ansible-的修改配置文件
2024-10-09 17:47:58
1. ansible的配置文件
1 [root@1-230 python-2.7.5]# tree /etc/ansible/
2 /etc/ansible/
3 ├── ansible.cfg
4 ├── hosts
5 └── roles
6
7 1 directory, 2 files
ansible.cfg:是ansible执行需求的全局性、默认的配置文件
hosts:默认的主机资产清单文件
2. ansible的配置文件ansible.cfg常用的配置项梳理查看源文件
1 [root@test-2 ansible]# cat ansible.cfg
2 # config file for ansible -- https://ansible.com/
3 # ===============================================
4
5 # nearly all parameters can be overridden in ansible-playbook
6 # or with command line flags. ansible will read ANSIBLE_CONFIG,
7 # ansible.cfg in the current working directory, .ansible.cfg in
8 # the home directory or /etc/ansible/ansible.cfg, whichever it
9 # finds first
10
11 [defaults]
12
13 # some basic default values...
14
15 #inventory = /etc/ansible/hosts
16 #library = /usr/share/my_modules/
17 #module_utils = /usr/share/my_module_utils/
18 #remote_tmp = ~/.ansible/tmp
19 #local_tmp = ~/.ansible/tmp
20 #plugin_filters_cfg = /etc/ansible/plugin_filters.yml
21 #forks = 5
22 #poll_interval = 15
23 #sudo_user = root
24 #ask_sudo_pass = True
25 #ask_pass = True
26 #transport = smart
27 #remote_port = 22
28 #module_lang = C
29 #module_set_locale = False
30
31 # plays will gather facts by default, which contain information about
32 # the remote system.
33 #
34 # smart - gather by default, but don't regather if already gathered
35 # implicit - gather by default, turn off with gather_facts: False
36 # explicit - do not gather by default, must say gather_facts: True
37 #gathering = implicit
38
39 # This only affects the gathering done by a play's gather_facts directive,
40 # by default gathering retrieves all facts subsets
41 # all - gather all subsets
42 # network - gather min and network facts
43 # hardware - gather hardware facts (longest facts to retrieve)
44 # virtual - gather min and virtual facts
45 # facter - import facts from facter
46 # ohai - import facts from ohai
47 # You can combine them using comma (ex: network,virtual)
48 # You can negate them using ! (ex: !hardware,!facter,!ohai)
49 # A minimal set of facts is always gathered.
50 #gather_subset = all
51
52 # some hardware related facts are collected
53 # with a maximum timeout of 10 seconds. This
54 # option lets you increase or decrease that
55 # timeout to something more suitable for the
56 # environment.
57 # gather_timeout = 10
58
59 # Ansible facts are available inside the ansible_facts.* dictionary
60 # namespace. This setting maintains the behaviour which was the default prior
61 # to 2.5, duplicating these variables into the main namespace, each with a
62 # prefix of 'ansible_'.
63 # This variable is set to True by default for backwards compatibility. It
64 # will be changed to a default of 'False' in a future release.
65 # ansible_facts.
66 # inject_facts_as_vars = True
67
68 # additional paths to search for roles in, colon separated
69 #roles_path = /etc/ansible/roles
70
71 # uncomment this to disable SSH key host checking
72 #host_key_checking = False
73
74 # change the default callback, you can only have one 'stdout' type enabled at a time.
75 #stdout_callback = skippy
76
77
78 ## Ansible ships with some plugins that require whitelisting,
79 ## this is done to avoid running all of a type by default.
80 ## These setting lists those that you want enabled for your system.
81 ## Custom plugins should not need this unless plugin author specifies it.
82
83 # enable callback plugins, they can output to stdout but cannot be 'stdout' type.
84 #callback_whitelist = timer, mail
85
86 # Determine whether includes in tasks and handlers are "static" by
87 # default. As of 2.0, includes are dynamic by default. Setting these
88 # values to True will make includes behave more like they did in the
89 # 1.x versions.
