diff options
Diffstat (limited to 'lib/ansible/config/base.yml')
| -rw-r--r-- | lib/ansible/config/base.yml | 2067 |
1 files changed, 2067 insertions, 0 deletions
diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml new file mode 100644 index 0000000..664eb10 --- /dev/null +++ b/lib/ansible/config/base.yml @@ -0,0 +1,2067 @@ +# Copyright (c) 2017 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +ANSIBLE_HOME: + name: The Ansible home path + description: + - The default root path for Ansible config files on the controller. + default: ~/.ansible + env: + - name: ANSIBLE_HOME + ini: + - key: home + section: defaults + type: path + version_added: '2.14' +ANSIBLE_CONNECTION_PATH: + name: Path of ansible-connection script + default: null + description: + - Specify where to look for the ansible-connection script. This location will be checked before searching $PATH. + - If null, ansible will start with the same directory as the ansible script. + type: path + env: [{name: ANSIBLE_CONNECTION_PATH}] + ini: + - {key: ansible_connection_path, section: persistent_connection} + yaml: {key: persistent_connection.ansible_connection_path} + version_added: "2.8" +ANSIBLE_COW_SELECTION: + name: Cowsay filter selection + default: default + description: This allows you to chose a specific cowsay stencil for the banners or use 'random' to cycle through them. + env: [{name: ANSIBLE_COW_SELECTION}] + ini: + - {key: cow_selection, section: defaults} +ANSIBLE_COW_ACCEPTLIST: + name: Cowsay filter acceptance list + default: ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moose', 'ren', 'sheep', 'small', 'stegosaurus', 'stimpy', 'supermilker', 'three-eyes', 'turkey', 'turtle', 'tux', 'udder', 'vader-koala', 'vader', 'www'] + description: Accept list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates. + env: + - name: ANSIBLE_COW_WHITELIST + deprecated: + why: normalizing names to new standard + version: "2.15" + alternatives: 'ANSIBLE_COW_ACCEPTLIST' + - name: ANSIBLE_COW_ACCEPTLIST + version_added: '2.11' + ini: + - key: cow_whitelist + section: defaults + deprecated: + why: normalizing names to new standard + version: "2.15" + alternatives: 'cowsay_enabled_stencils' + - key: cowsay_enabled_stencils + section: defaults + version_added: '2.11' + type: list +ANSIBLE_FORCE_COLOR: + name: Force color output + default: False + description: This option forces color mode even when running without a TTY or the "nocolor" setting is True. + env: [{name: ANSIBLE_FORCE_COLOR}] + ini: + - {key: force_color, section: defaults} + type: boolean + yaml: {key: display.force_color} +ANSIBLE_NOCOLOR: + name: Suppress color output + default: False + description: This setting allows suppressing colorizing output, which is used to give a better indication of failure and status information. + env: + - name: ANSIBLE_NOCOLOR + # this is generic convention for CLI programs + - name: NO_COLOR + version_added: '2.11' + ini: + - {key: nocolor, section: defaults} + type: boolean + yaml: {key: display.nocolor} +ANSIBLE_NOCOWS: + name: Suppress cowsay output + default: False + description: If you have cowsay installed but want to avoid the 'cows' (why????), use this. + env: [{name: ANSIBLE_NOCOWS}] + ini: + - {key: nocows, section: defaults} + type: boolean + yaml: {key: display.i_am_no_fun} +ANSIBLE_COW_PATH: + name: Set path to cowsay command + default: null + description: Specify a custom cowsay path or swap in your cowsay implementation of choice + env: [{name: ANSIBLE_COW_PATH}] + ini: + - {key: cowpath, section: defaults} + type: string + yaml: {key: display.cowpath} +ANSIBLE_PIPELINING: + name: Connection pipelining + default: False + description: + - This is a global option, each connection plugin can override either by having more specific options or not supporting pipelining at all. + - Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, + by executing many Ansible modules without actual file transfer. + - It can result in a very significant performance improvement when enabled. + - "However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first + disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default." + - This setting will be disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled. + env: + - name: ANSIBLE_PIPELINING + ini: + - section: defaults + key: pipelining + - section: connection + key: pipelining + type: boolean +ANY_ERRORS_FATAL: + name: Make Task failures fatal + default: False + description: Sets the default value for the any_errors_fatal keyword, if True, Task failures will be considered fatal errors. + env: + - name: ANSIBLE_ANY_ERRORS_FATAL + ini: + - section: defaults + key: any_errors_fatal + type: boolean + yaml: {key: errors.any_task_errors_fatal} + version_added: "2.4" +BECOME_ALLOW_SAME_USER: + name: Allow becoming the same user + default: False + description: + - This setting controls if become is skipped when remote user and become user are the same. I.E root sudo to root. + - If executable, it will be run and the resulting stdout will be used as the password. + env: [{name: ANSIBLE_BECOME_ALLOW_SAME_USER}] + ini: + - {key: become_allow_same_user, section: privilege_escalation} + type: boolean + yaml: {key: privilege_escalation.become_allow_same_user} +BECOME_PASSWORD_FILE: + name: Become password file + default: ~ + description: + - 'The password file to use for the become plugin. --become-password-file.' + - If executable, it will be run and the resulting stdout will be used as the password. + env: [{name: ANSIBLE_BECOME_PASSWORD_FILE}] + ini: + - {key: become_password_file, section: defaults} + type: path + version_added: '2.12' +AGNOSTIC_BECOME_PROMPT: + name: Display an agnostic become prompt + default: True + type: boolean + description: Display an agnostic become prompt instead of displaying a prompt containing the command line supplied become method + env: [{name: ANSIBLE_AGNOSTIC_BECOME_PROMPT}] + ini: + - {key: agnostic_become_prompt, section: privilege_escalation} + yaml: {key: privilege_escalation.agnostic_become_prompt} + version_added: "2.5" +CACHE_PLUGIN: + name: Persistent Cache plugin + default: memory + description: Chooses which cache plugin to use, the default 'memory' is ephemeral. + env: [{name: ANSIBLE_CACHE_PLUGIN}] + ini: + - {key: fact_caching, section: defaults} + yaml: {key: facts.cache.plugin} +CACHE_PLUGIN_CONNECTION: + name: Cache Plugin URI + default: ~ + description: Defines connection or path information for the cache plugin + env: [{name: ANSIBLE_CACHE_PLUGIN_CONNECTION}] + ini: + - {key: fact_caching_connection, section: defaults} + yaml: {key: facts.cache.uri} +CACHE_PLUGIN_PREFIX: + name: Cache Plugin table prefix + default: ansible_facts + description: Prefix to use for cache plugin files/tables + env: [{name: ANSIBLE_CACHE_PLUGIN_PREFIX}] + ini: + - {key: fact_caching_prefix, section: defaults} + yaml: {key: facts.cache.prefix} +CACHE_PLUGIN_TIMEOUT: + name: Cache Plugin expiration timeout + default: 86400 + description: Expiration timeout for the cache plugin data + env: [{name: ANSIBLE_CACHE_PLUGIN_TIMEOUT}] + ini: + - {key: fact_caching_timeout, section: defaults} + type: integer + yaml: {key: facts.cache.timeout} +COLLECTIONS_SCAN_SYS_PATH: + name: Scan PYTHONPATH for installed collections + description: A boolean to enable or disable scanning the sys.path for installed collections + default: true + type: boolean + env: + - {name: ANSIBLE_COLLECTIONS_SCAN_SYS_PATH} + ini: + - {key: collections_scan_sys_path, section: defaults} +COLLECTIONS_PATHS: + name: ordered list of root paths for loading installed Ansible collections content + description: > + Colon separated paths in which Ansible will search for collections content. + Collections must be in nested *subdirectories*, not directly in these directories. + For example, if ``COLLECTIONS_PATHS`` includes ``'{{ ANSIBLE_HOME ~ "/collections" }}'``, + and you want to add ``my.collection`` to that directory, it must be saved as + ``'{{ ANSIBLE_HOME} ~ "/collections/ansible_collections/my/collection" }}'``. + default: '{{ ANSIBLE_HOME ~ "/collections:/usr/share/ansible/collections" }}' + type: pathspec + env: + - name: ANSIBLE_COLLECTIONS_PATHS # TODO: Deprecate this and ini once PATH has been in a few releases. + - name: ANSIBLE_COLLECTIONS_PATH + version_added: '2.10' + ini: + - key: collections_paths + section: defaults + - key: collections_path + section: defaults + version_added: '2.10' +COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH: + name: Defines behavior when loading a collection that does not support the current Ansible version + description: + - When a collection is loaded that does not support the running Ansible version (with the collection metadata key `requires_ansible`). + env: [{name: ANSIBLE_COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH}] + ini: [{key: collections_on_ansible_version_mismatch, section: defaults}] + choices: &basic_error + error: issue a 'fatal' error and stop the play + warning: issue a warning but continue + ignore: just continue silently + default: warning +_COLOR_DEFAULTS: &color + name: placeholder for color settings' defaults + choices: ['black', 'bright gray', 'blue', 'white', 'green', 'bright blue', 'cyan', 'bright green', 'red', 'bright cyan', 'purple', 'bright red', 'yellow', 'bright purple', 'dark gray', 'bright yellow', 'magenta', 'bright magenta', 'normal'] +COLOR_CHANGED: + <<: *color + name: Color for 'changed' task status + default: yellow + description: Defines the color to use on 'Changed' task status + env: [{name: ANSIBLE_COLOR_CHANGED}] + ini: + - {key: changed, section: colors} +COLOR_CONSOLE_PROMPT: + <<: *color + name: "Color for ansible-console's prompt task status" + default: white + description: Defines the default color to use for ansible-console + env: [{name: ANSIBLE_COLOR_CONSOLE_PROMPT}] + ini: + - {key: console_prompt, section: colors} + version_added: "2.7" +COLOR_DEBUG: + <<: *color + name: Color for debug statements + default: dark gray + description: Defines the color to use when emitting debug messages + env: [{name: ANSIBLE_COLOR_DEBUG}] + ini: + - {key: debug, section: colors} +COLOR_DEPRECATE: + <<: *color + name: Color for deprecation messages + default: purple + description: Defines the color to use when emitting deprecation messages + env: [{name: ANSIBLE_COLOR_DEPRECATE}] + ini: + - {key: deprecate, section: colors} +COLOR_DIFF_ADD: + <<: *color + name: Color for diff added display + default: green + description: Defines the color to use when showing added lines in diffs + env: [{name: ANSIBLE_COLOR_DIFF_ADD}] + ini: + - {key: diff_add, section: colors} + yaml: {key: display.colors.diff.add} +COLOR_DIFF_LINES: + <<: *color + name: Color for diff lines display + default: cyan + description: Defines the color to use when showing diffs + env: [{name: ANSIBLE_COLOR_DIFF_LINES}] + ini: + - {key: diff_lines, section: colors} +COLOR_DIFF_REMOVE: + <<: *color + name: Color for diff removed display + default: red + description: Defines the color to use when showing removed lines in diffs + env: [{name: ANSIBLE_COLOR_DIFF_REMOVE}] + ini: + - {key: diff_remove, section: colors} +COLOR_ERROR: + <<: *color + name: Color for error messages + default: red + description: Defines the color to use when emitting error messages + env: [{name: ANSIBLE_COLOR_ERROR}] + ini: + - {key: error, section: colors} + yaml: {key: colors.error} +COLOR_HIGHLIGHT: + <<: *color + name: Color for highlighting + default: white + description: Defines the color to use for highlighting + env: [{name: ANSIBLE_COLOR_HIGHLIGHT}] + ini: + - {key: highlight, section: colors} +COLOR_OK: + <<: *color + name: Color for 'ok' task status + default: green + description: Defines the color to use when showing 'OK' task status + env: [{name: ANSIBLE_COLOR_OK}] + ini: + - {key: ok, section: colors} +COLOR_SKIP: + <<: *color + name: Color for 'skip' task status + default: cyan + description: Defines the color to use when showing 'Skipped' task status + env: [{name: ANSIBLE_COLOR_SKIP}] + ini: + - {key: skip, section: colors} +COLOR_UNREACHABLE: + <<: *color + name: Color for 'unreachable' host state + default: bright red + description: Defines the color to use on 'Unreachable' status + env: [{name: ANSIBLE_COLOR_UNREACHABLE}] + ini: + - {key: unreachable, section: colors} +COLOR_VERBOSE: + <<: *color + name: Color for verbose messages + default: blue + description: Defines the color to use when emitting verbose messages. i.e those that show with '-v's. + env: [{name: ANSIBLE_COLOR_VERBOSE}] + ini: + - {key: verbose, section: colors} +COLOR_WARN: + <<: *color + name: Color for warning messages + default: bright purple + description: Defines the color to use when emitting warning messages + env: [{name: ANSIBLE_COLOR_WARN}] + ini: + - {key: warn, section: colors} +CONNECTION_PASSWORD_FILE: + name: Connection password file + default: ~ + description: 'The password file to use for the connection plugin. --connection-password-file.' + env: [{name: ANSIBLE_CONNECTION_PASSWORD_FILE}] + ini: + - {key: connection_password_file, section: defaults} + type: path + version_added: '2.12' +COVERAGE_REMOTE_OUTPUT: + name: Sets the output directory and filename prefix to generate coverage run info. + description: + - Sets the output directory on the remote host to generate coverage reports to. + - Currently only used for remote coverage on PowerShell modules. + - This is for internal use only. + env: + - {name: _ANSIBLE_COVERAGE_REMOTE_OUTPUT} + vars: + - {name: _ansible_coverage_remote_output} + type: str + version_added: '2.9' +COVERAGE_REMOTE_PATHS: + name: Sets the list of paths to run coverage for. + description: + - A list of paths for files on the Ansible controller to run coverage for when executing on the remote host. + - Only files that match the path glob will have its coverage collected. + - Multiple path globs can be specified and are separated by ``:``. + - Currently only used for remote coverage on PowerShell modules. + - This is for internal use only. + default: '*' + env: + - {name: _ANSIBLE_COVERAGE_REMOTE_PATH_FILTER} + type: str + version_added: '2.9' +ACTION_WARNINGS: + name: Toggle action warnings + default: True + description: + - By default Ansible will issue a warning when received from a task action (module or action plugin) + - These warnings can be silenced by adjusting this setting to False. + env: [{name: ANSIBLE_ACTION_WARNINGS}] + ini: + - {key: action_warnings, section: defaults} + type: boolean + version_added: "2.5" +LOCALHOST_WARNING: + name: Warning when using implicit inventory with only localhost + default: True + description: + - By default Ansible will issue a warning when there are no hosts in the + inventory. + - These warnings can be silenced by adjusting this setting to False. + env: [{name: ANSIBLE_LOCALHOST_WARNING}] + ini: + - {key: localhost_warning, section: defaults} + type: boolean + version_added: "2.6" +INVENTORY_UNPARSED_WARNING: + name: Warning when no inventory files can be parsed, resulting in an implicit inventory with only localhost + default: True + description: + - By default Ansible will issue a warning when no inventory was loaded and notes that + it will use an implicit localhost-only inventory. + - These warnings can be silenced by adjusting this setting to False. + env: [{name: ANSIBLE_INVENTORY_UNPARSED_WARNING}] + ini: + - {key: inventory_unparsed_warning, section: inventory} + type: boolean + version_added: "2.14" +DOC_FRAGMENT_PLUGIN_PATH: + name: documentation fragment plugins path + default: '{{ ANSIBLE_HOME ~ "/plugins/doc_fragments:/usr/share/ansible/plugins/doc_fragments" }}' + description: Colon separated paths in which Ansible will search for Documentation Fragments Plugins. + env: [{name: ANSIBLE_DOC_FRAGMENT_PLUGINS}] + ini: + - {key: doc_fragment_plugins, section: defaults} + type: pathspec +DEFAULT_ACTION_PLUGIN_PATH: + name: Action plugins path + default: '{{ ANSIBLE_HOME ~ "/plugins/action:/usr/share/ansible/plugins/action" }}' + description: Colon separated paths in which Ansible will search for Action Plugins. + env: [{name: ANSIBLE_ACTION_PLUGINS}] + ini: + - {key: action_plugins, section: defaults} + type: pathspec + yaml: {key: plugins.action.path} +DEFAULT_ALLOW_UNSAFE_LOOKUPS: + name: Allow unsafe lookups + default: False + description: + - "When enabled, this option allows lookup plugins (whether used in variables as ``{{lookup('foo')}}`` or as a loop as with_foo) + to return data that is not marked 'unsafe'." + - By default, such data is marked as unsafe to prevent the templating engine from evaluating any jinja2 templating language, + as this could represent a security risk. This option is provided to allow for backward compatibility, + however users should first consider adding allow_unsafe=True to any lookups which may be expected to contain data which may be run + through the templating engine late + env: [] + ini: + - {key: allow_unsafe_lookups, section: defaults} + type: boolean + version_added: "2.2.3" +DEFAULT_ASK_PASS: + name: Ask for the login password + default: False + description: + - This controls whether an Ansible playbook should prompt for a login password. + If using SSH keys for authentication, you probably do not need to change this setting. + env: [{name: ANSIBLE_ASK_PASS}] + ini: + - {key: ask_pass, section: defaults} + type: boolean + yaml: {key: defaults.ask_pass} +DEFAULT_ASK_VAULT_PASS: + name: Ask for the vault password(s) + default: False + description: + - This controls whether an Ansible playbook should prompt for a vault password. + env: [{name: ANSIBLE_ASK_VAULT_PASS}] + ini: + - {key: ask_vault_pass, section: defaults} + type: boolean +DEFAULT_BECOME: + name: Enable privilege escalation (become) + default: False + description: Toggles the use of privilege escalation, allowing you to 'become' another user after login. + env: [{name: ANSIBLE_BECOME}] + ini: + - {key: become, section: privilege_escalation} + type: boolean +DEFAULT_BECOME_ASK_PASS: + name: Ask for the privilege escalation (become) password + default: False + description: Toggle to prompt for privilege escalation password. + env: [{name: ANSIBLE_BECOME_ASK_PASS}] + ini: + - {key: become_ask_pass, section: privilege_escalation} + type: boolean +DEFAULT_BECOME_METHOD: + name: Choose privilege escalation method + default: 'sudo' + description: Privilege escalation method to use when `become` is enabled. + env: [{name: ANSIBLE_BECOME_METHOD}] + ini: + - {section: privilege_escalation, key: become_method} +DEFAULT_BECOME_EXE: + name: Choose 'become' executable + default: ~ + description: 'executable to use for privilege escalation, otherwise Ansible will depend on PATH' + env: [{name: ANSIBLE_BECOME_EXE}] + ini: + - {key: become_exe, section: privilege_escalation} +DEFAULT_BECOME_FLAGS: + name: Set 'become' executable options + default: ~ + description: Flags to pass to the privilege escalation executable. + env: [{name: ANSIBLE_BECOME_FLAGS}] + ini: + - {key: become_flags, section: privilege_escalation} +BECOME_PLUGIN_PATH: + name: Become plugins path + default: '{{ ANSIBLE_HOME ~ "/plugins/become:/usr/share/ansible/plugins/become" }}' + description: Colon separated paths in which Ansible will search for Become Plugins. + env: [{name: ANSIBLE_BECOME_PLUGINS}] + ini: + - {key: become_plugins, section: defaults} + type: pathspec + version_added: "2.8" +DEFAULT_BECOME_USER: + # FIXME: should really be blank and make -u passing optional depending on it + name: Set the user you 'become' via privilege escalation + default: root + description: The user your login/remote user 'becomes' when using privilege escalation, most systems will use 'root' when no user is specified. + env: [{name: ANSIBLE_BECOME_USER}] + ini: + - {key: become_user, section: privilege_escalation} + yaml: {key: become.user} +DEFAULT_CACHE_PLUGIN_PATH: + name: Cache Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/cache:/usr/share/ansible/plugins/cache" }}' + description: Colon separated paths in which Ansible will search for Cache Plugins. + env: [{name: ANSIBLE_CACHE_PLUGINS}] + ini: + - {key: cache_plugins, section: defaults} + type: pathspec +DEFAULT_CALLBACK_PLUGIN_PATH: + name: Callback Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/callback:/usr/share/ansible/plugins/callback" }}' + description: Colon separated