_WARNINGS:
return
if not removed:
if version:
new_msg = "[DEPRECATION WARNING]: %s. This feature will be removed in version %s." % (msg, version)
else:
new_msg = "[DEPRECATION WARNING]: %s. This feature will be removed in a future release." % (msg)
new_msg = new_msg + " Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.\n\n"
else:
raise AnsibleError("[DEPRECATED]: %s.\nPlease update your playbooks." % msg)
wrapped = textwrap.wrap(new_msg, self.columns, drop_whitespace=False)
new_msg = "\n".join(wrapped) + "\n"
if new_msg not in self._deprecations:
self.display(new_msg.strip(), color=C.COLOR_DEPRECATE, stderr=True)
self._deprecations[new_msg] = 1
def warning(self, msg, formatted=False):
if not formatted:
new_msg = "\n[WARNING]: %s" % msg
wrapped = textwrap.wrap(new_msg, self.columns)
new_msg = "\n".join(wrapped) + "\n"
else:
new_msg = "\n[WARNING]: \n%s" % msg
if new_msg not in self._warns:
self.display(new_msg, color=C.COLOR_WARN, stderr=True)
self._warns[new_msg] = 1
def system_warning(self, msg):
if C.SYSTEM_WARNINGS:
self.warning(msg)
def banner(self, msg, color=None, sd=True):
'''
Prints a header-looking line with echo-sd or stars wit hlength depending on terminal width (3 minimum)
'''
if self.b_echo_sd and sd:
try:
self.banner_echo_sd(msg)
return
except OSError:
self.warning("somebody cleverly deleted echo-sd or something during the PB run. heh.")
msg = msg.strip()
star_len = self.columns - len(msg)
if star_len <= 3:
star_len = 3
stars = u"*" * star_len
self.display(u"\n%s %s" % (msg, stars), color=color)
def banner_echo_sd(self, msg, color=None):
if u": [" in msg:
msg = msg.replace(u"[", u"")
if msg.endswith(u"]"):
msg = msg[:-1]
runcmd = [self.b_echo_sd]
if self.nonsd:
thesd = self.nonsd
if thesd == 'random':
thesd = random.choice(list(b_ECHO_SD_STYLES))
if thesd != 'default':
runcmd.append(to_bytes("--" + thesd))
msg = msg.replace(u"[", u"")
msg = msg.replace(u"]", u"")
runcmd.append(to_bytes(msg))
cmd = subprocess.Popen(runcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = cmd.communicate()
print()
self.display(u"%s\n" % to_text(out), color=color)
def error(self, msg, wrap_text=True):
if wrap_text:
new_msg = u"\n[ERROR]: %s" % msg
wrapped = textwrap.wrap(new_msg, self.columns)
new_msg = u"\n".join(wrapped) + u"\n"
else:
new_msg = u"ERROR! %s" % msg
if new_msg not in self._errors:
self.display(new_msg, color=C.COLOR_ERROR, stderr=True)
self._errors[new_msg] = 1
@staticmethod
def prompt(msg, private=False):
prompt_string = to_bytes(msg, encoding=Display._output_encoding())
if sys.version_info >= (3,):
# Convert back into text on python3. We do this double conversion
# to get rid of characters that are illegal in the user's locale
prompt_string = to_text(prompt_string)
if private:
return getpass.getpass(prompt_string)
else:
return input(prompt_string)
def do_var_prompt(self, varname, private=True, prompt=None, encrypt=None, confirm=False, salt_size=None, salt=None, default=None):
result = None
if sys.__stdin__.isatty():
do_prompt = self.prompt
if prompt and default is not None:
msg = "%s [%s]: " % (prompt, default)
elif prompt:
msg = "%s: " % prompt
else:
msg = 'input for %s: ' % varname
if confirm:
while True:
result = do_prompt(msg, private)
second = do_prompt("confirm " + msg, private)
if result == second:
break
self.display("***** VALUES ENTERED DO NOT MATCH ****")
else:
result = do_prompt(msg, private)
else:
result = None
self.warning("Not prompting as we are not in interactive mode")
# if result is false and default is not None
if not result and default is not None:
result = default
if encrypt:
# Circular import because encrypt needs a display class
from ansible.utils.encrypt import do_encrypt
result = do_encrypt(result, encrypt, salt_size, salt)
# handle utf-8 chars
result = to_text(result, errors='surrogate_or_strict')
return result
@staticmethod
def _output_encoding(stderr=False):
encoding = locale.getpreferredencoding()
# https://bugs.python.org/issue6202
# Python2 hardcodes an obsolete value on Mac. Use MacOSX defaults
# instead.
if encoding in ('mac-roman',):
encoding = 'utf-8'
return encoding
def _set_column_width(self):
if os.isatty(0):
tty_size = unpack('HHHH', fcntl.ioctl(0, TIOCGWINSZ, pack('HHHH', 0, 0, 0, 0)))[1]
else:
tty_size = 0
self.columns = max(79, tty_size - 1)
lib/ansible/config/base.yml
# Copyright (c) 2017 Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
---
ACCELERATE_CONNECT_TIMEOUT:
default: 1.0
description:
- "This setting controls the timeout for the socket connect call, and should be kept relatively low.
The connection to the accelerate_port will be attempted 3 times before Ansible will fall back to ssh or paramiko
(depending on your default connection setting) to try and start the accelerate daemon remotely."
- "Note, this value can be set to less than one second, however it is probably not a good idea to do so
unless you are on a very fast and reliable LAN. If you are connecting to systems over the internet, it may be necessary to increase this timeout."
env: [{name: ACCELERATE_CONNECT_TIMEOUT }]
ini:
- {key: accelerate_connect_timeout, section: accelerate}
type: float
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
version_added: "1.4"
ACCELERATE_DAEMON_TIMEOUT:
default: 30
description:
- This setting controls the timeout for the accelerated daemon, as measured in minutes. The default daemon timeout is 30 minutes.
- "Prior to 1.6, the timeout was hard-coded from the time of the daemon's launch."
- For version 1.6+, the timeout is now based on the last activity to the daemon and is configurable via this option.
env: [{name: ACCELERATE_DAEMON_TIMEOUT}]
ini:
- {key: accelerate_daemon_timeout, section: accelerate}
type: integer
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
version_added: "1.6"
ACCELERATE_KEYS_DIR:
default: ~/.fireball.keys
description: ''
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
env: [{name: ACCELERATE_KEYS_DIR}]
ini:
- {key: accelerate_keys_dir, section: accelerate}
ACCELERATE_KEYS_DIR_PERMS:
default: '700'
description: 'TODO: write it'
env: [{name: ACCELERATE_KEYS_DIR_PERMS}]
ini:
- {key: accelerate_keys_dir_perms, section: accelerate}
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
ACCELERATE_KEYS_FILE_PERMS:
default: '600'
description: 'TODO: write it'
env: [{name: ACCELERATE_KEYS_FILE_PERMS}]
ini:
- {key: accelerate_keys_file_perms, section: accelerate}
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
ACCELERATE_MULTI_KEY:
default: False
description: 'TODO: write it'
env: [{name: ACCELERATE_MULTI_KEY}]
ini:
- {key: accelerate_multi_key, section: accelerate}
type: boolean
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
ACCELERATE_PORT:
default: 5099
description: 'TODO: write it'
env: [{name: ACCELERATE_PORT}]
ini:
- {key: accelerate_port, section: accelerate}
type: integer
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
ACCELERATE_TIMEOUT:
default: 30
description: 'TODO: write it'
env: [{name: ACCELERATE_TIMEOUT}]
ini:
- {key: accelerate_timeout, section: accelerate}
type: integer
deprecated:
why: Removing accelerate as a connection method, settings not needed either.
version: "2.5"
alternatives: ssh and paramiko
ALLOW_WORLD_READABLE_TMPFILES:
name: Allow world readable temporary files
default: False
description:
- This makes the temporary files created on the machine to be world readable and will issue a warning instead of failing the task.
- It is useful when becoming an unprivileged user.
env: []
ini:
- {key: allow_world_readable_tmpfiles, section: defaults}
type: boolean
yaml: {key: defaults.allow_world_readable_tmpfiles}
version_added: "2.1"
ANSIBLE_SD_SELECTION:
name: echo-sd style selection
default: default
description: This allows you to chose a specific echo-sd style for the banners or use 'random' to cycle through them.
env: [{name: ANSIBLE_SD_SELECTION}]
ini:
- {key: sd_selection, section: defaults}
ANSIBLE_FORCE_COLOR:
name: Force color output
default: False
description: This options forces color mode even when running without a TTY or the "nocolor" setting is True.
env: [{name: ANSIBLE_FORCE_COLOR}]
ini:
- {key: force_color, section: defaults}
type: boolean
yaml: {key: display.force_color}
ANSIBLE_NOCOLOR:
name: Suppress color output
default: False
description: This setting allows suppressing colorizing output, which is used to give a better indication of failure and status information.
env: [{name: ANSIBLE_NOCOLOR}]
ini:
- {key: nocolor, section: defaults}
type: boolean
yaml: {key: display.nocolor}
ANSIBLE_NOSD:
name: Suppress echo-sd output
default: False
description: If you have echo-sd installed but want to avoid the 'echo-sd' (why????), use this.
env: [{name: ANSIBLE_NOSD}]
ini:
- {key: nosd, section: defaults}
type: boolean
yaml: {key: display.i_am_no_fun}
ANSIBLE_PIPELINING:
name: Connection pipelining
default: False
description:
- Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server,
by executing many Ansible modules without actual file transfer.