90 #task_includes_static = False
91 #handler_includes_static = False
92
93 # Controls if a missing handler for a notification event is an error or a warning
94 #error_on_missing_handler = True
95
96 # change this for alternative sudo implementations
97 #sudo_exe = sudo
98
99 # What flags to pass to sudo
100 # WARNING: leaving out the defaults might create unexpected behaviours
101 #sudo_flags = -H -S -n
102
103 # SSH timeout
104 #timeout = 10
105
106 # default user to use for playbooks if user is not specified
107 # (/usr/bin/ansible will use current user as default)
108 #remote_user = root
109
110 # logging is off by default unless this path is defined
111 # if so defined, consider logrotate
112 #log_path = /var/log/ansible.log
113
114 # default module name for /usr/bin/ansible
115 #module_name = command
116
117 # use this shell for commands executed under sudo
118 # you may need to change this to bin/bash in rare instances
119 # if sudo is constrained
120 #executable = /bin/sh
121
122 # if inventory variables overlap, does the higher precedence one win
123 # or are hash values merged together? The default is 'replace' but
124 # this can also be set to 'merge'.
125 #hash_behaviour = replace
126
127 # by default, variables from roles will be visible in the global variable
128 # scope. To prevent this, the following option can be enabled, and only
129 # tasks and handlers within the role will see the variables there
130 #private_role_vars = yes
131
132 # list any Jinja2 extensions to enable here:
133 #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
134
135 # if set, always use this private key file for authentication, same as
136 # if passing --private-key to ansible or ansible-playbook
137 #private_key_file = /path/to/file
138
139 # If set, configures the path to the Vault password file as an alternative to
140 # specifying --vault-password-file on the command line.
141 #vault_password_file = /path/to/vault_password_file
142
143 # format of string {{ ansible_managed }} available within Jinja2
144 # templates indicates to users editing templates files will be replaced.
145 # replacing {file}, {host} and {uid} and strftime codes with proper values.
146 #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
147 # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
148 # in some situations so the default is a static string:
149 #ansible_managed = Ansible managed
150
151 # by default, ansible-playbook will display "Skipping [host]" if it determines a task
152 # should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
153 # messages. NOTE: the task header will still be shown regardless of whether or not the
154 # task is skipped.
155 #display_skipped_hosts = True
156
157 # by default, if a task in a playbook does not include a name: field then
158 # ansible-playbook will construct a header that includes the task's action but
159 # not the task's args. This is a security feature because ansible cannot know
160 # if the *module* considers an argument to be no_log at the time that the
161 # header is printed. If your environment doesn't have a problem securing
162 # stdout from ansible-playbook (or you have manually specified no_log in your
163 # playbook on all of the tasks where you have secret information) then you can
164 # safely set this to True to get more informative messages.
165 #display_args_to_stdout = False
166
167 # by default (as of 1.3), Ansible will raise errors when attempting to dereference
168 # Jinja2 variables that are not set in templates or action lines. Uncomment this line
169 # to revert the behavior to pre-1.3.
170 #error_on_undefined_vars = False
171
172 # by default (as of 1.6), Ansible may display warnings based on the configuration of the
173 # system running ansible itself. This may include warnings about 3rd party packages or
174 # other conditions that should be resolved if possible.
175 # to disable these warnings, set the following value to False:
176 #system_warnings = True
177
178 # by default (as of 1.4), Ansible may display deprecation warnings for language
179 # features that should no longer be used and will be removed in future versions.
180 # to disable these warnings, set the following value to False:
181 #deprecation_warnings = True
182
183 # (as of 1.8), Ansible can optionally warn when usage of the shell and
184 # command module appear to be simplified by using a default Ansible module
185 # instead. These warnings can be silenced by adjusting the following
186 # setting or adding warn=yes or warn=no to the end of the command line
187 # parameter string. This will for example suggest using the git module
188 # instead of shelling out to the git command.
189 # command_warnings = False
190
191
192 # set plugin path directories here, separate with colons
193 #action_plugins = /usr/share/ansible/plugins/action
194 #cache_plugins = /usr/share/ansible/plugins/cache
195 #callback_plugins = /usr/share/ansible/plugins/callback
196 #connection_plugins = /usr/share/ansible/plugins/connection
197 #lookup_plugins = /usr/share/ansible/plugins/lookup
198 #inventory_plugins = /usr/share/ansible/plugins/inventory
199 #vars_plugins = /usr/share/ansible/plugins/vars
200 #filter_plugins = /usr/share/ansible/plugins/filter
201 #test_plugins = /usr/share/ansible/plugins/test
202 #terminal_plugins = /usr/share/ansible/plugins/terminal
203 #strategy_plugins = /usr/share/ansible/plugins/strategy
204
205
206 # by default, ansible will use the 'linear' strategy but you may want to try
207 # another one
208 #strategy = free
209
210 # by default callbacks are not loaded for /bin/ansible, enable this if you
211 # want, for example, a notification or logging callback to also apply to
212 # /bin/ansible runs
213 #bin_ansible_callbacks = False
214
215
216 # don't like cows? that's unfortunate.