paths in which Ansible will search for Callback Plugins. + env: [{name: ANSIBLE_CALLBACK_PLUGINS}] + ini: + - {key: callback_plugins, section: defaults} + type: pathspec + yaml: {key: plugins.callback.path} +CALLBACKS_ENABLED: + name: Enable callback plugins that require it. + default: [] + description: + - "List of enabled callbacks, not all callbacks need enabling, + but many of those shipped with Ansible do as we don't want them activated by default." + env: + - name: ANSIBLE_CALLBACK_WHITELIST + deprecated: + why: normalizing names to new standard + version: "2.15" + alternatives: 'ANSIBLE_CALLBACKS_ENABLED' + - name: ANSIBLE_CALLBACKS_ENABLED + version_added: '2.11' + ini: + - key: callback_whitelist + section: defaults + deprecated: + why: normalizing names to new standard + version: "2.15" + alternatives: 'callbacks_enabled' + - key: callbacks_enabled + section: defaults + version_added: '2.11' + type: list +DEFAULT_CLICONF_PLUGIN_PATH: + name: Cliconf Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/cliconf:/usr/share/ansible/plugins/cliconf" }}' + description: Colon separated paths in which Ansible will search for Cliconf Plugins. + env: [{name: ANSIBLE_CLICONF_PLUGINS}] + ini: + - {key: cliconf_plugins, section: defaults} + type: pathspec +DEFAULT_CONNECTION_PLUGIN_PATH: + name: Connection Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/connection:/usr/share/ansible/plugins/connection" }}' + description: Colon separated paths in which Ansible will search for Connection Plugins. + env: [{name: ANSIBLE_CONNECTION_PLUGINS}] + ini: + - {key: connection_plugins, section: defaults} + type: pathspec + yaml: {key: plugins.connection.path} +DEFAULT_DEBUG: + name: Debug mode + default: False + description: + - "Toggles debug output in Ansible. This is *very* verbose and can hinder + multiprocessing. Debug output can also include secret information + despite no_log settings being enabled, which means debug mode should not be used in + production." + env: [{name: ANSIBLE_DEBUG}] + ini: + - {key: debug, section: defaults} + type: boolean +DEFAULT_EXECUTABLE: + name: Target shell executable + default: /bin/sh + description: + - "This indicates the command to use to spawn a shell under for Ansible's execution needs on a target. + Users may need to change this in rare instances when shell usage is constrained, but in most cases it may be left as is." + env: [{name: ANSIBLE_EXECUTABLE}] + ini: + - {key: executable, section: defaults} +DEFAULT_FACT_PATH: + name: local fact path + description: + - "This option allows you to globally configure a custom path for 'local_facts' for the implied :ref:`ansible_collections.ansible.builtin.setup_module` task when using fact gathering." + - "If not set, it will fallback to the default from the ``ansible.builtin.setup`` module: ``/etc/ansible/facts.d``." + - "This does **not** affect user defined tasks that use the ``ansible.builtin.setup`` module." + - The real action being created by the implicit task is currently ``ansible.legacy.gather_facts`` module, which then calls the configured fact modules, + by default this will be ``ansible.builtin.setup`` for POSIX systems but other platforms might have different defaults. + env: [{name: ANSIBLE_FACT_PATH}] + ini: + - {key: fact_path, section: defaults} + type: string + deprecated: + # TODO: when removing set playbook/play.py to default=None + why: the module_defaults keyword is a more generic version and can apply to all calls to the + M(ansible.builtin.gather_facts) or M(ansible.builtin.setup) actions + version: "2.18" + alternatives: module_defaults +DEFAULT_FILTER_PLUGIN_PATH: + name: Jinja2 Filter Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/filter:/usr/share/ansible/plugins/filter" }}' + description: Colon separated paths in which Ansible will search for Jinja2 Filter Plugins. + env: [{name: ANSIBLE_FILTER_PLUGINS}] + ini: + - {key: filter_plugins, section: defaults} + type: pathspec +DEFAULT_FORCE_HANDLERS: + name: Force handlers to run after failure + default: False + description: + - This option controls if notified handlers run on a host even if a failure occurs on that host. + - When false, the handlers will not run if a failure has occurred on a host. + - This can also be set per play or on the command line. See Handlers and Failure for more details. + env: [{name: ANSIBLE_FORCE_HANDLERS}] + ini: + - {key: force_handlers, section: defaults} + type: boolean + version_added: "1.9.1" +DEFAULT_FORKS: + name: Number of task forks + default: 5 + description: Maximum number of forks Ansible will use to execute tasks on target hosts. + env: [{name: ANSIBLE_FORKS}] + ini: + - {key: forks, section: defaults} + type: integer +DEFAULT_GATHERING: + name: Gathering behaviour + default: 'implicit' + description: + - This setting controls the default policy of fact gathering (facts discovered about remote systems). + - "This option can be useful for those wishing to save fact gathering time. Both 'smart' and 'explicit' will use the cache plugin." + env: [{name: ANSIBLE_GATHERING}] + ini: + - key: gathering + section: defaults + version_added: "1.6" + choices: + implicit: "the cache plugin will be ignored and facts will be gathered per play unless 'gather_facts: False' is set." + explicit: facts will not be gathered unless directly requested in the play. + smart: each new host that has no facts discovered will be scanned, but if the same host is addressed in multiple plays it will not be contacted again in the run. +DEFAULT_GATHER_SUBSET: + name: Gather facts subset + description: + - Set the `gather_subset` option for the :ref:`ansible_collections.ansible.builtin.setup_module` task in the implicit fact gathering. + See the module documentation for specifics. + - "It does **not** apply to user defined ``ansible.builtin.setup`` tasks." + env: [{name: ANSIBLE_GATHER_SUBSET}] + ini: + - key: gather_subset + section: defaults + version_added: "2.1" + type: list + deprecated: + # TODO: when removing set playbook/play.py to default=None + why: the module_defaults keyword is a more generic version and can apply to all calls to the + M(ansible.builtin.gather_facts) or M(ansible.builtin.setup) actions + version: "2.18" + alternatives: module_defaults +DEFAULT_GATHER_TIMEOUT: + name: Gather facts timeout + description: + - Set the timeout in seconds for the implicit fact gathering, see the module documentation for specifics. + - "It does **not** apply to user defined :ref:`ansible_collections.ansible.builtin.setup_module` tasks." + env: [{name: ANSIBLE_GATHER_TIMEOUT}] + ini: + - {key: gather_timeout, section: defaults} + type: integer + deprecated: + # TODO: when removing set playbook/play.py to default=None + why: the module_defaults keyword is a more generic version and can apply to all calls to the + M(ansible.builtin.gather_facts) or M(ansible.builtin.setup) actions + version: "2.18" + alternatives: module_defaults +DEFAULT_HASH_BEHAVIOUR: + name: Hash merge behaviour + default: replace + type: string + choices: + replace: Any variable that is defined more than once is overwritten using the order from variable precedence rules (highest wins). + merge: Any dictionary variable will be recursively merged with new definitions across the different variable definition sources. + description: + - This setting controls how duplicate definitions of dictionary variables (aka hash, map, associative array) are handled in Ansible. + - This does not affect variables whose values are scalars (integers, strings) or arrays. + - "**WARNING**, changing this setting is not recommended as this is fragile and makes your content (plays, roles, collections) non portable, + leading to continual confusion and misuse. Don't change this setting unless you think you have an absolute need for it." + - We recommend avoiding reusing variable names and relying on the ``combine`` filter and ``vars`` and ``varnames`` lookups + to create merged versions of the individual variables. In our experience this is rarely really needed and a sign that too much + complexity has been introduced into the data structures and plays. + - For some uses you can also look into custom vars_plugins to merge on input, even substituting the default ``host_group_vars`` + that is in charge of parsing the ``host_vars/`` and ``group_vars/`` directories. Most users of this setting are only interested in inventory scope, + but the setting itself affects all sources and makes debugging even harder. + - All playbooks and roles in the official examples repos assume the default for this setting. + - Changing the setting to ``merge`` applies across variable sources, but many sources will internally still overwrite the variables. + For example ``include_vars`` will dedupe variables internally before updating Ansible, with 'last defined' overwriting previous definitions in same file. + - The Ansible project recommends you **avoid ``merge`` for new projects.