- This can result in a very significant performance improvement when enabled.
- "However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first
disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default."
env:
- name: ANSIBLE_PIPELINING
- name: ANSIBLE_SSH_PIPELINING
ini:
- section: connection
key: pipelining
- section: ssh_connection
key: pipelining
type: boolean
yaml: {key: plugins.connection.pipelining}
ANSIBLE_SSH_ARGS:
# TODO: move to ssh plugin
default: -C -o ControlMaster=auto -o ControlPersist=60s
description:
- If set, this will override the Ansible default ssh arguments.
- In particular, users may wish to raise the ControlPersist time to encourage performance. A value of 30 minutes may be appropriate.
- Be aware that if `-o ControlPath` is set in ssh_args, the control path setting is not used.
env: [{name: ANSIBLE_SSH_ARGS}]
ini:
- {key: ssh_args, section: ssh_connection}
yaml: {key: ssh_connection.ssh_args}
ANSIBLE_SSH_CONTROL_PATH:
# TODO: move to ssh plugin
default: null
description:
- This is the location to save ssh's ControlPath sockets, it uses ssh's variable substitution.
- Since 2.3, if null, ansible will generate a unique hash. Use `%(directory)s` to indicate where to use the control dir path setting.
- Before 2.3 it defaulted to `control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r`.
- Be aware that this setting is ignored if `-o ControlPath` is set in ssh args.
env: [{name: ANSIBLE_SSH_CONTROL_PATH}]
ini:
- {key: control_path, section: ssh_connection}
yaml: {key: ssh_connection.control_path}
ANSIBLE_SSH_CONTROL_PATH_DIR:
# TODO: move to ssh plugin
default: ~/.ansible/cp
description:
- This sets the directory to use for ssh control path if the control path setting is null.
- Also, provides the `%(directory)s` variable for the control path setting.
env: [{name: ANSIBLE_SSH_CONTROL_PATH_DIR}]
ini:
- {key: control_path_dir, section: ssh_connection}
yaml: {key: ssh_connection.control_path_dir}
ANSIBLE_SSH_EXECUTABLE:
# TODO: move to ssh plugin
default: ssh
description:
- This defines the location of the ssh binary. It defaults to `ssh` which will use the first ssh binary available in $PATH.
- This option is usually not required, it might be useful when access to system ssh is restricted,
or when using ssh wrappers to connect to remote hosts.
env: [{name: ANSIBLE_SSH_EXECUTABLE}]
ini:
- {key: ssh_executable, section: ssh_connection}
yaml: {key: ssh_connection.ssh_executable}
version_added: "2.2"
ANSIBLE_SSH_RETRIES:
# TODO: move to ssh plugin
default: 0
description: Number of attempts to establish a connection before we give up and report the host as 'UNREACHABLE'
env: [{name: ANSIBLE_SSH_RETRIES}]
ini:
- {key: retries, section: ssh_connection}
type: integer
yaml: {key: ssh_connection.retries}
ANY_ERRORS_FATAL:
name: Make Task failures fatal
default: False
description: Sets the default value for the any_errors_fatal keyword, if True, Task failures will be considered fatal errors.
env:
- name: ANSIBLE_ANY_ERRORS_FATAL
ini:
- section: defaults
key: any_errors_fatal
type: boolean
yaml: {key: errors.any_task_errors_fatal}
version_added: "2.4"
BECOME_ALLOW_SAME_USER:
name: Allow becomming the same user
default: False
description: This setting controls if become is skipped when remote user and become user are the same. I.E root sudo to root.
env: [{name: ANSIBLE_BECOME_ALLOW_SAME_USER}]
ini:
- {key: become_allow_same_user, section: privilege_escalation}
type: boolean
yaml: {key: privilege_escalation.become_allow_same_user}
CACHE_PLUGIN:
name: Persistent Cache plugin
default: memory
description: Chooses which cache plugin to use, the default 'memory' is ephimeral.
env: [{name: ANSIBLE_CACHE_PLUGIN}]
ini:
- {key: fact_caching, section: defaults}
yaml: {key: facts.cache.plugin}
CACHE_PLUGIN_CONNECTION:
name: Cache Plugin URI
default: ~
description: Defines connection or path information for the cache plugin
env: [{name: ANSIBLE_CACHE_PLUGIN_CONNECTION}]
ini:
- {key: fact_caching_connection, section: defaults}
yaml: {key: facts.cache.uri}
CACHE_PLUGIN_PREFIX:
name: Cache Plugin table prefix
default: ansible_facts
description: Prefix to use for cache plugin files/tables
env: [{name: ANSIBLE_CACHE_PLUGIN_PREFIX}]
ini:
- {key: fact_caching_prefix, section: defaults}
yaml: {key: facts.cache.prefix}
CACHE_PLUGIN_TIMEOUT:
name: Cache Plugin expiration timeout
default: 86400
description: Expiration timeout for the cache plugin data
env: [{name: ANSIBLE_CACHE_PLUGIN_TIMEOUT}]
ini:
- {key: fact_caching_timeout, section: defaults}
type: integer
yaml: {key: facts.cache.timeout}
COLOR_CHANGED:
name: Color for 'changed' task status
default: yellow
description: Defines the color to use on 'Changed' task status
env: [{name: ANSIBLE_COLOR_CHANGED}]
ini:
- {key: changed, section: colors}
yaml: {key: display.colors.changed}
COLOR_DEBUG:
name: Color for debug statements
default: dark gray
description: Defines the color to use when emitting debug messages
env: [{name: ANSIBLE_COLOR_DEBUG}]
ini:
- {key: debug, section: colors}
yaml: {key: display.colors.debug}
COLOR_DEPRECATE:
name: Color for deprecation messages
default: purple
description: Defines the color to use when emitting deprecation messages
env: [{name: ANSIBLE_COLOR_DEPRECATE}]
ini:
- {key: deprecate, section: colors}
yaml: {key: display.colors.deprecate}
COLOR_DIFF_ADD:
name: Color for diff added display
default: green
description: Defines the color to use when showing added lines in diffs
env: [{name: ANSIBLE_COLOR_DIFF_ADD}]
ini:
- {key: diff_add, section: colors}
yaml: {key: display.colors.diff.add}
COLOR_DIFF_LINES:
name: Color for diff lines display
default: cyan
description: Defines the color to use when showing diffs
env: [{name: ANSIBLE_COLOR_DIFF_LINES}]
ini:
- {key: diff_lines, section: colors}
COLOR_DIFF_REMOVE:
name: Color for diff removed display
default: red
description: Defines the color to use when showing removed lines in diffs
env: [{name: ANSIBLE_COLOR_DIFF_REMOVE}]
ini:
- {key: diff_remove, section: colors}
COLOR_ERROR:
name: Color for error messages
default: red
description: Defines the color to use when emitting error messages
env: [{name: ANSIBLE_COLOR_ERROR}]
ini:
- {key: error, section: colors}
yaml: {key: colors.error}
COLOR_HIGHLIGHT:
name: Color for highlighting
default: white
description: Color used for highlights
env: [{name: ANSIBLE_COLOR_HIGHLIGHT}]
ini:
- {key: highlight, section: colors}
COLOR_OK:
name: Color for 'ok' task status
default: green
description: Defines the color to use when showing 'OK' task status
env: [{name: ANSIBLE_COLOR_OK}]
ini:
- {key: ok, section: colors}
COLOR_SKIP:
name: Color for 'skip' task status
default: cyan
description: Defines the color to use when showing 'Skipped' task status
env: [{name: ANSIBLE_COLOR_SKIP}]
ini:
- {key: skip, section: colors}
COLOR_UNREACHABLE:
name: Color for 'unreachable' host state
default: bright red
description: Defines the color to use on 'Unreachable' status
env: [{name: ANSIBLE_COLOR_UNREACHABLE}]
ini:
- {key: unreachable, section: colors}
COLOR_VERBOSE:
name: Color for verbose messages
default: blue
description: Defines the color to use when emitting verbose messages. i.e those that show with '-v's.
env: [{name: ANSIBLE_COLOR_VERBOSE}]
ini:
- {key: verbose, section: colors}
COLOR_WARN:
name: Color for warning messages
default: bright purple
description: Defines the color to use when emitting warning messages
env: [{name: ANSIBLE_COLOR_WARN}]
ini:
- {key: warn, section: colors}
COMMAND_WARNINGS:
name: Command module warnings
default: True
description:
- By default Ansible will issue a warning when the shell or command module is used and the command appears to be similar to an existing Ansible module.
- These warnings can be silenced by adjusting this setting to False. You can also control this at the task level with the module optoin ``warn``.
env: [{name: ANSIBLE_COMMAND_WARNINGS}]
ini:
- {key: command_warnings, section: defaults}
type: boolean
version_added: "1.8"
DEFAULT_ACTION_PLUGIN_PATH:
name: Action plugins path
default: ~/.ansible/plugins/action:/usr/share/ansible/plugins/action
description: Colon separated paths in which Ansible will search for Action Plugins.
env: [{name: ANSIBLE_ACTION_PLUGINS}]
ini:
- {key: action_plugins, section: defaults}
type: pathspec
yaml: {key: plugins.action.path}
DEFAULT_ALLOW_UNSAFE_LOOKUPS:
name: Allow unsafe lookups
default: False
description:
- "When enabled, this option allows lookup plugins (whether used in variables as ``{{lookup('foo')}}`` or as a loop as with_foo)
to return data that is not marked 'unsafe'."