217 # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
218 #nocows = 1
219
220 # set which cowsay stencil you'd like to use by default. When set to 'random',
221 # a random stencil will be selected for each task. The selection will be filtered
222 # against the `cow_whitelist` option below.
223 #cow_selection = default
224 #cow_selection = random
225
226 # when using the 'random' option for cowsay, stencils will be restricted to this list.
227 # it should be formatted as a comma-separated list with no spaces between names.
228 # NOTE: line continuations here are for formatting purposes only, as the INI parser
229 # in python does not support them.
230 #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
231 # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
232 # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
233
234 # don't like colors either?
235 # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
236 #nocolor = 1
237
238 # if set to a persistent type (not 'memory', for example 'redis') fact values
239 # from previous runs in Ansible will be stored. This may be useful when
240 # wanting to use, for example, IP information from one group of servers
241 # without having to talk to them in the same playbook run to get their
242 # current IP information.
243 #fact_caching = memory
244
245 #This option tells Ansible where to cache facts. The value is plugin dependent.
246 #For the jsonfile plugin, it should be a path to a local directory.
247 #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
248
249 #fact_caching_connection=/tmp
250
251
252
253 # retry files
254 # When a playbook fails by default a .retry file will be created in ~/
255 # You can disable this feature by setting retry_files_enabled to False
256 # and you can change the location of the files by setting retry_files_save_path
257
258 #retry_files_enabled = False
259 #retry_files_save_path = ~/.ansible-retry
260
261 # squash actions
262 # Ansible can optimise actions that call modules with list parameters
263 # when looping. Instead of calling the module once per with_ item, the
264 # module is called once with all items at once. Currently this only works
265 # under limited circumstances, and only with parameters named 'name'.
266 #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
267
268 # prevents logging of task data, off by default
269 #no_log = False
270
271 # prevents logging of tasks, but only on the targets, data is still logged on the master/controller
272 #no_target_syslog = False
273
274 # controls whether Ansible will raise an error or warning if a task has no
275 # choice but to create world readable temporary files to execute a module on
276 # the remote machine. This option is False by default for security. Users may
277 # turn this on to have behaviour more like Ansible prior to 2.1.x. See
278 # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
279 # for more secure ways to fix this than enabling this option.
280 #allow_world_readable_tmpfiles = False
281
282 # controls the compression level of variables sent to
283 # worker processes. At the default of 0, no compression
284 # is used. This value must be an integer from 0 to 9.
285 #var_compression_level = 9
286
287 # controls what compression method is used for new-style ansible modules when
288 # they are sent to the remote system. The compression types depend on having
289 # support compiled into both the controller's python and the client's python.
290 # The names should match with the python Zipfile compression types:
291 # * ZIP_STORED (no compression. available everywhere)
292 # * ZIP_DEFLATED (uses zlib, the default)
293 # These values may be set per host via the ansible_module_compression inventory
294 # variable
295 #module_compression = 'ZIP_DEFLATED'
296
297 # This controls the cutoff point (in bytes) on --diff for files
298 # set to 0 for unlimited (RAM may suffer!).
299 #max_diff_size = 1048576
300
301 # This controls how ansible handles multiple --tags and --skip-tags arguments
302 # on the CLI. If this is True then multiple arguments are merged together. If
303 # it is False, then the last specified argument is used and the others are ignored.
304 # This option will be removed in 2.8.
305 #merge_multiple_cli_flags = True
306
307 # Controls showing custom stats at the end, off by default
308 #show_custom_stats = True
309
310 # Controls which files to ignore when using a directory as inventory with
311 # possibly multiple sources (both static and dynamic)
312 #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
313
314 # This family of modules use an alternative execution path optimized for network appliances
315 # only update this setting if you know how this works, otherwise it can break module execution
316 #network_group_modules=eos, nxos, ios, iosxr, junos, vyos
317
318 # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
319 # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
320 # jinja2 templating language which will be run through the templating engine.