** + - It is the intention of the Ansible developers to eventually deprecate and remove this setting, but it is being kept as some users do heavily rely on it. + New projects should **avoid 'merge'**. + env: [{name: ANSIBLE_HASH_BEHAVIOUR}] + ini: + - {key: hash_behaviour, section: defaults} +DEFAULT_HOST_LIST: + name: Inventory Source + default: /etc/ansible/hosts + description: Comma separated list of Ansible inventory sources + env: + - name: ANSIBLE_INVENTORY + expand_relative_paths: True + ini: + - key: inventory + section: defaults + type: pathlist + yaml: {key: defaults.inventory} +DEFAULT_HTTPAPI_PLUGIN_PATH: + name: HttpApi Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/httpapi:/usr/share/ansible/plugins/httpapi" }}' + description: Colon separated paths in which Ansible will search for HttpApi Plugins. + env: [{name: ANSIBLE_HTTPAPI_PLUGINS}] + ini: + - {key: httpapi_plugins, section: defaults} + type: pathspec +DEFAULT_INTERNAL_POLL_INTERVAL: + name: Internal poll interval + default: 0.001 + env: [] + ini: + - {key: internal_poll_interval, section: defaults} + type: float + version_added: "2.2" + description: + - This sets the interval (in seconds) of Ansible internal processes polling each other. + Lower values improve performance with large playbooks at the expense of extra CPU load. + Higher values are more suitable for Ansible usage in automation scenarios, + when UI responsiveness is not required but CPU usage might be a concern. + - "The default corresponds to the value hardcoded in Ansible <= 2.1" +DEFAULT_INVENTORY_PLUGIN_PATH: + name: Inventory Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/inventory:/usr/share/ansible/plugins/inventory" }}' + description: Colon separated paths in which Ansible will search for Inventory Plugins. + env: [{name: ANSIBLE_INVENTORY_PLUGINS}] + ini: + - {key: inventory_plugins, section: defaults} + type: pathspec +DEFAULT_JINJA2_EXTENSIONS: + name: Enabled Jinja2 extensions + default: [] + description: + - This is a developer-specific feature that allows enabling additional Jinja2 extensions. + - "See the Jinja2 documentation for details. If you do not know what these do, you probably don't need to change this setting :)" + env: [{name: ANSIBLE_JINJA2_EXTENSIONS}] + ini: + - {key: jinja2_extensions, section: defaults} +DEFAULT_JINJA2_NATIVE: + name: Use Jinja2's NativeEnvironment for templating + default: False + description: This option preserves variable types during template operations. + env: [{name: ANSIBLE_JINJA2_NATIVE}] + ini: + - {key: jinja2_native, section: defaults} + type: boolean + yaml: {key: jinja2_native} + version_added: 2.7 +DEFAULT_KEEP_REMOTE_FILES: + name: Keep remote files + default: False + description: + - Enables/disables the cleaning up of the temporary files Ansible used to execute the tasks on the remote. + - If this option is enabled it will disable ``ANSIBLE_PIPELINING``. + env: [{name: ANSIBLE_KEEP_REMOTE_FILES}] + ini: + - {key: keep_remote_files, section: defaults} + type: boolean +DEFAULT_LIBVIRT_LXC_NOSECLABEL: + # TODO: move to plugin + name: No security label on Lxc + default: False + description: + - "This setting causes libvirt to connect to lxc containers by passing --noseclabel to virsh. + This is necessary when running on systems which do not have SELinux." + env: + - name: ANSIBLE_LIBVIRT_LXC_NOSECLABEL + ini: + - {key: libvirt_lxc_noseclabel, section: selinux} + type: boolean + version_added: "2.1" +DEFAULT_LOAD_CALLBACK_PLUGINS: + name: Load callbacks for adhoc + default: False + description: + - Controls whether callback plugins are loaded when running /usr/bin/ansible. + This may be used to log activity from the command line, send notifications, and so on. + Callback plugins are always loaded for ``ansible-playbook``. + env: [{name: ANSIBLE_LOAD_CALLBACK_PLUGINS}] + ini: + - {key: bin_ansible_callbacks, section: defaults} + type: boolean + version_added: "1.8" +DEFAULT_LOCAL_TMP: + name: Controller temporary directory + default: '{{ ANSIBLE_HOME ~ "/tmp" }}' + description: Temporary directory for Ansible to use on the controller. + env: [{name: ANSIBLE_LOCAL_TEMP}] + ini: + - {key: local_tmp, section: defaults} + type: tmppath +DEFAULT_LOG_PATH: + name: Ansible log file path + default: ~ + description: File to which Ansible will log on the controller. When empty logging is disabled. + env: [{name: ANSIBLE_LOG_PATH}] + ini: + - {key: log_path, section: defaults} + type: path +DEFAULT_LOG_FILTER: + name: Name filters for python logger + default: [] + description: List of logger names to filter out of the log file + env: [{name: ANSIBLE_LOG_FILTER}] + ini: + - {key: log_filter, section: defaults} + type: list +DEFAULT_LOOKUP_PLUGIN_PATH: + name: Lookup Plugins Path + description: Colon separated paths in which Ansible will search for Lookup Plugins. + default: '{{ ANSIBLE_HOME ~ "/plugins/lookup:/usr/share/ansible/plugins/lookup" }}' + env: [{name: ANSIBLE_LOOKUP_PLUGINS}] + ini: + - {key: lookup_plugins, section: defaults} + type: pathspec + yaml: {key: defaults.lookup_plugins} +DEFAULT_MANAGED_STR: + name: Ansible managed + default: 'Ansible managed' + description: Sets the macro for the 'ansible_managed' variable available for :ref:`ansible_collections.ansible.builtin.template_module` and :ref:`ansible_collections.ansible.windows.win_template_module`. This is only relevant for those two modules. + env: [] + ini: + - {key: ansible_managed, section: defaults} + yaml: {key: defaults.ansible_managed} +DEFAULT_MODULE_ARGS: + name: Adhoc default arguments + default: ~ + description: + - This sets the default arguments to pass to the ``ansible`` adhoc binary if no ``-a`` is specified. + env: [{name: ANSIBLE_MODULE_ARGS}] + ini: + - {key: module_args, section: defaults} +DEFAULT_MODULE_COMPRESSION: + name: Python module compression + default: ZIP_DEFLATED + description: Compression scheme to use when transferring Python modules to the target. + env: [] + ini: + - {key: module_compression, section: defaults} +# vars: +# - name: ansible_module_compression +DEFAULT_MODULE_NAME: + name: Default adhoc module + default: command + description: "Module to use with the ``ansible`` AdHoc command, if none is specified via ``-m``." + env: [] + ini: + - {key: module_name, section: defaults} +DEFAULT_MODULE_PATH: + name: Modules Path + description: Colon separated paths in which Ansible will search for Modules. + default: '{{ ANSIBLE_HOME ~ "/plugins/modules:/usr/share/ansible/plugins/modules" }}' + env: [{name: ANSIBLE_LIBRARY}] + ini: + - {key: library, section: defaults} + type: pathspec +DEFAULT_MODULE_UTILS_PATH: + name: Module Utils Path + description: Colon separated paths in which Ansible will search for Module utils files, which are shared by modules. + default: '{{ ANSIBLE_HOME ~ "/plugins/module_utils:/usr/share/ansible/plugins/module_utils" }}' + env: [{name: ANSIBLE_MODULE_UTILS}] + ini: + - {key: module_utils, section: defaults} + type: pathspec +DEFAULT_NETCONF_PLUGIN_PATH: + name: Netconf Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/netconf:/usr/share/ansible/plugins/netconf" }}' + description: Colon separated paths in which Ansible will search for Netconf Plugins. + env: [{name: ANSIBLE_NETCONF_PLUGINS}] + ini: + - {key: netconf_plugins, section: defaults} + type: pathspec +DEFAULT_NO_LOG: + name: No log + default: False + description: "Toggle Ansible's display and logging of task details, mainly used to avoid security disclosures." + env: [{name: ANSIBLE_NO_LOG}] + ini: + - {key: no_log, section: defaults} + type: boolean +DEFAULT_NO_TARGET_SYSLOG: + name: No syslog on target + default: False + description: + - Toggle Ansible logging to syslog on the target when it executes tasks. On Windows hosts this will disable a newer + style PowerShell modules from writing to the event log. + env: [{name: ANSIBLE_NO_TARGET_SYSLOG}] + ini: + - {key: no_target_syslog, section: defaults} + vars: + - name: ansible_no_target_syslog + version_added: '2.10' + type: boolean + yaml: {key: defaults.no_target_syslog} +DEFAULT_NULL_REPRESENTATION: + name: Represent a null + default: ~ + description: What templating should return as a 'null' value. When not set it will let Jinja2 decide. + env: [{name: ANSIBLE_NULL_REPRESENTATION}] + ini: + - {key: null_representation, section: defaults} + type: raw +DEFAULT_POLL_INTERVAL: + name: Async poll interval + default: 15 + description: + - For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), + this is how often to check back on the status of those tasks when an explicit poll interval is not supplied. + The default is a reasonably moderate 15 seconds which is a tradeoff between checking in frequently and + providing a quick turnaround when something may have completed. + env: [{name: ANSIBLE_POLL_INTERVAL}] + ini: + - {key: poll_interval, section: defaults} + type: integer +DEFAULT_PRIVATE_KEY_FILE: + name: Private key file + default: ~ + description: + - Option for connections using a certificate or key file to authenticate, rather than an agent or passwords, + you can set the default value here to avoid re-specifying --private-key with every invocation. + env: [{name: ANSIBLE_PRIVATE_KEY_FILE}] + ini: + - {key: private_key_file, section: defaults} + type: path +DEFAULT_PRIVATE_ROLE_VARS: + name: Private role variables + default: False + description: + - Makes role variables inaccessible from other roles. + - This was introduced as a way to reset role variables to default values if + a role is used more than once in a playbook. + env: [{name: ANSIBLE_PRIVATE_ROLE_VARS}] + ini: + - {key: private_role_vars, section: defaults} + type: boolean + yaml: {key: defaults.private_role_vars} +DEFAULT_REMOTE_PORT: + name: Remote port + default: ~ + description: Port to use in remote connections, when blank it will use the connection plugin default. + env: [{name: ANSIBLE_REMOTE_PORT}] + ini: + - {key: remote_port, section: defaults} + type: integer + yaml: {key: defaults.remote_port} +DEFAULT_REMOTE_USER: + name: Login/Remote User + description: + - Sets the login user for the target machines + - "When blank it uses the connection plugin's default, normally the user currently executing Ansible." + env: [{name: ANSIBLE_REMOTE_USER}] + ini: + - {key: remote_user, section: defaults} +DEFAULT_ROLES_PATH: + name: Roles path + default: '{{ ANSIBLE_HOME ~ "/roles:/usr/share/ansible/roles:/etc/ansible/roles" }}' + description: Colon separated paths in which Ansible will search for Roles. + env: [{name: ANSIBLE_ROLES_PATH}] + expand_relative_paths: True + ini: + - {key: roles_path, section: defaults} + type: pathspec + yaml: {key: defaults.roles_path} +DEFAULT_SELINUX_SPECIAL_FS: + name: Problematic file systems + default: fuse, nfs, vboxsf, ramfs, 9p, vfat + description: + - "Some filesystems do not support safe operations and/or return inconsistent errors, + this setting makes Ansible 'tolerate' those in the list w/o causing fatal errors." + - Data corruption may occur and writes are not always verified when a filesystem is in the list. + env: + - name: ANSIBLE_SELINUX_SPECIAL_FS + version_added: "2.9" + ini: + - {key: special_context_filesystems, section: selinux} + type: list +DEFAULT_STDOUT_CALLBACK: + name: Main display callback plugin + default: default + description: + - "Set the main callback used to display Ansible output. You can only have one at a time." + - You can have many other callbacks, but just