- By default, such data is marked as unsafe to prevent the templating engine from evaluating any jinja2 templating language,
as this could represent a security risk. This option is provided to allow for backwards-compatibility,
however users should first consider adding allow_unsafe=True to any lookups which may be expected to contain data which may be run
through the templating engine late
env: []
ini:
- {key: allow_unsafe_lookups, section: defaults}
type: boolean
version_added: "2.2.3"
DEFAULT_ASK_PASS:
name: Ask for the login password
default: False
description:
- This controls whether an Ansible playbook should prompt for a login password.
If using SSH keys for authentication, you probably do not needed to change this setting.
env: [{name: ANSIBLE_ASK_PASS}]
ini:
- {key: ask_pass, section: defaults}
type: boolean
yaml: {key: defaults.ask_pass}
DEFAULT_ASK_SUDO_PASS:
name: Ask for the sudo password
default: False
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description:
- This controls whether an Ansible playbook should prompt for a sudo password.
env: [{name: ANSIBLE_ASK_SUDO_PASS}]
ini:
- {key: ask_sudo_pass, section: defaults}
type: boolean
DEFAULT_ASK_SU_PASS:
name: Ask for the su password
default: False
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description:
- This controls whether an Ansible playbook should prompt for a su password.
env: [{name: ANSIBLE_ASK_SU_PASS}]
ini:
- {key: ask_su_pass, section: defaults}
type: boolean
DEFAULT_ASK_VAULT_PASS:
name: Ask for the vault password(s)
default: False
description:
- This controls whether an Ansible playbook should prompt for a vault password.
env: [{name: ANSIBLE_ASK_VAULT_PASS}]
ini:
- {key: ask_vault_pass, section: defaults}
type: boolean
DEFAULT_BECOME:
name: Enable privilege escalation (become)
default: False
description: Toggles the use of privilege escalation, allowing you to 'become' another user after login.
env: [{name: ANSIBLE_BECOME}]
ini:
- {key: become, section: privilege_escalation}
type: boolean
DEFAULT_BECOME_ASK_PASS:
name: Ask for the privelege escalation (become) password
default: False
description: Toggle to prompt for privilege escalation password.
env: [{name: ANSIBLE_BECOME_ASK_PASS}]
ini:
- {key: become_ask_pass, section: privilege_escalation}
type: boolean
DEFAULT_BECOME_METHOD:
name: Choose privilege escalation method
default: 'sudo'
description: Privilege escalation method to use when `become` is enabled.
env: [{name: ANSIBLE_BECOME_METHOD}]
ini:
- {section: privilege_escalation, key: become_method}
DEFAULT_BECOME_EXE:
name: Choose 'become' executable
default: ~
description: 'executable to use for privilege escalation, otherwise Ansible will depend on PATH'
env: [{name: ANSIBLE_BECOME_EXE}]
ini:
- {key: become_exe, section: privilege_escalation}
DEFAULT_BECOME_FLAGS:
name: Set 'become' executable options
default: ''
description: Flags to pass to the privilege escalation executable.
env: [{name: ANSIBLE_BECOME_FLAGS}]
ini:
- {key: become_flags, section: privilege_escalation}
DEFAULT_BECOME_USER:
# FIXME: should really be blank and make -u passing optional depending on it
name: Set the user you 'become' via privlege escalation
default: root
description: The user your login/remote user 'becomes' when using privilege escalation, most systems will use 'root' when no user is specified.
env: [{name: ANSIBLE_BECOME_USER}]
ini:
- {key: become_user, section: privilege_escalation}
yaml: {key: become.user}
DEFAULT_CACHE_PLUGIN_PATH:
name: Cache Plugins Path
default: ~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache
description: Colon separated paths in which Ansible will search for Cache Plugins.
env: [{name: ANSIBLE_CACHE_PLUGINS}]
ini:
- {key: cache_plugins, section: defaults}
type: pathspec
DEFAULT_CALLABLE_WHITELIST:
name: Template 'callable' whitelist
default: []
description: Whitelist of callable methods to be made available to template evaluation
env: [{name: ANSIBLE_CALLABLE_WHITELIST}]
ini:
- {key: callable_whitelist, section: defaults}
type: list
DEFAULT_CALLBACK_PLUGIN_PATH:
name: Callback Plugins Path
default: ~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback
description: Colon separated paths in which Ansible will search for Callback Plugins.
env: [{name: ANSIBLE_CALLBACK_PLUGINS}]
ini:
- {key: callback_plugins, section: defaults}
type: pathspec
yaml: {key: plugins.callback.path}
DEFAULT_CALLBACK_WHITELIST:
name: Callback Whitelist
default: []
description:
- "List of whitelisted callbacks, not all callbacks need whitelisting,
but many of those shipped with Ansible do as we don't want them activated by default."
env: [{name: ANSIBLE_CALLBACK_WHITELIST}]
ini:
- {key: callback_whitelist, section: defaults}
type: list
yaml: {key: plugins.callback.whitelist}
DEFAULT_CONNECTION_PLUGIN_PATH:
name: Connection Plugins Path
default: ~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection
description: Colon separated paths in which Ansible will search for Connection Plugins.
env: [{name: ANSIBLE_CONNECTION_PLUGINS}]
ini:
- {key: connection_plugins, section: defaults}
type: pathspec
yaml: {key: plugins.connection.path}
DEFAULT_DEBUG:
name: Debug mode
default: False
description: Toggles debug output in Ansible, VERY verbose and can hinder multiprocessing.
env: [{name: ANSIBLE_DEBUG}]
ini:
- {key: debug, section: defaults}
type: boolean
DEFAULT_EXECUTABLE:
name: Target shell executable
default: /bin/sh
description:
- "This indicates the command to use to spawn a shell under for Ansible's execution needs on a target.
Users may need to change this in rare instances when shell usage is constrained, but in most cases it may be left as is."
env: [{name: ANSIBLE_EXECUTABLE}]
ini:
- {key: executable, section: defaults}
DEFAULT_FACT_PATH:
name: local fact path
default: ~
description:
- "This option allows you to globally configure a custom path for 'local_facts' for the implied M(setup) task when using fact gathering."
- "If not set, it will fallback to the default from the M(setup) module: ``/etc/ansible/facts.d``."
- "This does **not** affect user defined tasks that use the M(setup) module."
env: [{name: ANSIBLE_FACT_PATH}]
ini:
- {key: fact_path, section: defaults}
type: path
yaml: {key: facts.gathering.fact_path}
DEFAULT_FILTER_PLUGIN_PATH:
name: Jinja2 Filter Plugins Path
default: ~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter
description: Colon separated paths in which Ansible will search for Jinja2 Filter Plugins.
env: [{name: ANSIBLE_FILTER_PLUGINS}]
ini:
- {key: filter_plugins, section: defaults}
type: pathspec
DEFAULT_FORCE_HANDLERS:
name: Force handlers to run after failure
default: False
description:
- This option controls if notified handlers run on a host even if a failure occurs on that host.
- When false, the handlers will not run if a failure has occurred on a host.
- This can also be set per play or on the command line. See Handlers and Failure for more details.
env: [{name: ANSIBLE_FORCE_HANDLERS}]
ini:
- {key: force_handlers, section: defaults}
type: boolean
version_added: "1.9.1"
DEFAULT_FORKS:
name: Number of task forks
default: 5
description: Maximum number of forks Ansible will use to execute tasks on target hosts.
env: [{name: ANSIBLE_FORKS}]
ini:
- {key: forks, section: defaults}
type: integer
DEFAULT_GATHERING:
name: Gathering behaviour
default: 'implicit'
description:
- This setting controls the default policy of fact gathering (facts discovered about remote systems).
- "When 'implicit' (the default), the cache plugin will be ignored and facts will be gathered per play unless 'gather_facts: False' is set."
- "When 'explicit' the inverse is true, facts will not be gathered unless directly requested in the play."
- "The 'smart' value means each new host that has no facts discovered will be scanned,
but if the same host is addressed in multiple plays it will not be contacted again in the playbook run."
- "This option can be useful for those wishing to save fact gathering time. Both 'smart' and 'explicit' will use the cache plugin."
env: [{name: ANSIBLE_GATHERING}]
ini:
- key: gathering
section: defaults
version_added: "1.6"
choices: ['smart', 'explicit', 'implicit']
DEFAULT_GATHER_SUBSET:
name: Gather facts subset
default: 'all'
description:
- Set the `gather_subset` option for the M(setup) task in the implicit fact gathering.
See the module documentation for specifics.
- "It does **not** apply to user defined M(setup) tasks."
env: [{name: ANSIBLE_GATHER_SUBSET}]
ini:
- key: gather_subset
section: defaults
version_added: "2.1"
DEFAULT_GATHER_TIMEOUT:
name: Gather facts timeout
default: 10
description:
- Set the timeout in seconds for the implicit fact gathering.
- "It does **not** apply to user defined M(setup) tasks."
env: [{name: ANSIBLE_GATHER_TIMEOUT}]
ini:
- {key: gather_timeout, section: defaults}
type: integer
yaml: {key: defaults.gather_timeout}
DEFAULT_HANDLER_INCLUDES_STATIC:
name: Make handler M(include) static
default: False
description:
- "Since 2.0 M(include) can be 'dynamic', this setting (if True) forces that if the include appears in a ``handlers`` section to be 'static'."
env: [{name: ANSIBLE_HANDLER_INCLUDES_STATIC}]
ini:
- {key: handler_includes_static, section: defaults}
type: boolean
deprecated:
why: include itself is deprecated and this setting will not matter in the future
version: "2.8"
alternatives: none as its already built into the decision between include_tasks and import_tasks
DEFAULT_HASH_BEHAVIOUR:
name: Hash merge behaviour
default: replace
type: string
choices: ["replace", "merge"]
description:
- This setting controls how variables merge in Ansible.