321 # ENABLING THIS COULD BE A SECURITY RISK
322 #allow_unsafe_lookups = False
323
324 # set default errors for all plays
325 #any_errors_fatal = False
326
327 [inventory]
328 # enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini', 'auto'
329 #enable_plugins = host_list, virtualbox, yaml, constructed
330
331 # ignore these extensions when parsing a directory as inventory source
332 #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
333
334 # ignore files matching these patterns when parsing a directory as inventory source
335 #ignore_patterns=
336
337 # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
338 #unparsed_is_failed=False
339
340 [privilege_escalation]
341 #become=True
342 #become_method=sudo
343 #become_user=root
344 #become_ask_pass=False
345
346 [paramiko_connection]
347
348 # uncomment this line to cause the paramiko connection plugin to not record new host
349 # keys encountered. Increases performance on new host additions. Setting works independently of the
350 # host key checking setting above.
351 #record_host_keys=False
352
353 # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
354 # line to disable this behaviour.
355 #pty=False
356
357 # paramiko will default to looking for SSH keys initially when trying to
358 # authenticate to remote devices. This is a problem for some network devices
359 # that close the connection after a key failure. Uncomment this line to
360 # disable the Paramiko look for keys function
361 #look_for_keys = False
362
363 # When using persistent connections with Paramiko, the connection runs in a
364 # background process. If the host doesn't already have a valid SSH key, by
365 # default Ansible will prompt to add the host key. This will cause connections
366 # running in background processes to fail. Uncomment this line to have
367 # Paramiko automatically add host keys.
368 #host_key_auto_add = True
369
370 [ssh_connection]
371
372 # ssh arguments to use
373 # Leaving off ControlPersist will result in poor performance, so use
374 # paramiko on older platforms rather than removing it, -C controls compression use
375 #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
376
377 # The base directory for the ControlPath sockets.
378 # This is the "%(directory)s" in the control_path option
379 #
380 # Example:
381 # control_path_dir = /tmp/.ansible/cp
382 #control_path_dir = ~/.ansible/cp
383
384 # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
385 # port and username (empty string in the config). The hash mitigates a common problem users
386 # found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
387 # In those cases, a "too long for Unix domain socket" ssh error would occur.
388 #
389 # Example:
390 # control_path = %(directory)s/%%h-%%r
391 #control_path =
392
393 # Enabling pipelining reduces the number of SSH operations required to
394 # execute a module on the remote server. This can result in a significant
395 # performance improvement when enabled, however when using "sudo:" you must
396 # first disable 'requiretty' in /etc/sudoers
397 #
398 # By default, this option is disabled to preserve compatibility with
399 # sudoers configurations that have requiretty (the default on many distros).
400 #
401 #pipelining = False
402
403 # Control the mechanism for transferring files (old)
404 # * smart = try sftp and then try scp [default]
405 # * True = use scp only
406 # * False = use sftp only
407 #scp_if_ssh = smart
408
409 # Control the mechanism for transferring files (new)
410 # If set, this will override the scp_if_ssh option
411 # * sftp = use sftp to transfer files
412 # * scp = use scp to transfer files
413 # * piped = use 'dd' over SSH to transfer files
414 # * smart = try sftp, scp, and piped, in that order [default]
415 #transfer_method = smart
416
417 # if False, sftp will not use batch mode to transfer files. This may cause some
418 # types of file transfer failures impossible to catch however, and should
419 # only be disabled if your sftp version has problems with batch mode
420 #sftp_batch_mode = False
421
422 # The -tt argument is passed to ssh when pipelining is not enabled because sudo
423 # requires a tty by default.
424 #use_tty = True
425
426 # Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
427 # For each retry attempt, there is an exponential backoff,
428 # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
429 #retries = 3
430
431 [persistent_connection]
432
433 # Configures the persistent connection timeout value in seconds. This value is
434 # how long the persistent connection will remain idle before it is destroyed.
435 # If the connection doesn't receive a request before the timeout value
436 # expires, the connection is shutdown. The default value is 30 seconds.
437 #connect_timeout = 30
438
439 # Configures the persistent connection retry timeout. This value configures the
440 # the retry timeout that ansible-connection will wait to connect
441 # to the local domain socket. This value must be larger than the
442 # ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout).
443 # The default value is 15 seconds.
444 #connect_retry_timeout = 15
445
446 # The command timeout value defines the amount of time to wait for a command
447 # or RPC call before timing out. The value for the command timeout must
448 # be less than the value of the persistent connection idle timeout (connect_timeout)
449 # The default value is 10 second.
450 #command_timeout = 10
451
452 [accelerate]
453 #accelerate_port = 5099
454 #accelerate_timeout = 30
455 #accelerate_connect_timeout = 5.0
456
457 # The daemon timeout is measured in minutes. This time is measured
458 # from the last activity to the accelerate daemon.