one can be in charge of stdout. + - See :ref:`callback_plugins` for a list of available options. + env: [{name: ANSIBLE_STDOUT_CALLBACK}] + ini: + - {key: stdout_callback, section: defaults} +ENABLE_TASK_DEBUGGER: + name: Whether to enable the task debugger + default: False + description: + - Whether or not to enable the task debugger, this previously was done as a strategy plugin. + - Now all strategy plugins can inherit this behavior. The debugger defaults to activating when + - a task is failed on unreachable. Use the debugger keyword for more flexibility. + type: boolean + env: [{name: ANSIBLE_ENABLE_TASK_DEBUGGER}] + ini: + - {key: enable_task_debugger, section: defaults} + version_added: "2.5" +TASK_DEBUGGER_IGNORE_ERRORS: + name: Whether a failed task with ignore_errors=True will still invoke the debugger + default: True + description: + - This option defines whether the task debugger will be invoked on a failed task when ignore_errors=True + is specified. + - True specifies that the debugger will honor ignore_errors, False will not honor ignore_errors. + type: boolean + env: [{name: ANSIBLE_TASK_DEBUGGER_IGNORE_ERRORS}] + ini: + - {key: task_debugger_ignore_errors, section: defaults} + version_added: "2.7" +DEFAULT_STRATEGY: + name: Implied strategy + default: 'linear' + description: Set the default strategy used for plays. + env: [{name: ANSIBLE_STRATEGY}] + ini: + - {key: strategy, section: defaults} + version_added: "2.3" +DEFAULT_STRATEGY_PLUGIN_PATH: + name: Strategy Plugins Path + description: Colon separated paths in which Ansible will search for Strategy Plugins. + default: '{{ ANSIBLE_HOME ~ "/plugins/strategy:/usr/share/ansible/plugins/strategy" }}' + env: [{name: ANSIBLE_STRATEGY_PLUGINS}] + ini: + - {key: strategy_plugins, section: defaults} + type: pathspec +DEFAULT_SU: + default: False + description: 'Toggle the use of "su" for tasks.' + env: [{name: ANSIBLE_SU}] + ini: + - {key: su, section: defaults} + type: boolean + yaml: {key: defaults.su} +DEFAULT_SYSLOG_FACILITY: + name: syslog facility + default: LOG_USER + description: Syslog facility to use when Ansible logs to the remote target + env: [{name: ANSIBLE_SYSLOG_FACILITY}] + ini: + - {key: syslog_facility, section: defaults} +DEFAULT_TERMINAL_PLUGIN_PATH: + name: Terminal Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/terminal:/usr/share/ansible/plugins/terminal" }}' + description: Colon separated paths in which Ansible will search for Terminal Plugins. + env: [{name: ANSIBLE_TERMINAL_PLUGINS}] + ini: + - {key: terminal_plugins, section: defaults} + type: pathspec +DEFAULT_TEST_PLUGIN_PATH: + name: Jinja2 Test Plugins Path + description: Colon separated paths in which Ansible will search for Jinja2 Test Plugins. + default: '{{ ANSIBLE_HOME ~ "/plugins/test:/usr/share/ansible/plugins/test" }}' + env: [{name: ANSIBLE_TEST_PLUGINS}] + ini: + - {key: test_plugins, section: defaults} + type: pathspec +DEFAULT_TIMEOUT: + name: Connection timeout + default: 10 + description: This is the default timeout for connection plugins to use. + env: [{name: ANSIBLE_TIMEOUT}] + ini: + - {key: timeout, section: defaults} + type: integer +DEFAULT_TRANSPORT: + # note that ssh_utils refs this and needs to be updated if removed + name: Connection plugin + default: smart + description: "Default connection plugin to use, the 'smart' option will toggle between 'ssh' and 'paramiko' depending on controller OS and ssh versions" + env: [{name: ANSIBLE_TRANSPORT}] + ini: + - {key: transport, section: defaults} +DEFAULT_UNDEFINED_VAR_BEHAVIOR: + name: Jinja2 fail on undefined + default: True + version_added: "1.3" + description: + - When True, this causes ansible templating to fail steps that reference variable names that are likely typoed. + - "Otherwise, any '{{ template_expression }}' that contains undefined variables will be rendered in a template or ansible action line exactly as written." + env: [{name: ANSIBLE_ERROR_ON_UNDEFINED_VARS}] + ini: + - {key: error_on_undefined_vars, section: defaults} + type: boolean +DEFAULT_VARS_PLUGIN_PATH: + name: Vars Plugins Path + default: '{{ ANSIBLE_HOME ~ "/plugins/vars:/usr/share/ansible/plugins/vars" }}' + description: Colon separated paths in which Ansible will search for Vars Plugins. + env: [{name: ANSIBLE_VARS_PLUGINS}] + ini: + - {key: vars_plugins, section: defaults} + type: pathspec +# TODO: unused? +#DEFAULT_VAR_COMPRESSION_LEVEL: +# default: 0 +# description: 'TODO: write it' +# env: [{name: ANSIBLE_VAR_COMPRESSION_LEVEL}] +# ini: +# - {key: var_compression_level, section: defaults} +# type: integer +# yaml: {key: defaults.var_compression_level} +DEFAULT_VAULT_ID_MATCH: + name: Force vault id match + default: False + description: 'If true, decrypting vaults with a vault id will only try the password from the matching vault-id' + env: [{name: ANSIBLE_VAULT_ID_MATCH}] + ini: + - {key: vault_id_match, section: defaults} + yaml: {key: defaults.vault_id_match} +DEFAULT_VAULT_IDENTITY: + name: Vault id label + default: default + description: 'The label to use for the default vault id label in cases where a vault id label is not provided' + env: [{name: ANSIBLE_VAULT_IDENTITY}] + ini: + - {key: vault_identity, section: defaults} + yaml: {key: defaults.vault_identity} +DEFAULT_VAULT_ENCRYPT_IDENTITY: + name: Vault id to use for encryption + description: 'The vault_id to use for encrypting by default. If multiple vault_ids are provided, this specifies which to use for encryption. The --encrypt-vault-id cli option overrides the configured value.' + env: [{name: ANSIBLE_VAULT_ENCRYPT_IDENTITY}] + ini: + - {key: vault_encrypt_identity, section: defaults} + yaml: {key: defaults.vault_encrypt_identity} +DEFAULT_VAULT_IDENTITY_LIST: + name: Default vault ids + default: [] + description: 'A list of vault-ids to use by default. Equivalent to multiple --vault-id args. Vault-ids are tried in order.' + env: [{name: ANSIBLE_VAULT_IDENTITY_LIST}] + ini: + - {key: vault_identity_list, section: defaults} + type: list + yaml: {key: defaults.vault_identity_list} +DEFAULT_VAULT_PASSWORD_FILE: + name: Vault password file + default: ~ + description: + - 'The vault password file to use. Equivalent to --vault-password-file or --vault-id' + - If executable, it will be run and the resulting stdout will be used as the password. + env: [{name: ANSIBLE_VAULT_PASSWORD_FILE}] + ini: + - {key: vault_password_file, section: defaults} + type: path + yaml: {key: defaults.vault_password_file} +DEFAULT_VERBOSITY: + name: Verbosity + default: 0 + description: Sets the default verbosity, equivalent to the number of ``-v`` passed in the command line. + env: [{name: ANSIBLE_VERBOSITY}] + ini: + - {key: verbosity, section: defaults} + type: integer +DEPRECATION_WARNINGS: + name: Deprecation messages + default: True + description: "Toggle to control the showing of deprecation warnings" + env: [{name: ANSIBLE_DEPRECATION_WARNINGS}] + ini: + - {key: deprecation_warnings, section: defaults} + type: boolean +DEVEL_WARNING: + name: Running devel warning + default: True + description: Toggle to control showing warnings related to running devel + env: [{name: ANSIBLE_DEVEL_WARNING}] + ini: + - {key: devel_warning, section: defaults} + type: boolean +DIFF_ALWAYS: + name: Show differences + default: False + description: Configuration toggle to tell modules to show differences when in 'changed' status, equivalent to ``--diff``. + env: [{name: ANSIBLE_DIFF_ALWAYS}] + ini: + - {key: always, section: diff} + type: bool +DIFF_CONTEXT: + name: Difference context + default: 3 + description: How many lines of context to show when displaying the differences between files. + env: [{name: ANSIBLE_DIFF_CONTEXT}] + ini: + - {key: context, section: diff} + type: integer +DISPLAY_ARGS_TO_STDOUT: + name: Show task arguments + default: False + description: + - "Normally ``ansible-playbook`` will print a header for each task that is run. + These headers will contain the name: field from the task if you specified one. + If you didn't then ``ansible-playbook`` uses the task's action to help you tell which task is presently running. + Sometimes you run many of the same action and so you want more information about the task to differentiate it from others of the same action. + If you set this variable to True in the config then ``ansible-playbook`` will also include the task's arguments in the header." + - "This setting defaults to False because there is a chance that you have sensitive values in your parameters and + you do not want those to be printed." + - "If you set this to True you should be sure that you have secured your environment's stdout + (no one can shoulder surf your screen and you aren't saving stdout to an insecure file) or + made sure that all of your playbooks explicitly added the ``no_log: True`` parameter to tasks which have sensitive values + See How do I keep secret data in my playbook? for more information." + env: [{name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT}] + ini: + - {key: display_args_to_stdout, section: defaults} + type: boolean + version_added: "2.1" +DISPLAY_SKIPPED_HOSTS: + name: Show skipped results + default: True + description: "Toggle to control displaying skipped task/host entries in a task in the default callback" + env: + - name: ANSIBLE_DISPLAY_SKIPPED_HOSTS + ini: + - {key: display_skipped_hosts, section: defaults} + type: boolean +DOCSITE_ROOT_URL: + name: Root docsite URL + default: https://docs.ansible.com/ansible-core/ + description: Root docsite URL used to generate docs URLs in warning/error text; + must be an absolute URL with valid scheme and trailing slash. + ini: + - {key: docsite_root_url, section: defaults} + version_added: "2.8" +DUPLICATE_YAML_DICT_KEY: + name: Controls ansible behaviour when finding duplicate keys in YAML. + default: warn + description: + - By default Ansible will issue a warning when a duplicate dict key is encountered in YAML. + - These warnings can be silenced by adjusting this setting to False. + env: [{name: ANSIBLE_DUPLICATE_YAML_DICT_KEY}] + ini: + - {key: duplicate_dict_key, section: defaults} + type: string + choices: &basic_error2 + error: issue a 'fatal' error and stop the