By default Ansible will override variables in specific precedence orders, as described in Variables.
When a variable of higher precedence wins, it will replace the other value.
- "Some users prefer that variables that are hashes (aka 'dictionaries' in Python terms) are merged.
This setting is called 'merge'. This is not the default behavior and it does not affect variables whose values are scalars
(integers, strings) or arrays. We generally recommend not using this setting unless you think you have an absolute need for it,
and playbooks in the official examples repos do not use this setting"
- In version 2.0 a ``combine`` filter was added to allow doing this for a particular variable (described in Filters).
env: [{name: ANSIBLE_HASH_BEHAVIOUR}]
ini:
- {key: hash_behaviour, section: defaults}
DEFAULT_HOST_LIST:
name: Inventory Source
default: /etc/ansible/hosts
description: Colon separated list of Ansible inventory sources
env:
- name: ANSIBLE_HOSTS
deprecated:
why: The variable is misleading as it can be a list of hosts and/or paths to inventory sources
version: "2.8"
alternatives: ANSIBLE_INVENTORY
- name: ANSIBLE_INVENTORY
expand_relative_paths: True
ini:
- key: hostfile
section: defaults
deprecated:
why: The key is misleading as it can also be a list of hosts, a directory or a list of paths
version: "2.8"
alternatives: "[defaults]\ninventory=/path/to/file|dir"
- key: inventory
section: defaults
type: pathlist
yaml: {key: defaults.inventory}
DEFAULT_INTERNAL_POLL_INTERVAL:
name: Internal poll interval
default: 0.001
env: []
ini:
- {key: internal_poll_interval, section: defaults}
type: float
version_added: "2.2"
description:
- This sets the interval (in seconds) of Ansible internal processes polling each other.
Lower values improve performance with large playbooks at the expense of extra CPU load.
Higher values are more suitable for Ansible usage in automation scenarios,
when UI responsiveness is not required but CPU usage might be a concern.
- "The default corresponds to the value hardcoded in Ansible <= 2.1"
DEFAULT_INVENTORY_PLUGIN_PATH:
name: Inventory Plugins Path
default: ~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory
description: Colon separated paths in which Ansible will search for Inventory Plugins.
env: [{name: ANSIBLE_INVENTORY_PLUGINS}]
ini:
- {key: inventory_plugins, section: defaults}
type: pathspec
DEFAULT_JINJA2_EXTENSIONS:
name: Enabled Jinja2 extensions
default: []
description:
- This is a developer-specific feature that allows enabling additional Jinja2 extensions.
- "See the Jinja2 documentation for details. If you do not know what these do, you probably don't need to change this setting :)"
env: [{name: ANSIBLE_JINJA2_EXTENSIONS}]
ini:
- {key: jinja2_extensions, section: defaults}
DEFAULT_KEEP_REMOTE_FILES:
name: Keep remote files
default: False
description: Enables/disables the cleaning up of the temporary files Ansible used to execute the tasks on the remote.
env: [{name: ANSIBLE_KEEP_REMOTE_FILES}]
ini:
- {key: keep_remote_files, section: defaults}
type: boolean
DEFAULT_LIBVIRT_LXC_NOSECLABEL:
# TODO: move to plugin
name: No security label on Lxc
default: False
description:
- "This setting causes libvirt to connect to lxc containers by passing --noseclabel to virsh.
This is necessary when running on systems which do not have SELinux."
env: [{name: LIBVIRT_LXC_NOSECLABEL}]
ini:
- {key: libvirt_lxc_noseclabel, section: selinux}
type: boolean
version_added: "2.1"
DEFAULT_LOAD_CALLBACK_PLUGINS:
name: Load callbacks for adhoc
default: False
description:
- Controls whether callback plugins are loaded when running /usr/bin/ansible.
This may be used to log activity from the command line, send notifications, and so on.
Callback plugins are always loaded for ``ansible-playbook``.
env: [{name: ANSIBLE_LOAD_CALLBACK_PLUGINS}]
ini:
- {key: bin_ansible_callbacks, section: defaults}
type: boolean
version_added: "1.8"
DEFAULT_LOCAL_TMP:
name: Controller temporary directory
default: ~/.ansible/tmp
description: Temporary directory for Ansible to use on the controller.
env: [{name: ANSIBLE_LOCAL_TEMP}]
ini:
- {key: local_tmp, section: defaults}
type: tmppath
DEFAULT_LOG_PATH:
name: Ansible log file path
default: ''
description: File to which Ansible will log on the controller. When empty logging is disabled.
env: [{name: ANSIBLE_LOG_PATH}]
ini:
- {key: log_path, section: defaults}
type: path
DEFAULT_LOOKUP_PLUGIN_PATH:
name: Lookup Plugins Path
description: Colon separated paths in which Ansible will search for Lookup Plugins.
default: ~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup
env: [{name: ANSIBLE_LOOKUP_PLUGINS}]
ini:
- {key: lookup_plugins, section: defaults}
type: pathspec
yaml: {key: defaults.lookup_plugins}
DEFAULT_MANAGED_STR:
name: Ansible managed
default: 'Ansible managed'
description: Sets the macro for the 'ansible_managed' variable available for M(template) tasks.
env: []
ini:
- {key: ansible_managed, section: defaults}
yaml: {key: defaults.ansible_managed}
DEFAULT_MODULE_ARGS:
name: Adhoc default arguments
default: ''
description:
- This sets the default arguments to pass to the ``ansible`` adhoc binary if no ``-a`` is specified.
env: [{name: ANSIBLE_MODULE_ARGS}]
ini:
- {key: module_args, section: defaults}
DEFAULT_MODULE_COMPRESSION:
name: Python module compression
default: ZIP_DEFLATED
description: Compression scheme to use when transfering Python modules to the target.
env: []
ini:
- {key: module_compression, section: defaults}
# vars:
# - name: ansible_module_compression
DEFAULT_MODULE_LANG:
name: Target language environment
default: "{{CONTROLER_LANG}}"
description: "Language locale setting to use for modules when they execute on the target, if empty it defaults to 'en_US.UTF-8'"
env: [{name: ANSIBLE_MODULE_LANG}]
ini:
- {key: module_lang, section: defaults}
# vars:
# - name: ansible_module_lang
DEFAULT_MODULE_NAME:
name: Default adhoc module
default: command
description: "Module to use with the ``ansible`` AdHoc command, if none is specified via ``-m``."
env: []
ini:
- {key: module_name, section: defaults}
DEFAULT_MODULE_PATH:
name: Modules Path
description: Colon separated paths in which Ansible will search for Modules.
default: ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
env: [{name: ANSIBLE_LIBRARY}]
ini:
- {key: library, section: defaults}
type: pathspec
DEFAULT_MODULE_SET_LOCALE:
name: Target locale
default: False
description: Controls if we set locale for modules when executing on the target.
env: [{name: ANSIBLE_MODULE_SET_LOCALE}]
ini:
- {key: module_set_locale, section: defaults}
type: boolean
# vars:
# - name: ansible_module_locale
DEFAULT_MODULE_UTILS_PATH:
name: Module Utils Path
description: Colon separated paths in which Ansible will search for Module utils files, which are shared by modules.
default: ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils
env: [{name: ANSIBLE_MODULE_UTILS}]
ini:
- {key: module_utils, section: defaults}
type: pathspec
DEFAULT_NO_LOG:
name: No log
default: False
description: "Toggle Ansible's display and logging of task details, mainly used to avoid security disclosures."
env: [{name: ANSIBLE_NO_LOG}]
ini:
- {key: no_log, section: defaults}
type: boolean
DEFAULT_NO_TARGET_SYSLOG:
name: No syslog on target
default: False
description: Toggle Ansbile logging to syslog on the target when it executes tasks.
env: [{name: ANSIBLE_NO_TARGET_SYSLOG}]
ini:
- {key: no_target_syslog, section: defaults}
type: boolean
yaml: {key: defaults.no_target_syslog}
DEFAULT_NULL_REPRESENTATION:
name: Represent a null
default: ~
description: What templating should return as a 'null' value. When not set it will let Jinja2 decide.
env: [{name: ANSIBLE_NULL_REPRESENTATION}]
ini:
- {key: null_representation, section: defaults}
type: none
DEFAULT_POLL_INTERVAL:
name: Async poll interval
default: 15
description:
- For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling),
this is how often to check back on the status of those tasks when an explicit poll interval is not supplied.
The default is a reasonably moderate 15 seconds which is a tradeoff between checking in frequently and
providing a quick turnaround when something may have completed.
env: [{name: ANSIBLE_POLL_INTERVAL}]
ini:
- {key: poll_interval, section: defaults}
type: integer
DEFAULT_PRIVATE_KEY_FILE:
name: Private key file
default: ~
description:
- Option for connections using a certificate or key file to authenticate, rather than an agent or passwords,
you can set the default value here to avoid re-specifying --private-key with every invocation.
env: [{name: ANSIBLE_PRIVATE_KEY_FILE}]
ini:
- {key: private_key_file, section: defaults}
type: path
DEFAULT_PRIVATE_ROLE_VARS:
name: Private role variables
default: False
description: ''
env: [{name: ANSIBLE_PRIVATE_ROLE_VARS}]
ini:
- {key: private_role_vars, section: defaults}
type: boolean
yaml: {key: defaults.private_role_vars}
DEFAULT_REMOTE_PORT:
name: Remote port
default: ~
description: Port to use in remote connections, when blank it will use the connection plugin default.
env: [{name: ANSIBLE_REMOTE_PORT}]
ini:
- {key: remote_port, section: defaults}
type: integer
yaml: {key: defaults.remote_port}
DEFAULT_REMOTE_TMP:
name: Target temporary directory
default: ~/.ansible/tmp
description:
- Temporary directory to use on targets when executing tasks.
- In some cases Ansible may still choose to use a system temporary dir to avoid permission issues.
env: [{name: ANSIBLE_REMOTE_TEMP}]
ini:
- {key: remote_tmp, section: defaults}
vars:
- name: ansible_remote_tmp
DEFAULT_REMOTE_USER:
name: Login/Remote User
default:
description:
- Sets the login user for the target machines
- "When blank it uses the connection plugin's default, normally the user currently executing Ansible."
env: [{name: ANSIBLE_REMOTE_USER}]
ini:
- {key: remote_user, section: defaults}
DEFAULT_ROLES_PATH:
name: Roles path
default: ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
description: Colon separated paths in which Ansible will search for Roles.
env: [{name: ANSIBLE_ROLES_PATH}]
expand_relative_paths: True
ini:
- {key: roles_path, section: defaults}
type: pathspec
yaml: {key: defaults.roles_path}
DEFAULT_SCP_IF_SSH:
# TODO: move to ssh plugin
default: smart
description:
- "Prefered method to use when transfering files over ssh"
- When set to smart, Ansible will try them until one succeeds or they all fail
- If set to True, it will force 'scp', if False it will use 'sftp'
env: [{name: ANSIBLE_SCP_IF_SSH}]
ini:
- {key: scp_if_ssh, section: ssh_connection}
DEFAULT_SELINUX_SPECIAL_FS:
name: Problematic file systems
default: fuse, nfs, vboxsf, ramfs, 9p
description:
- "Some filesystems do not support safe operations and/or return inconsistent errors,
this setting makes Ansible 'tolerate' those in the list w/o causing fatal errors."
- Data corruption may occur and writes are not always verified when a filesystem is in the list.
env: []
ini:
- {key: special_context_filesystems, section: selinux}
type: list
DEFAULT_SFTP_BATCH_MODE:
# TODO: move to ssh plugin
default: True
description: 'TODO: write it'
env: [{name: ANSIBLE_SFTP_BATCH_MODE}]
ini:
- {key: sftp_batch_mode, section: ssh_connection}
type: boolean
yaml: {key: ssh_connection.sftp_batch_mode}
DEFAULT_SQUASH_ACTIONS:
name: Squashable actions
default: apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper
description:
- Ansible can optimise actions that call modules that support list parameters when using ``with_`` looping.
Instead of calling the module once for each item, the module is called once with the full list.
- The default value for this setting is only for certain package managers, but it can be used for any module
- Currently, this is only supported for modules that have a name or pkg parameter, and only when the item is the only thing being passed to the parameter.
env: [{name: ANSIBLE_SQUASH_ACTIONS}]
ini:
- {key: squash_actions, section: defaults}
type: list
version_added: "2.0"
DEFAULT_SSH_TRANSFER_METHOD:
# TODO: move to ssh plugin
default:
description: 'unused?'
# - "Prefered method to use when transfering files over ssh"
# - Setting to smart will try them until one succeeds or they all fail
#choices: ['sftp', 'scp', 'dd', 'smart']
env: [{name: ANSIBLE_SSH_TRANSFER_METHOD}]
ini:
- {key: transfer_method, section: ssh_connection}
DEFAULT_STDOUT_CALLBACK:
name: Main display callback plugin
default: default
description:
- "Set the main callback used to display Ansible output, you can only have one at a time."
- You can have many other callbacks, but just one can be in charge of stdout.
env: [{name: ANSIBLE_STDOUT_CALLBACK}]
ini:
- {key: stdout_callback, section: defaults}
DEFAULT_STRATEGY:
name: Implied strategy
default: 'linear'
description: Set the default strategy used for plays.
env: [{name: ANSIBLE_STRATEGY}]
ini:
- {key: strategy, section: defaults}
version_added: "2.3"
DEFAULT_STRATEGY_PLUGIN_PATH:
name: Strategy Plugins Path
description: Colon separated paths in which Ansible will search for Strategy Plugins.
default: ~/.ansible/plugins/strategy:/usr/share/ansible/plugins/strategy
env: [{name: ANSIBLE_STRATEGY_PLUGINS}]
ini:
- {key: strategy_plugins, section: defaults}
type: pathspec
DEFAULT_SU:
default: False
description: 'Toggle the use of "su" for tasks.'
env: [{name: ANSIBLE_SU}]
ini:
- {key: su, section: defaults}
type: boolean
yaml: {key: defaults.su}
DEFAULT_SUDO:
default: False
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description: 'Toggle the use of "sudo" for tasks.'
env: [{name: ANSIBLE_SUDO}]
ini:
- {key: sudo, section: defaults}
type: boolean
DEFAULT_SUDO_EXE:
name: sudo executable
default: sudo
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description: 'specify an "sudo" executable, otherwise it relies on PATH.'
env: [{name: ANSIBLE_SUDO_EXE}]
ini:
- {key: sudo_exe, section: defaults}
DEFAULT_SUDO_FLAGS:
name: sudo flags
default: '-H -S -n'
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description: 'Flags to pass to "sudo"'
env: [{name: ANSIBLE_SUDO_FLAGS}]
ini:
- {key: sudo_flags, section: defaults}
DEFAULT_SUDO_USER:
name: sudo user
default:
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description: 'User you become when using "sudo", leaving it blank will use the default configured on the target (normally root)'
env: [{name: ANSIBLE_SUDO_USER}]
ini:
- {key: sudo_user, section: defaults}
DEFAULT_SU_EXE:
name: su executable
default: su
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description: 'specify an "su" executable, otherwise it relies on PATH.'
env: [{name: ANSIBLE_SU_EXE}]
ini:
- {key: su_exe, section: defaults}
DEFAULT_SU_FLAGS:
name: su flags
default: ''
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
description: 'Flags to pass to su'
env: [{name: ANSIBLE_SU_FLAGS}]
ini:
- {key: su_flags, section: defaults}
DEFAULT_SU_USER:
name: su user
default:
description: 'User you become when using "su", leaving it blank will use the default configured on the target (normally root)'
env: [{name: ANSIBLE_SU_USER}]
ini:
- {key: su_user, section: defaults}
deprecated:
why: In favor of become which is a generic framework
version: "2.8"
alternatives: become
DEFAULT_SYSLOG_FACILITY:
name: syslog facility
default: LOG_USER
description: Syslog facility to use when Ansible logs to the remote target
env: [{name: ANSIBLE_SYSLOG_FACILITY}]
ini:
- {key: syslog_facility, section: defaults}
DEFAULT_TASK_INCLUDES_STATIC:
name: Task include static
default: False
description:
- The `include` tasks can be static or dynamic, this toggles the default expected behaviour if autodetection fails and it is not explicitly set in task.
env: [{name: ANSIBLE_TASK_INCLUDES_STATIC}]
ini:
- {key: task_includes_static, section: defaults}
type: boolean
version_added: "2.1"
deprecated:
why: include itself is deprecated and this setting will not matter in the future
version: "2.8"
alternatives: None, as its already built into the decision between include_tasks and import_tasks
DEFAULT_TEST_PLUGIN_PATH:
name: Jinja2 Test Plugins Path
description: Colon separated paths in which Ansible will search for Jinja2 Test Plugins.
default: ~/.ansible/plugins/test:/usr/share/ansible/plugins/test
env: [{name: ANSIBLE_TEST_PLUGINS}]
ini:
- {key: test_plugins, section: defaults}
type: pathspec
DEFAULT_TIMEOUT:
name: Connection timeout
default: 10
description: This is the default timeout for connection plugins to use.
env: [{name: ANSIBLE_TIMEOUT}]
ini:
- {key: timeout, section: defaults}
type: integer
DEFAULT_TRANSPORT:
name: Connection plugin
default: smart
description: "Default connection plugin to use, the 'smart' option will toggle between 'ssh' and 'paramiko' depending on controller OS and ssh versions"
env: [{name: ANSIBLE_TRANSPORT}]
ini:
- {key: transport, section: defaults}
DEFAULT_UNDEFINED_VAR_BEHAVIOR:
name: Jinja2 fail on undefined
default: True
version_added: "1.3"
description:
- When True, this causes ansible templating to fail steps that reference variable names that are likely typoed.