play + warn: issue a warning but continue + ignore: just continue silently + version_added: "2.9" +ERROR_ON_MISSING_HANDLER: + name: Missing handler error + default: True + description: "Toggle to allow missing handlers to become a warning instead of an error when notifying." + env: [{name: ANSIBLE_ERROR_ON_MISSING_HANDLER}] + ini: + - {key: error_on_missing_handler, section: defaults} + type: boolean +CONNECTION_FACTS_MODULES: + name: Map of connections to fact modules + default: + # use ansible.legacy names on unqualified facts modules to allow library/ overrides + asa: ansible.legacy.asa_facts + cisco.asa.asa: cisco.asa.asa_facts + eos: ansible.legacy.eos_facts + arista.eos.eos: arista.eos.eos_facts + frr: ansible.legacy.frr_facts + frr.frr.frr: frr.frr.frr_facts + ios: ansible.legacy.ios_facts + cisco.ios.ios: cisco.ios.ios_facts + iosxr: ansible.legacy.iosxr_facts + cisco.iosxr.iosxr: cisco.iosxr.iosxr_facts + junos: ansible.legacy.junos_facts + junipernetworks.junos.junos: junipernetworks.junos.junos_facts + nxos: ansible.legacy.nxos_facts + cisco.nxos.nxos: cisco.nxos.nxos_facts + vyos: ansible.legacy.vyos_facts + vyos.vyos.vyos: vyos.vyos.vyos_facts + exos: ansible.legacy.exos_facts + extreme.exos.exos: extreme.exos.exos_facts + slxos: ansible.legacy.slxos_facts + extreme.slxos.slxos: extreme.slxos.slxos_facts + voss: ansible.legacy.voss_facts + extreme.voss.voss: extreme.voss.voss_facts + ironware: ansible.legacy.ironware_facts + community.network.ironware: community.network.ironware_facts + description: "Which modules to run during a play's fact gathering stage based on connection" + type: dict +FACTS_MODULES: + name: Gather Facts Modules + default: + - smart + description: + - "Which modules to run during a play's fact gathering stage, using the default of 'smart' will try to figure it out based on connection type." + - "If adding your own modules but you still want to use the default Ansible facts, you will want to include 'setup' + or corresponding network module to the list (if you add 'smart', Ansible will also figure it out)." + - "This does not affect explicit calls to the 'setup' module, but does always affect the 'gather_facts' action (implicit or explicit)." + env: [{name: ANSIBLE_FACTS_MODULES}] + ini: + - {key: facts_modules, section: defaults} + type: list + vars: + - name: ansible_facts_modules +GALAXY_IGNORE_CERTS: + name: Galaxy validate certs + description: + - If set to yes, ansible-galaxy will not validate TLS certificates. + This can be useful for testing against a server with a self-signed certificate. + env: [{name: ANSIBLE_GALAXY_IGNORE}] + ini: + - {key: ignore_certs, section: galaxy} + type: boolean +GALAXY_ROLE_SKELETON: + name: Galaxy role skeleton directory + description: Role skeleton directory to use as a template for the ``init`` action in ``ansible-galaxy``/``ansible-galaxy role``, same as ``--role-skeleton``. + env: [{name: ANSIBLE_GALAXY_ROLE_SKELETON}] + ini: + - {key: role_skeleton, section: galaxy} + type: path +GALAXY_ROLE_SKELETON_IGNORE: + name: Galaxy role skeleton ignore + default: ["^.git$", "^.*/.git_keep$"] + description: patterns of files to ignore inside a Galaxy role or collection skeleton directory + env: [{name: ANSIBLE_GALAXY_ROLE_SKELETON_IGNORE}] + ini: + - {key: role_skeleton_ignore, section: galaxy} + type: list +GALAXY_COLLECTION_SKELETON: + name: Galaxy collection skeleton directory + description: Collection skeleton directory to use as a template for the ``init`` action in ``ansible-galaxy collection``, same as ``--collection-skeleton``. + env: [{name: ANSIBLE_GALAXY_COLLECTION_SKELETON}] + ini: + - {key: collection_skeleton, section: galaxy} + type: path +GALAXY_COLLECTION_SKELETON_IGNORE: + name: Galaxy collection skeleton ignore + default: ["^.git$", "^.*/.git_keep$"] + description: patterns of files to ignore inside a Galaxy collection skeleton directory + env: [{name: ANSIBLE_GALAXY_COLLECTION_SKELETON_IGNORE}] + ini: + - {key: collection_skeleton_ignore, section: galaxy} + type: list +# TODO: unused? +#GALAXY_SCMS: +# name: Galaxy SCMS +# default: git, hg +# description: Available galaxy source control management systems. +# env: [{name: ANSIBLE_GALAXY_SCMS}] +# ini: +# - {key: scms, section: galaxy} +# type: list +GALAXY_SERVER: + default: https://galaxy.ansible.com + description: "URL to prepend when roles don't specify the full URI, assume they are referencing this server as the source." + env: [{name: ANSIBLE_GALAXY_SERVER}] + ini: + - {key: server, section: galaxy} + yaml: {key: galaxy.server} +GALAXY_SERVER_LIST: + description: + - A list of Galaxy servers to use when installing a collection. + - The value corresponds to the config ini header ``[galaxy_server.{{item}}]`` which defines the server details. + - 'See :ref:`galaxy_server_config` for more details on how to define a Galaxy server.' + - The order of servers in this list is used to as the order in which a collection is resolved. + - Setting this config option will ignore the :ref:`galaxy_server` config option. + env: [{name: ANSIBLE_GALAXY_SERVER_LIST}] + ini: + - {key: server_list, section: galaxy} + type: list + version_added: "2.9" +GALAXY_TOKEN_PATH: + default: '{{ ANSIBLE_HOME ~ "/galaxy_token" }}' + description: "Local path to galaxy access token file" + env: [{name: ANSIBLE_GALAXY_TOKEN_PATH}] + ini: + - {key: token_path, section: galaxy} + type: path + version_added: "2.9" +GALAXY_DISPLAY_PROGRESS: + default: ~ + description: + - Some steps in ``ansible-galaxy`` display a progress wheel which can cause issues on certain displays or when + outputing the stdout to a file. + - This config option controls whether the display wheel is shown or not. + - The default is to show the display wheel if stdout has a tty. + env: [{name: ANSIBLE_GALAXY_DISPLAY_PROGRESS}] + ini: + - {key: display_progress, section: galaxy} + type: bool + version_added: "2.10" +GALAXY_CACHE_DIR: + default: '{{ ANSIBLE_HOME ~ "/galaxy_cache" }}' + description: + - The directory that stores cached responses from a Galaxy server. + - This is only used by the ``ansible-galaxy collection install`` and ``download`` commands. + - Cache files inside this dir will be ignored if they are world writable. + env: + - name: ANSIBLE_GALAXY_CACHE_DIR + ini: + - section: galaxy + key: cache_dir + type: path + version_added: '2.11' +GALAXY_DISABLE_GPG_VERIFY: + default: false + type: bool + env: + - name: ANSIBLE_GALAXY_DISABLE_GPG_VERIFY + ini: + - section: galaxy + key: disable_gpg_verify + description: + - Disable GPG signature verification during collection installation. + version_added: '2.13' +GALAXY_GPG_KEYRING: + type: path + env: + - name: ANSIBLE_GALAXY_GPG_KEYRING + ini: + - section: galaxy + key: gpg_keyring + description: + - Configure the keyring used for GPG signature verification during collection installation and verification. + version_added: '2.13' +GALAXY_IGNORE_INVALID_SIGNATURE_STATUS_CODES: + type: list + env: + - name: ANSIBLE_GALAXY_IGNORE_SIGNATURE_STATUS_CODES + ini: + - section: galaxy + key: ignore_signature_status_codes + description: + - A list of GPG status codes to ignore during GPG signature verification. + See L(https://github.com/gpg/gnupg/blob/master/doc/DETAILS#general-status-codes) for status code descriptions. + - If fewer signatures successfully verify the collection than `GALAXY_REQUIRED_VALID_SIGNATURE_COUNT`, + signature verification will fail even if all error codes are ignored. + choices: + - EXPSIG + - EXPKEYSIG + - REVKEYSIG + - BADSIG + - ERRSIG + - NO_PUBKEY + - MISSING_PASSPHRASE + - BAD_PASSPHRASE + - NODATA + - UNEXPECTED + - ERROR + - FAILURE + - BADARMOR + - KEYEXPIRED + - KEYREVOKED + - NO_SECKEY +GALAXY_REQUIRED_VALID_SIGNATURE_COUNT: + type: str + default: 1 + env: + - name: ANSIBLE_GALAXY_REQUIRED_VALID_SIGNATURE_COUNT + ini: + - section: galaxy + key: required_valid_signature_count + description: + - The number of signatures that must be successful during GPG signature verification while installing or verifying collections. + - This should be a positive integer or all to indicate all signatures must successfully validate the collection. + - Prepend + to the value to fail if no valid signatures are found for the collection. +HOST_KEY_CHECKING: + # note: constant not in use by ssh plugin anymore + # TODO: check non ssh connection plugins for use/migration + name: Check host keys + default: True + description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host' + env: [{name: ANSIBLE_HOST_KEY_CHECKING}] + ini: + - {key: host_key_checking, section: defaults} + type: boolean +HOST_PATTERN_MISMATCH: + name: Control host pattern mismatch behaviour + default: 'warning' + description: This setting changes the behaviour of mismatched host patterns, it allows you to force a fatal error, a warning or just ignore it + env: [{name: ANSIBLE_HOST_PATTERN_MISMATCH}] + ini: + - {key: host_pattern_mismatch, section: inventory} + choices: + <<: *basic_error + version_added: "2.8" +INTERPRETER_PYTHON: + name: Python interpreter path (or automatic discovery behavior) used for module execution + default: auto + env: [{name: ANSIBLE_PYTHON_INTERPRETER}] + ini: + - {key: interpreter_python, section: defaults} + vars: + - {name: ansible_python_interpreter} + version_added: "2.8" + description: + - Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. + Supported discovery modes are ``auto`` (the default), ``auto_silent``, ``auto_legacy``, and ``auto_legacy_silent``. + All discovery modes employ a lookup table to use the included system Python (on distributions known to include one), + falling back to a fixed ordered list of well-known Python interpreter locations if a platform-specific default is not + available. The fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters + installed later may change which one is used). This warning behavior can be disabled by setting ``auto_silent`` or + ``auto_legacy_silent``. The value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility + with older Ansible releases that always defaulted to ``/usr/bin/python``, will use that interpreter if present. +_INTERPRETER_PYTHON_DISTRO_MAP: + name: Mapping of known included platform