- "Otherwise, any '{{ template_expression }}' that contains undefined variables will be rendered in a template or ansible action line exactly as written."
env: [{name: ANSIBLE_ERROR_ON_UNDEFINED_VARS}]
ini:
- {key: error_on_undefined_vars, section: defaults}
type: boolean
DEFAULT_VARS_PLUGIN_PATH:
name: Vars Plugins Path
default: ~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars
description: Colon separated paths in which Ansible will search for Vars Plugins.
env: [{name: ANSIBLE_VARS_PLUGINS}]
ini:
- {key: vars_plugins, section: defaults}
type: pathspec
# TODO: unused?
#DEFAULT_VAR_COMPRESSION_LEVEL:
# default: 0
# description: 'TODO: write it'
# env: [{name: ANSIBLE_VAR_COMPRESSION_LEVEL}]
# ini:
# - {key: var_compression_level, section: defaults}
# type: integer
# yaml: {key: defaults.var_compression_level}
DEFAULT_VAULT_ID_MATCH:
name: Force vault id match
default: False
description: 'If true, decrypting vaults with a vault id will only try the password from the matching vault-id'
env: [{name: ANSIBLE_VAULT_ID_MATCH}]
ini:
- {key: vault_id_match, section: defaults}
yaml: {key: defaults.vault_id_match}
DEFAULT_VAULT_IDENTITY:
name: Vault id label
default: default
description: 'The label to use for the default vault id label in cases where a vault id label is not provided'
env: [{name: ANSIBLE_VAULT_IDENTITY}]
ini:
- {key: vault_identity, section: defaults}
yaml: {key: defaults.vault_identity}
DEFAULT_VAULT_IDENTITY_LIST:
name: Default vault ids
default: []
description: 'A list of vault-ids to use by default. Equivalent to multiple --vault-id args. Vault-ids are tried in order.'
env: [{name: ANSIBLE_VAULT_IDENTITY_LIST}]
ini:
- {key: vault_identity_list, section: defaults}
type: list
yaml: {key: defaults.vault_identity_list}
DEFAULT_VAULT_PASSWORD_FILE:
name: Vault password file
default: ~
description: 'The vault password file to use. Equivalent to --vault-password-file or --vault-id'
env: [{name: ANSIBLE_VAULT_PASSWORD_FILE}]
ini:
- {key: vault_password_file, section: defaults}
type: path
yaml: {key: defaults.vault_password_file}
DEFAULT_VERBOSITY:
name: Verbosity
default: 0
description: Sets the default verbosity, equivalent to the number of ``-v`` passed in the command line.
env: [{name: ANSIBLE_VERBOSITY}]
ini:
- {key: verbosity, section: defaults}
type: integer
DEPRECATION_WARNINGS:
name: Deprecation messages
default: True
description: "Toggle to control the showing of deprecation warnings"
env: [{name: ANSIBLE_DEPRECATION_WARNINGS}]
ini:
- {key: deprecation_warnings, section: defaults}
type: boolean
DIFF_ALWAYS:
name: Show differences
default: False
description: Configuration toggle to tell modules to show differences when in 'changed' status, equivalent to ``--diff``.
env: [{name: ANSIBLE_DIFF_ALWAYS}]
ini:
- {key: always, section: diff}
type: bool
DIFF_CONTEXT:
name: Difference context
default: 3
description: How many lines of context to show when displaying the differences between files.
env: [{name: ANSIBLE_DIFF_CONTEXT}]
ini:
- {key: context, section: diff}
type: integer
DISPLAY_ARGS_TO_STDOUT:
name: Show task arguments
default: False
description:
- "Normally ``ansible-playbook`` will print a header for each task that is run.
These headers will contain the name: field from the task if you specified one.
If you didn't then ``ansible-playbook`` uses the task's action to help you tell which task is presently running.
Sometimes you run many of the same action and so you want more information about the task to differentiate it from others of the same action.
If you set this variable to True in the config then ``ansible-playbook`` will also include the task's arguments in the header."
- "This setting defaults to False because there is a chance that you have sensitive values in your parameters and
you do not want those to be printed."
- "If you set this to True you should be sure that you have secured your environment's stdout
(no one can shoulder surf your screen and you aren't saving stdout to an insecure file) or
made sure that all of your playbooks explicitly added the ``no_log: True`` parameter to tasks which have sensistive values
See How do I keep secret data in my playbook? for more information."
env: [{name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT}]
ini:
- {key: display_args_to_stdout, section: defaults}
type: boolean
version_added: "2.1"
DISPLAY_SKIPPED_HOSTS:
name: Show skipped results
default: True
description: "Toggle to control displaying skipped task/host entries in a task in the default callback"
env: [{name: DISPLAY_SKIPPED_HOSTS}]
ini:
- {key: display_skipped_hosts, section: defaults}
type: boolean
ERROR_ON_MISSING_HANDLER:
name: Missing handler error
default: True
description: "Toggle to allow missing handlers to become a warning instead of an error when notifying."
env: [{name: ANSIBLE_ERROR_ON_MISSING_HANDLER}]
ini:
- {key: error_on_missing_handler, section: defaults}
type: boolean
GALAXY_IGNORE_CERTS:
name: Galaxy validate certs
default: False
description:
- If set to yes, ansible-galaxy will not validate TLS certificates.
This can be useful for testing against a server with a self-signed certificate.
env: [{name: ANSIBLE_GALAXY_IGNORE}]
ini:
- {key: ignore_certs, section: galaxy}
type: boolean
GALAXY_ROLE_SKELETON:
name: Galaxy skeleton direcotry
default:
description: Role skeleton directory to use as a template for the ``init`` action in ``ansible-galaxy``, same as ``--role-skeleton``.
env: [{name: ANSIBLE_GALAXY_ROLE_SKELETON}]
ini:
- {key: role_skeleton, section: galaxy}
type: path
GALAXY_ROLE_SKELETON_IGNORE:
name: Galaxy skeleton ignore
default: ["^.git$", "^.*/.git_keep$"]
description: patterns of files to ignore inside a galaxy role skeleton directory
env: [{name: ANSIBLE_GALAXY_ROLE_SKELETON_IGNORE}]
ini:
- {key: role_skeleton_ignore, section: galaxy}
type: list
# TODO: unused?
#GALAXY_SCMS:
# name: Galaxy SCMS
# default: git, hg
# description: Available galaxy source control management systems.
# env: [{name: ANSIBLE_GALAXY_SCMS}]
# ini:
# - {key: scms, section: galaxy}
# type: list
GALAXY_SERVER:
default: https://galaxy.ansible.com
description: "URL to prepend when roles don't specify the full URI, assume they are referencing this server as the source."
env: [{name: ANSIBLE_GALAXY_SERVER}]
ini:
- {key: server, section: galaxy}
yaml: {key: galaxy.server}
HOST_KEY_CHECKING:
name: Check host keys
default: True
description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host'
env: [{name: ANSIBLE_HOST_KEY_CHECKING}]
ini:
- {key: host_key_checking, section: defaults}
type: boolean
INVENTORY_ENABLED:
name: Active Inventory plugins
default: ['host_list', 'script', 'yaml', 'ini']
description: List of enabled inventory plugins, it also determines the order in which they are used.
env: [{name: ANSIBLE_INVENTORY_ENABLED}]
ini:
- {key: enable_plugins, section: inventory}
type: list
INVENTORY_IGNORE_EXTS:
name: Inventory ignore extensions
default: "{{(BLACKLIST_EXTS + ( '~', '.orig', '.ini', '.cfg', '.retry'))}}"
description: List of extensions to ignore when using a directory as an inventory source
env: [{name: ANSIBLE_INVENTORY_IGNORE}]
ini:
- {key: inventory_ignore_extensions, section: defaults}
- {key: ignore_extensions, section: inventory}
type: list
INVENTORY_IGNORE_PATTERNS:
name: Inventory ignore patterns
default: []
description: List of patterns to ignore when using a directory as an inventory source
env: [{name: ANSIBLE_INVENTORY_IGNORE_REGEX}]
ini:
- {key: inventory_ignore_patterns, section: defaults}
- {key: ignore_patterns, section: inventory}
type: list
INVENTORY_UNPARSED_IS_FAILED:
name: Unparsed Inventory failure
default: False
description: If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
env: [{name: ANSIBLE_INVENTORY_UNPARSED_FAILED}]
ini:
- {key: unparsed_is_failed, section: inventory}
type: bool
MAX_FILE_SIZE_FOR_DIFF:
name: Diff maxiumum file size
default: 104448
description: Maximum size of files to be considered for diff display
env: [{name: ANSIBLE_MAX_DIFF_SIZE}]
ini:
- {key: max_diff_size, section: defaults}
type: int
MERGE_MULTIPLE_CLI_TAGS:
name: Merge 'tags' options
default: True
description:
- "This allows changing how multiple --tags and --skip-tags arguments are handled on the command line.
In Ansible up to and including 2.3, specifying --tags more than once will only take the last value of --tags."
- "Setting this config value to True will mean that all of the --tags options will be merged together. The same holds true for --skip-tags."
env: [{name: ANSIBLE_MERGE_MULTIPLE_CLI_TAGS}]
ini:
- {key: merge_multiple_cli_tags, section: defaults}
type: bool
version_added: "2.3"
NETWORK_GROUP_MODULES:
name: Network module families
default: [eos, nxos, ios, iosxr, junos, ce, vyos, sros, dellos9, dellos10, dellos6, asa, aruba, aireos]
description: 'TODO: write it'
env: [{name: NETWORK_GROUP_MODULES}]
ini:
- {key: network_group_modules, section: defaults}
type: list
yaml: {key: defaults.network_group_modules}
#ONLY_NAMESPACE_FACTS:
# Deffered to 2.5
# FIXME: reenable when we can remove ansible_ prefix from namespaced facts
# default: False
# description:
# - Facts normally get injected as top level variables, this setting prevents that.
# - Facts are still available in the `ansible_facts` variable w/o the `ansible_` prefix.
# env: [{name: ANSIBLE_RESTRICT_FACTS}]
# ini:
# - {key: restrict_facts_namespace, section: defaults}
# type: boolean
# yaml: {key: defaults.restrict_facts_namespace}
# version_added: "2.4"
PARAMIKO_HOST_KEY_AUTO_ADD:
# TODO: move to plugin
default: False
description: 'TODO: write it'
env: [{name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD}]
ini:
- {key: host_key_auto_add, section: paramiko_connection}
type: boolean
PARAMIKO_LOOK_FOR_KEYS:
# TODO: move to plugin
default: True
description: 'TODO: write it'
env: [{name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS}]
ini:
- {key: look_for_keys, section: paramiko_connection}
type: boolean
PARAMIKO_PROXY_COMMAND:
# TODO: move to plugin
default:
description: 'TODO: write it'
env: [{name: ANSIBLE_PARAMIKO_PROXY_COMMAND}]
ini:
- {key: proxy_command, section: paramiko_connection}
PARAMIKO_PTY:
# TODO: move to plugin
default: True
description: 'TODO: write it'
env: [{name: ANSIBLE_PARAMIKO_PTY}]
ini:
- {key: pty, section: paramiko_connection}
type: boolean
PARAMIKO_RECORD_HOST_KEYS:
# TODO: move to plugin
default: True
description: 'TODO: write it'
env: [{name: ANSIBLE_PARAMIKO_RECORD_HOST_KEYS}]
ini:
- {key: record_host_keys, section: paramiko_connection}
type: boolean
PERSISTENT_CONTROL_PATH_DIR:
name: Persistence socket path
default: ~/.ansible/pc
description: Path to socket to be used by the connection persistence system.
env: [{name: ANSIBLE_PERSISTENT_CONTROL_PATH_DIR}]
ini:
- {key: control_path_dir, section: persistent_connection}
type: path
PERSISTENT_CONNECT_TIMEOUT:
name: Persistence timeout
default: 30
description: This controls how long the persistent connection will remain idle before it is destroyed.
env: [{name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT}]
ini:
- {key: connect_timeout, section: persistent_connection}
type: integer
PERSISTENT_CONNECT_RETRY_TIMEOUT:
name: Persistence connection retry timeout
default: 15
description: This contorls the retry timeout for presistent connection to connect to the local domain socket.
env: [{name: ANSIBLE_PERSISTENT_CONNECT_RETRY_TIMEOUT}]
ini:
- {key: connect_retry_timeout, section: persistent_connection}
type: integer
PERSISTENT_COMMAND_TIMEOUT:
name: Persistence command timeout
default: 10
description: This controls the amount of time to wait for response from remote device before timing out presistent connection.
env: [{name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT}]
ini:
- {key: command_timeout, section: persistent_connection}
type: int
PLAYBOOK_VARS_ROOT:
name: playbook vars files root
default: top
version_added: "2.4.1"
description:
- This sets which playbook dirs will be used as a root to process vars plugins, which includes finding host_vars/group_vars
- The ``top`` option follows the traditional behaviour of using the top playbook in the chain to find the root directory.
- The ``bottom`` option follows the 2.4.0 behaviour of using the current playbook to find the root directory.
- The ``all`` option examines from the first parent to the current playbook.
env: [{name: ANSIBLE_PLAYBOOK_VARS_ROOT}]
ini:
- {key: playbook_vars_root, section: defaults}
choices: [ top, bottom, all ]
RETRY_FILES_ENABLED:
name: Retry files
default: True
description: This controls whether a failed Ansible playbook should create a .retry file.
env: [{name: ANSIBLE_RETRY_FILES_ENABLED}]
ini:
- {key: retry_files_enabled, section: defaults}
type: bool
RETRY_FILES_SAVE_PATH:
name: Retry files path
default: ~
description: This sets the path in which Ansible will save .retry files when a playbook fails and retry files are enabled.
env: [{name: ANSIBLE_RETRY_FILES_SAVE_PATH}]
ini:
- {key: retry_files_save_path, section: defaults}
type: path
SHOW_CUSTOM_STATS:
name: Display custom stats
default: False
description: 'This adds the custom stats set via the set_stats plugin to the default output'
env: [{name: ANSIBLE_SHOW_CUSTOM_STATS}]
ini:
- {key: show_custom_stats, section: defaults}
type: bool
STRING_TYPE_FILTERS:
name: Filters to preserve strings
default: [string, to_json, to_nice_json, to_yaml, ppretty, json]
description:
- "This list of filters avoids 'type conversion' when templating variables"
- Useful when you want to avoid conversion into lists or dictionaries for JSON strings, for example.
env: [{name: ANSIBLE_STRING_TYPE_FILTERS}]
ini:
- {key: dont_type_filters, section: jinja2}
type: list
SYSTEM_WARNINGS:
name: System warnings
default: True
description:
- Allows disabling of warnings related to potential issues on the system running ansible itself (not on the managed hosts)
- These may include warnings about 3rd party packages or other conditions that should be resolved if possible.
env: [{name: ANSIBLE_SYSTEM_WARNINGS}]
ini:
- {key: system_warnings, section: defaults}
type: boolean
USE_PERSISTENT_CONNECTIONS:
name: Persistence
default: False
description: Toggles the use of persistence for connections.
env: [{name: ANSIBLE_USE_PERSISTENT_CONNECTIONS}]
ini:
- {key: use_persistent_connections, section: defaults}
type: boolean
VARIABLE_PRECEDENCE:
name: Group variable precedence
default: ['all_inventory', 'groups_inventory', 'all_plugins_inventory', 'all_plugins_play', 'groups_plugins_inventory', 'groups_plugins_play']
description: Allows to change the group variable precedence merge order.
env: [{name: ANSIBLE_PRECEDENCE}]
ini:
- {key: precedence, section: defaults}
type: list
version_added: "2.4"
YAML_FILENAME_EXTENSIONS:
name: Valid YAML extensions
default: [".yml", ".yaml", ".json"]
description:
- "Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these."
- 'This affects vars_files, include_vars, inventory and vars plugins among others.'
env:
- name: ANSIBLE_YAML_FILENAME_EXT
ini:
- section: defaults
key: yaml_valid_extensions
type: list
...
こいつらを使うとこんな感じになります。イメージ通り。
$ ansible-playbook -i hosts echo-sd.yml
_人人人人人人人人人人_
> PLAY [localhost] <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^ ̄
_人人人人人人人人人人人人人_
> TASK [Gathering Facts] <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^ ̄
ok: [localhost]
_人人人人人人人人人人人人人_
> TASK [Display message] <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^ ̄
ok: [localhost] => {
"msg": "突然の死"
}
_人人人人人人人_
> PLAY RECAP <
 ̄Y^Y^Y^Y^Y^Y^Y^ ̄
localhost : ok=2 changed=0 unreachable=0 failed=0
cowsayバージョンはシュールな感じがしましたが、echo-sd版はなんというか...うるさいですね。出力がやかましい。
当初の目的は達成したものの、特に喜びがなくて困りました。
解説
それではecho-sd化に関係する部分について解説したいと思います。
処理の流れ
display.py では、タスク実行時のメッセージを画面を出力しますが、cowsayに関しては概ね以下のような流れで読み込み、実行されます。
-
読み込み
- cowsayパスの決定
- cowsayキャラクタの除外
-
実行
- cowsayバナー出力
それぞれの処理を確認し、echo-sd化に向けて置き換えていきましょう。
読み込み
Ansible起動時には各種モジュールが読み込まれますが、その流れの中でDisplayが読み込まれ、 init 処理が実行されます。
def __init__(self, verbosity=0):
(略)
# cowsayの実行パスを格納する変数
self.b_cowsay = None
# cowsayキャラクタをコンフィグから読み込む
self.noncow = C.ANSIBLE_COW_SELECTION
# cowsayの実行パスを決定
self.set_cowsay_info()
# コンフィグ設定と合わせて使用可能なcowsayキャラクタを決定
if self.b_cowsay:
try:
# cowsay -lコマンドから環境上使用可能なcowsayキャラクタを取得
cmd = subprocess.Popen([self.b_cowsay, "-l"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = cmd.communicate()
self.cows_available = set([to_text(c) for c in out.split()])
# 使用可能なもののうち、ホワイトリストでも指定されたキャラクタのみを抜き出す
if C.ANSIBLE_COW_WHITELIST:
self.cows_available = set(C.ANSIBLE_COW_WHITELIST).intersection(self.cows_available)
except:
# cowsay -lコマンドが実行できないなど、何らかの例外が起きたらcowsayしないようにする
self.b_cowsay = False
(略)
ANSIBLE_COW_WHITELIST で利用するキャラクタを指定できるのはこんな動きになっていたんですね。
実行パスは set_cowsay_info() でこんな感じでセットされます。
# 探索するcowsay実行パスのリスト
b_COW_PATHS = (
b"/usr/bin/cowsay",
b"/usr/games/cowsay",
b"/usr/local/bin/cowsay", # BSD path for cowsay
b"/opt/local/bin/cowsay", # MacPorts path for cowsay
)
(略)
def set_cowsay_info(self):
# ANSIBLE_NOCOWSで無効化されていなければ実行パスをセットする
if not C.ANSIBLE_NOCOWS:
# b_COW_PATHSに含まれるもののうち、存在するものをb_cowsayにセット
for b_cow_path in b_COW_PATHS:
if os.path.exists(b_cow_path):
self.b_cowsay = b_cow_path
こんな感じで、 b_cowsay に実行パスが設定されるとめでたくcowsay状態となります。
また、ここまでに base.yml から以下3つのコンフィグ変数が使われています。
- ANSIBLE_COW_SELECTION
- ANSIBLE_COW_WHITELIST
- ANSIBLE_NOCOWS
base.ymlより抜粋
ANSIBLE_COW_SELECTION:
name: Cowsay filter selection
default: default
description: This allows you to chose a specific cowsay stencil for the banners or use 'random' to cycle through them.