pythons for various Linux distros + default: + redhat: + '6': /usr/bin/python + '8': /usr/libexec/platform-python + '9': /usr/bin/python3 + debian: + '8': /usr/bin/python + '10': /usr/bin/python3 + fedora: + '23': /usr/bin/python3 + ubuntu: + '14': /usr/bin/python + '16': /usr/bin/python3 + version_added: "2.8" + # FUTURE: add inventory override once we're sure it can't be abused by a rogue target + # FUTURE: add a platform layer to the map so we could use for, eg, freebsd/macos/etc? +INTERPRETER_PYTHON_FALLBACK: + name: Ordered list of Python interpreters to check for in discovery + default: + - python3.11 + - python3.10 + - python3.9 + - python3.8 + - python3.7 + - python3.6 + - python3.5 + - /usr/bin/python3 + - /usr/libexec/platform-python + - python2.7 + - /usr/bin/python + - python + vars: + - name: ansible_interpreter_python_fallback + type: list + version_added: "2.8" +TRANSFORM_INVALID_GROUP_CHARS: + name: Transform invalid characters in group names + default: 'never' + description: + - Make ansible transform invalid characters in group names supplied by inventory sources. + env: [{name: ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS}] + ini: + - {key: force_valid_group_names, section: defaults} + type: string + choices: + always: it will replace any invalid characters with '_' (underscore) and warn the user + never: it will allow for the group name but warn about the issue + ignore: it does the same as 'never', without issuing a warning + silently: it does the same as 'always', without issuing a warning + version_added: '2.8' +INVALID_TASK_ATTRIBUTE_FAILED: + name: Controls whether invalid attributes for a task result in errors instead of warnings + default: True + description: If 'false', invalid attributes for a task will result in warnings instead of errors + type: boolean + env: + - name: ANSIBLE_INVALID_TASK_ATTRIBUTE_FAILED + ini: + - key: invalid_task_attribute_failed + section: defaults + version_added: "2.7" +INVENTORY_ANY_UNPARSED_IS_FAILED: + name: Controls whether any unparseable inventory source is a fatal error + default: False + description: > + If 'true', it is a fatal error when any given inventory source + cannot be successfully parsed by any available inventory plugin; + otherwise, this situation only attracts a warning. + type: boolean + env: [{name: ANSIBLE_INVENTORY_ANY_UNPARSED_IS_FAILED}] + ini: + - {key: any_unparsed_is_failed, section: inventory} + version_added: "2.7" +INVENTORY_CACHE_ENABLED: + name: Inventory caching enabled + default: False + description: + - Toggle to turn on inventory caching. + - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. + - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory configuration. + - This message will be removed in 2.16. + env: [{name: ANSIBLE_INVENTORY_CACHE}] + ini: + - {key: cache, section: inventory} + type: bool +INVENTORY_CACHE_PLUGIN: + name: Inventory cache plugin + description: + - The plugin for caching inventory. + - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. + - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. + - This message will be removed in 2.16. + env: [{name: ANSIBLE_INVENTORY_CACHE_PLUGIN}] + ini: + - {key: cache_plugin, section: inventory} +INVENTORY_CACHE_PLUGIN_CONNECTION: + name: Inventory cache plugin URI to override the defaults section + description: + - The inventory cache connection. + - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. + - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. + - This message will be removed in 2.16. + env: [{name: ANSIBLE_INVENTORY_CACHE_CONNECTION}] + ini: + - {key: cache_connection, section: inventory} +INVENTORY_CACHE_PLUGIN_PREFIX: + name: Inventory cache plugin table prefix + description: + - The table prefix for the cache plugin. + - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. + - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. + - This message will be removed in 2.16. + env: [{name: ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX}] + default: ansible_inventory_ + ini: + - {key: cache_prefix, section: inventory} +INVENTORY_CACHE_TIMEOUT: + name: Inventory cache plugin expiration timeout + description: + - Expiration timeout for the inventory cache plugin data. + - This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. + - The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. + - This message will be removed in 2.16. + default: 3600 + env: [{name: ANSIBLE_INVENTORY_CACHE_TIMEOUT}] + ini: + - {key: cache_timeout, section: inventory} +INVENTORY_ENABLED: + name: Active Inventory plugins + default: ['host_list', 'script', 'auto', 'yaml', 'ini', 'toml'] + description: List of enabled inventory plugins, it also determines the order in which they are used. + env: [{name: ANSIBLE_INVENTORY_ENABLED}] + ini: + - {key: enable_plugins, section: inventory} + type: list +INVENTORY_EXPORT: + name: Set ansible-inventory into export mode + default: False + description: Controls if ansible-inventory will accurately reflect Ansible's view into inventory or its optimized for exporting. + env: [{name: ANSIBLE_INVENTORY_EXPORT}] + ini: + - {key: export, section: inventory} + type: bool +INVENTORY_IGNORE_EXTS: + name: Inventory ignore extensions + default: "{{(REJECT_EXTS + ('.orig', '.ini', '.cfg', '.retry'))}}" + description: List of extensions to ignore when using a directory as an inventory source + env: [{name: ANSIBLE_INVENTORY_IGNORE}] + ini: + - {key: inventory_ignore_extensions, section: defaults} + - {key: ignore_extensions, section: inventory} + type: list +INVENTORY_IGNORE_PATTERNS: + name: Inventory ignore patterns + default: [] + description: List of patterns to ignore when using a directory as an inventory source + env: [{name: ANSIBLE_INVENTORY_IGNORE_REGEX}] + ini: + - {key: inventory_ignore_patterns, section: defaults} + - {key: ignore_patterns, section: inventory} + type: list +INVENTORY_UNPARSED_IS_FAILED: + name: Unparsed Inventory failure + default: False + description: > + If 'true' it is a fatal error if every single potential inventory + source fails to parse, otherwise this situation will only attract a + warning. + env: [{name: ANSIBLE_INVENTORY_UNPARSED_FAILED}] + ini: + - {key: unparsed_is_failed, section: inventory} + type: bool +JINJA2_NATIVE_WARNING: + name: Running older than required Jinja version for jinja2_native warning + default: True + description: Toggle to control showing warnings related to running a Jinja version + older than required for jinja2_native + env: + - name: ANSIBLE_JINJA2_NATIVE_WARNING + deprecated: + why: This option is no longer used in the Ansible Core code base. + version: "2.17" + ini: + - {key: jinja2_native_warning, section: defaults} + type: boolean +MAX_FILE_SIZE_FOR_DIFF: + name: Diff maximum file size + default: 104448 + description: Maximum size of files to be considered for diff display + env: [{name: ANSIBLE_MAX_DIFF_SIZE}] + ini: + - {key: max_diff_size, section: defaults} + type: int +NETWORK_GROUP_MODULES: + name: Network module families + default: [eos, nxos, ios, iosxr, junos, enos, ce, vyos, sros, dellos9, dellos10, dellos6, asa, aruba, aireos, bigip, ironware, onyx, netconf, exos, voss, slxos] + description: 'TODO: write it' + env: + - name: ANSIBLE_NETWORK_GROUP_MODULES + ini: + - {key: network_group_modules, section: defaults} + type: list + yaml: {key: defaults.network_group_modules} +INJECT_FACTS_AS_VARS: + default: True + description: + - Facts are available inside the `ansible_facts` variable, this setting also pushes them as their own vars in the main namespace. + - Unlike inside the `ansible_facts` dictionary, these will have an `ansible_` prefix. + env: [{name: ANSIBLE_INJECT_FACT_VARS}] + ini: + - {key: inject_facts_as_vars, section: defaults} + type: boolean + version_added: "2.5" +MODULE_IGNORE_EXTS: + name: Module ignore extensions + default: "{{(REJECT_EXTS + ('.yaml', '.yml', '.ini'))}}" + description: + - List of extensions to ignore when looking for modules to load + - This is for rejecting script and binary module fallback extensions + env: [{name: ANSIBLE_MODULE_IGNORE_EXTS}] + ini: + - {key: module_ignore_exts, section: defaults} + type: list +OLD_PLUGIN_CACHE_CLEARING: + description: Previously Ansible would only clear some of the plugin loading caches when loading new roles, this led to some behaviours in which a plugin loaded in prevoius plays would be unexpectedly 'sticky'. This setting allows to return to that behaviour. + env: [{name: ANSIBLE_OLD_PLUGIN_CACHE_CLEAR}] + ini: + - {key: old_plugin_cache_clear, section: defaults} + type: boolean + default: False + version_added: "2.8" +PARAMIKO_HOST_KEY_AUTO_ADD: + # TODO: move to plugin + default: False + description: 'TODO: write it' + env: [{name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD}] + ini: + - {key: host_key_auto_add, section: paramiko_connection} + type: boolean +PARAMIKO_LOOK_FOR_KEYS: + name: look for keys + default: True + description: 'TODO: write it' + env: [{name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS}] + ini: + - {key: look_for_keys, section: paramiko_connection} + type: boolean +PERSISTENT_CONTROL_PATH_DIR: + name: Persistence socket path + default: '{{ ANSIBLE_HOME ~ "/pc" }}' + description: Path to socket to be used by the connection persistence system. + env: [{name: ANSIBLE_PERSISTENT_CONTROL_PATH_DIR}] + ini: + - {key: control_path_dir, section: persistent_connection} + type: path +PERSISTENT_CONNECT_TIMEOUT: + name: Persistence timeout + default: 30 + description: This controls how long the persistent connection will remain idle before it is destroyed. + env: [{name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT}] + ini: + - {key: connect_timeout, section: persistent_connection} + type: integer +PERSISTENT_CONNECT_RETRY_TIMEOUT: + name: Persistence connection retry timeout + default: 15 + description: This controls the retry timeout for persistent connection to connect to the local domain socket. + env: [{name: ANSIBLE_PERSISTENT_CONNECT_RETRY_TIMEOUT}] + ini: + - {key: connect_retry_timeout, section: persistent_connection} + type: integer +PERSISTENT_COMMAND_TIMEOUT: + name: Persistence command timeout + default: 