env: [{name: ANSIBLE_COW_SELECTION}]
ini:
- {key: cow_selection, section: defaults}
ANSIBLE_COW_WHITELIST:
name: Cowsay filter whitelist
default: ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moose', 'ren', 'sheep', 'small', 'stegosaurus', 'stimpy', 'supermilker', 'three-eyes', 'turkey', 'turtle', 'tux', 'udder', 'vader-koala', 'vader', 'www']
description: White list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates.
env: [{name: ANSIBLE_COW_WHITELIST}]
ini:
- {key: cow_whitelist, section: defaults}
type: list
yaml: {key: display.cowsay_whitelist}
ANSIBLE_NOCOWS:
name: Suppress cowsay output
default: False
description: If you have cowsay installed but want to avoid the 'cows' (why????), use this.
env: [{name: ANSIBLE_NOCOWS}]
ini:
- {key: nocows, section: defaults}
type: boolean
yaml: {key: display.i_am_no_fun}
実行
読み込んだcowsayパスを元に、 banner でのバナー出力を行います。
def banner(self, msg, color=None, cows=True):
'''
Prints a header-looking line with cowsay or stars wit hlength depending on terminal width (3 minimum)
'''
# cowsayの実行パスが指定されており、明示的に実行しないよう(cows=False)に
# されていなければbanner_cowsayを利用する
if self.b_cowsay and cows:
try:
# cowsayでバナー出力したらバナー処理が終了する
self.banner_cowsay(msg)
return
except OSError:
# 何かあったらメッセージを出して通常バナーで処理を続行
self.warning("somebody cleverly deleted cowsay or something during the PB run. heh.")
# ここから通常バナー処理
msg = msg.strip()
star_len = self.columns - len(msg)
if star_len <= 3:
star_len = 3
stars = u"*" * star_len
self.display(u"\n%s %s" % (msg, stars), color=color)
なるほどー、と思ったのですが、通常のバナー処理よりもcowsayによるバナー処理を割り込ませているんですね。
割り込んだ処理がうまく行ったらそこで return にすることで、通常バナーを抑止しつつ、何か失敗してもその先で通常バナーが出るようになっているようです。
では最後に肝心の banner_cowsay を見てみましょう。
def banner_cowsay(self, msg, color=None):
# メッセージ中にある "[" "]" のセットを削除する
if u": [" in msg:
msg = msg.replace(u"[", u"")
if msg.endswith(u"]"):
msg = msg[:-1]
# 実行するcowsayコマンドを組み立て
runcmd = [self.b_cowsay, b"-W", b"60"]
# cowsayキャラクタを選択
# randomの場合はcows_availableからランダムに選ぶ
if self.noncow:
thecow = self.noncow
if thecow == 'random':
thecow = random.choice(list(self.cows_available))
runcmd.append(b'-f')
runcmd.append(to_bytes(thecow))
# メッセージ本文をコマンドに追加して実行
runcmd.append(to_bytes(msg))
cmd = subprocess.Popen(runcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = cmd.communicate()
# displayメソッドでcowsayコマンドから受け取った出力を画面へ出力
self.display(u"%s\n" % to_text(out), color=color)
まぁ、ここ自体はそこまで面白いものではないです。
最初の "[" "]" を削除するくだりはぱっと見で意味不明でしたが、冷静に読むと特に何ということはない処理ですね。
というような感じでcowsayバージョンの出力が得られるようになっていました。
読み込み(echo-sd版)
読み込み部分はこんな感じに落ち着きました。
echo-sdにはcowsayのように出力のスタイルが豊富ではないので、 cows_available に相当する部分は素直に b_ECHO_SD_STYLES にしました。
# echo-sd実行パスのリスト
b_ECHO_SD_PATHS = (
b"/usr/local/bin/echo-sd", # path for echo-sd
)
# echo-sdの出力スタイル一覧
b_ECHO_SD_STYLES = (
b"vertical",
b"tanzaku",
b"default",
)
class Display:
def __init__(self, verbosity=0):
(略)
# echo-sd実行パス
self.b_echo_sd = None
# echo-sdの出力スタイルをコンフィグから読み込む
self.nonsd = C.ANSIBLE_SD_SELECTION
# echo-sdの実行パスを決定
self.set_echo_sd_info()
(略)
def set_echo_sd_info(self):
if not C.ANSIBLE_NOSD:
for b_echo_sd_path in b_ECHO_SD_PATHS:
if os.path.exists(b_echo_sd_path):
self.b_echo_sd = b_echo_sd_path
(略)
コードを見たらわかりますが、コンフィグの変数は
-
ANSIBLE_SD_SELECTION
- echo-sdの出力スタイルを指定
- randomで「通常モード(default)」「縦書きモード(vertical)」「短冊モード(tanzaku)」から選ばれる
-
ANSIBLE_NOSD
- Trueにするとecho-sdによるバナー出力が抑制される
- デフォルトではFalseなのでサーバ上にecho-sdがインストールされていればecho-sdスタイルで動く
の2つが使われます。
これでecho-sdの実行準備が整いました。
実行(echo-sd版)
こちらはこんな感じに。処理スタイルはそのままに、呼び出すメソッド名を変えただけですね。
def banner(self, msg, color=None, sd=True):
'''
Prints a header-looking line with echo-sd or stars wit hlength depending on terminal width (3 minimum)
'''
if self.b_echo_sd and sd:
try:
self.banner_echo_sd(msg)
return
except OSError:
self.warning("somebody cleverly deleted echo-sd or something during the PB run. heh.")
(略)
具体的な処理はこうなりました。基本的な流れは元のままですが、地味に調整を入れています。
def banner_echo_sd(self, msg, color=None):
# メッセージ中にある "[" "]" を削除する
if u": [" in msg:
msg = msg.replace(u"[", u"")
if msg.endswith(u"]"):
msg = msg[:-1]
# 実行するecho-sdコマンドを組み立て
runcmd = [self.b_echo_sd]
# echo-sdの出力スタイルを選択
if self.nonsd:
thesd = self.nonsd
if thesd == 'random':
thesd = random.choice(list(b_ECHO_SD_STYLES))
# default以外だったらオプションを追加
if thesd != 'default':
runcmd.append(to_bytes("--" + thesd))
# default以外のスタイルではメッセージに
# "[" "]" が入っているとなぜか出力がおかしくなるので削除
msg = msg.replace(u"[", u"")
msg = msg.replace(u"]", u"")
# メッセージ本文をコマンドに追加して実行
runcmd.append(to_bytes(msg))
cmd = subprocess.Popen(runcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = cmd.communicate()
# displayメソッドでcowsayコマンドから受け取った出力を画面へ出力
# 表示がきつくなるので1行分改行してはじめる
print()
self.display(u"%s\n" % to_text(out), color=color)
よくわからなかったのは「メッセージ本文に [ ] のセットが含まれると なぜか出力がおかしくなる 」点です。
この削除処理を入れない状態では、
_人人_
> PLAY [localhost] <
> LAY [localhost] <
> AY [localhost] <
> Y [localhost] <
> [localhost] <
> ? <
> l <
> o <
> c <
> a <
> l <
> h <
> o <
> s <
> t <
> ? <
 ̄Y^Y^ ̄
というような感じになってしまい、はてな?という感じでした。
最初はPython側でメッセージ本文のパースでおかしなことになったのかと思いきや、実際に直接echo-sdで試してみると
# コマンドで直接やってもおかしい
$ echo-sd --vertical "TASK [Display message]"
_人人_
> TASK [Display message] <
> ASK [Display message] <
> SK [Display message] <
> K [Display message] <
> [Display message] <
> ? <
> D <
> i <
> s <
> p <
> l <
> a <
> y <
> <
> m <
> e <
> s <
> s <
> a <
> g <
> e <
> ? <
 ̄Y^Y^ ̄
# "[" "]" を除去するとちゃんと出る
$ echo-sd --vertical "TASK Display message"
_人人_
> T <
> A <
> S <
> K <
> <
> D <
> i <
> s <
> p <
> l <
> a <
> y <
> <
> m <
> e <
> s <
> s <
> a <
> g <
> e <
 ̄Y^Y^ ̄
ということがあり、デフォルト以外で出力する場合にはメッセージ本文から [ ] を削除しています。
echo-sdでは縦書きで出力する際にフォーマット揃えのためアルファベットを全角に変換しているようなのですが、 [ ] が入っていると正規表現かなにかがおかしくなるんでしょうか?
たぶんソース見たらわかると思うんですがとりあえず問題は回避できているので深追いはしていません。
実行サンプル
というわけでこんなものが出来上がりました。 縦書きが入るとなおウザくてたまらないですね。
$ export ANSIBLE_SD_SELECTION=random
$ ansible-playbook -i hosts echo-sd.yml
_人人人人人人人人人人_
> PLAY [localhost] <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^ ̄
_人人人人人人人人人人人人人_
> TASK [Gathering Facts] <
 ̄Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^ ̄
ok: [localhost]
┏-┷-┓
┃ T ┃
┃ A ┃
┃ S ┃
┃ K ┃
┃ ┃
┃ D ┃
┃ i ┃
┃ s ┃
┃ p ┃
┃ l ┃
┃ a ┃
┃ y ┃
┃ ┃
┃ m ┃
┃ e ┃
┃ s ┃
┃ s ┃
┃ a ┃
┃ g ┃
┃ e ┃
┗━━┛
ok: [localhost] => {
"msg": "突然の死"
}
_人人_
> P <
> L <
> A <
> Y <
> <
> R <
> E <
> C <
> A <
> P <
 ̄Y^Y^ ̄
localhost : ok=2 changed=0 unreachable=0 failed=0
めでたしめでたし。