30 + description: This controls the amount of time to wait for response from remote device before timing out persistent connection. + env: [{name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT}] + ini: + - {key: command_timeout, section: persistent_connection} + type: int +PLAYBOOK_DIR: + name: playbook dir override for non-playbook CLIs (ala --playbook-dir) + version_added: "2.9" + description: + - A number of non-playbook CLIs have a ``--playbook-dir`` argument; this sets the default value for it. + env: [{name: ANSIBLE_PLAYBOOK_DIR}] + ini: [{key: playbook_dir, section: defaults}] + type: path +PLAYBOOK_VARS_ROOT: + name: playbook vars files root + default: top + version_added: "2.4.1" + description: + - This sets which playbook dirs will be used as a root to process vars plugins, which includes finding host_vars/group_vars + env: [{name: ANSIBLE_PLAYBOOK_VARS_ROOT}] + ini: + - {key: playbook_vars_root, section: defaults} + choices: + top: follows the traditional behavior of using the top playbook in the chain to find the root directory. + bottom: follows the 2.4.0 behavior of using the current playbook to find the root directory. + all: examines from the first parent to the current playbook. +PLUGIN_FILTERS_CFG: + name: Config file for limiting valid plugins + default: null + version_added: "2.5.0" + description: + - "A path to configuration for filtering which plugins installed on the system are allowed to be used." + - "See :ref:`plugin_filtering_config` for details of the filter file's format." + - " The default is /etc/ansible/plugin_filters.yml" + ini: + - key: plugin_filters_cfg + section: defaults + type: path +PYTHON_MODULE_RLIMIT_NOFILE: + name: Adjust maximum file descriptor soft limit during Python module execution + description: + - Attempts to set RLIMIT_NOFILE soft limit to the specified value when executing Python modules (can speed up subprocess usage on + Python 2.x. See https://bugs.python.org/issue11284). The value will be limited by the existing hard limit. Default + value of 0 does not attempt to adjust existing system-defined limits. + default: 0 + env: + - {name: ANSIBLE_PYTHON_MODULE_RLIMIT_NOFILE} + ini: + - {key: python_module_rlimit_nofile, section: defaults} + vars: + - {name: ansible_python_module_rlimit_nofile} + version_added: '2.8' +RETRY_FILES_ENABLED: + name: Retry files + default: False + description: This controls whether a failed Ansible playbook should create a .retry file. + env: [{name: ANSIBLE_RETRY_FILES_ENABLED}] + ini: + - {key: retry_files_enabled, section: defaults} + type: bool +RETRY_FILES_SAVE_PATH: + name: Retry files path + default: ~ + description: + - This sets the path in which Ansible will save .retry files when a playbook fails and retry files are enabled. + - This file will be overwritten after each run with the list of failed hosts from all plays. + env: [{name: ANSIBLE_RETRY_FILES_SAVE_PATH}] + ini: + - {key: retry_files_save_path, section: defaults} + type: path +RUN_VARS_PLUGINS: + name: When should vars plugins run relative to inventory + default: demand + description: + - This setting can be used to optimize vars_plugin usage depending on user's inventory size and play selection. + env: [{name: ANSIBLE_RUN_VARS_PLUGINS}] + ini: + - {key: run_vars_plugins, section: defaults} + type: str + choices: + demand: will run vars_plugins relative to inventory sources anytime vars are 'demanded' by tasks. + start: will run vars_plugins relative to inventory sources after importing that inventory source. + version_added: "2.10" +SHOW_CUSTOM_STATS: + name: Display custom stats + default: False + description: 'This adds the custom stats set via the set_stats plugin to the default output' + env: [{name: ANSIBLE_SHOW_CUSTOM_STATS}] + ini: + - {key: show_custom_stats, section: defaults} + type: bool +STRING_TYPE_FILTERS: + name: Filters to preserve strings + default: [string, to_json, to_nice_json, to_yaml, to_nice_yaml, ppretty, json] + description: + - "This list of filters avoids 'type conversion' when templating variables" + - Useful when you want to avoid conversion into lists or dictionaries for JSON strings, for example. + env: [{name: ANSIBLE_STRING_TYPE_FILTERS}] + ini: + - {key: dont_type_filters, section: jinja2} + type: list +SYSTEM_WARNINGS: + name: System warnings + default: True + description: + - Allows disabling of warnings related to potential issues on the system running ansible itself (not on the managed hosts) + - These may include warnings about 3rd party packages or other conditions that should be resolved if possible. + env: [{name: ANSIBLE_SYSTEM_WARNINGS}] + ini: + - {key: system_warnings, section: defaults} + type: boolean +TAGS_RUN: + name: Run Tags + default: [] + type: list + description: default list of tags to run in your plays, Skip Tags has precedence. + env: [{name: ANSIBLE_RUN_TAGS}] + ini: + - {key: run, section: tags} + version_added: "2.5" +TAGS_SKIP: + name: Skip Tags + default: [] + type: list + description: default list of tags to skip in your plays, has precedence over Run Tags + env: [{name: ANSIBLE_SKIP_TAGS}] + ini: + - {key: skip, section: tags} + version_added: "2.5" +TASK_TIMEOUT: + name: Task Timeout + default: 0 + description: + - Set the maximum time (in seconds) that a task can run for. + - If set to 0 (the default) there is no timeout. + env: [{name: ANSIBLE_TASK_TIMEOUT}] + ini: + - {key: task_timeout, section: defaults} + type: integer + version_added: '2.10' +WORKER_SHUTDOWN_POLL_COUNT: + name: Worker Shutdown Poll Count + default: 0 + description: + - The maximum number of times to check Task Queue Manager worker processes to verify they have exited cleanly. + - After this limit is reached any worker processes still running will be terminated. + - This is for internal use only. + env: [{name: ANSIBLE_WORKER_SHUTDOWN_POLL_COUNT}] + type: integer + version_added: '2.10' +WORKER_SHUTDOWN_POLL_DELAY: + name: Worker Shutdown Poll Delay + default: 0.1 + description: + - The number of seconds to sleep between polling loops when checking Task Queue Manager worker processes to verify they have exited cleanly. + - This is for internal use only. + env: [{name: ANSIBLE_WORKER_SHUTDOWN_POLL_DELAY}] + type: float + version_added: '2.10' +USE_PERSISTENT_CONNECTIONS: + name: Persistence + default: False + description: Toggles the use of persistence for connections. + env: [{name: ANSIBLE_USE_PERSISTENT_CONNECTIONS}] + ini: + - {key: use_persistent_connections, section: defaults} + type: boolean +VARIABLE_PLUGINS_ENABLED: + name: Vars plugin enabled list + default: ['host_group_vars'] + description: Accept list for variable plugins that require it. + env: [{name: ANSIBLE_VARS_ENABLED}] + ini: + - {key: vars_plugins_enabled, section: defaults} + type: list + version_added: "2.10" +VARIABLE_PRECEDENCE: + name: Group variable precedence + default: ['all_inventory', 'groups_inventory', 'all_plugins_inventory', 'all_plugins_play', 'groups_plugins_inventory', 'groups_plugins_play'] + description: Allows to change the group variable precedence merge order. + env: [{name: ANSIBLE_PRECEDENCE}] + ini: + - {key: precedence, section: defaults} + type: list + version_added: "2.4" +WIN_ASYNC_STARTUP_TIMEOUT: + name: Windows Async Startup Timeout + default: 5 + description: + - For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), + this is how long, in seconds, to wait for the task spawned by Ansible to connect back to the named pipe used + on Windows systems. The default is 5 seconds. This can be too low on slower systems, or systems under heavy load. + - This is not the total time an async command can run for, but is a separate timeout to wait for an async command to + start. The task will only start to be timed against its async_timeout once it has connected to the pipe, so the + overall maximum duration the task can take will be extended by the amount specified here. + env: [{name: ANSIBLE_WIN_ASYNC_STARTUP_TIMEOUT}] + ini: + - {key: win_async_startup_timeout, section: defaults} + type: integer + vars: + - {name: ansible_win_async_startup_timeout} + version_added: '2.10' +YAML_FILENAME_EXTENSIONS: + name: Valid YAML extensions + default: [".yml", ".yaml", ".json"] + description: + - "Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these." + - 'This affects vars_files, include_vars, inventory and vars plugins among others.' + env: + - name: ANSIBLE_YAML_FILENAME_EXT + ini: + - section: defaults + key: yaml_valid_extensions + type: list +NETCONF_SSH_CONFIG: + description: This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump + host ssh settings should be present in ~/.ssh/config file, alternatively it can be set + to custom ssh configuration file path to read the bastion/jump host settings. + env: [{name: ANSIBLE_NETCONF_SSH_CONFIG}] + ini: + - {key: ssh_config, section: netconf_connection} + yaml: {key: netconf_connection.ssh_config} + default: null +STRING_CONVERSION_ACTION: + version_added: '2.8' + description: + - Action to take when a module parameter value is converted to a string (this does not affect variables). + For string parameters, values such as '1.00', "['a', 'b',]", and 'yes', 'y', etc. + will be converted by the YAML parser unless fully quoted. + - Valid options are 'error', 'warn', and 'ignore'. + - Since 2.8, this option defaults to 'warn' but will change to 'error' in 2.12. + default: 'warn' + env: + - name: ANSIBLE_STRING_CONVERSION_ACTION + ini: + - section: defaults + key: string_conversion_action + type: string +VALIDATE_ACTION_GROUP_METADATA: + version_added: '2.12' + description: + - A toggle to disable validating a collection's 'metadata' entry for a module_defaults action group. + Metadata containing unexpected fields or value types will produce a warning when this is True. + default: True + env: [{name: ANSIBLE_VALIDATE_ACTION_GROUP_METADATA}] + ini: + - section: defaults + key: validate_action_group_metadata + type: bool +VERBOSE_TO_STDERR: + version_added: '2.8' + description: + - Force 'verbose' option to use stderr instead of stdout + default: False + env: + - name: ANSIBLE_VERBOSE_TO_STDERR + ini: + - section: defaults + key: verbose_to_stderr + type: bool +... |