459 #accelerate_daemon_timeout = 30
460
461 # If set to yes, accelerate_multi_key will allow multiple
462 # private keys to be uploaded to it, though each user must
463 # have access to the system via SSH to add a new key. The default
464 # is "no".
465 #accelerate_multi_key = yes
466
467 [selinux]
468 # file systems that require special treatment when dealing with security context
469 # the default behaviour that copies the existing context or uses the user default
470 # needs to be changed to use the file system dependent context.
471 #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
472
473 # Set this to yes to allow libvirt_lxc connections to work without SELinux.
474 #libvirt_lxc_noseclabel = yes
475
476 [colors]
477 #highlight = white
478 #verbose = blue
479 #warn = bright purple
480 #error = red
481 #debug = dark gray
482 #deprecate = purple
483 #skip = cyan
484 #unreachable = red
485 #ok = green
486 #changed = yellow
487 #diff_add = green
488 #diff_remove = red
489 #diff_lines = cyan
490
491
492 [diff]
493 # Always print diff when running ( same as always running with -D/--diff )
494 # always = no
495
496 # Set how many context lines to show in diff
497 # context = 3
3.Ansible.cfg是ansible自动化任务所用的一个核心配置文件,大部分的配置文件都集中在defualts配置项目中。以下需要修改的配置
1 1)inventory
2 该参数表示资源清单inventory文件的位置,资源清单就是一些Ansible需要连接管理的主机列表
3 inventory = /root/ansible/hosts
4
5 2)library
6 Ansible的操作动作,无论是本地或远程,都使用一小段代码来执行,这小段代码称为模块,这个library参数就是指向存放Ansible模块的目录
7 library = /usr/share/ansible
8
9 3)forks
10 设置默认情况下Ansible最多能有多少个进程同时工作,默认设置最多5个进程并行处理。具体需要设置多少个,可以根据控制主机的性能和被管理节点的数量来确定。
11 forks = 5
12
13 4)sudo_user
14 这是设置默认执行命令的用户,也可以在playbook中重新设置这个参数
15 sudo_user = root
16 //注意:新版本已经作了修改,如ansible2.4.1下已经为:
17 default_sudo_user = root
18
19 5)remote_port
20 这是指定连接被关节点的管理端口,默认是22,除非设置了特殊的SSH端口,不然这个参数一般是不需要修改的
21 remote_port = 22
22
23 6)host_key_checking
24 这是设置是否检查SSH主机的密钥。可以设置为True或False
25 host_key_checking = False
26
27 7)timeout
28 这是设置SSH连接的超时间隔,单位是秒。
29 timeout = 20
30
31 8)log_path
32 Ansible系统默认是不记录日志的,如果想把Ansible系统的输出记录到人i治稳健中,需要设置log_path来指定一个存储Ansible日志的文件
33 log_path = /var/log/ansible.log
34
35 另外需要注意,执行Ansible的用户需要有写入日志的权限,模块将会调用被管节点的syslog来记录,口令是不会出现的日志中的
36
37 9)private_key_file
38
39 默认
40 private_key_file=/path/to/file.pem
41
42 在使用ssh公钥私钥登录系统时候,需要修改密钥路径。
43 private_key_file = /root/.ssh/id_rsa
44
45 10)deprecation_warnings
46 #deprecation_warnings = True
47 注释:
48 以上使用的默认的,配置会提示警告信息,我们需要修改为False,关闭警告
49 [DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework. See become_user. , use become instead. This feature will be
50 removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
51
52 deprecation_warnings = False
53
4.Ansible.cfg修改后的配置文件
1 [root@test-1 bin]# cat /etc/ansible/
2 ansible.cfg hosts roles/
3 [root@test-1 bin]# cat /etc/ansible/ansible.cfg
4 # config file for ansible -- https://ansible.com/
5 # ===============================================
6
7 # nearly all parameters can be overridden in ansible-playbook
8 # or with command line flags. ansible will read ANSIBLE_CONFIG,
9 # ansible.cfg in the current working directory, .ansible.cfg in
10 # the home directory or /etc/ansible/ansible.cfg, whichever it
11 # finds first
12
13 [defaults]
14
15 # some basic default values...
16
17 inventory = /etc/ansible/hosts
18 library = /usr/share/ansible
19 #module_utils = /usr/share/my_module_utils/
20 #remote_tmp = ~/.ansible/tmp
21 #local_tmp = ~/.ansible/tmp
22 #plugin_filters_cfg = /etc/ansible/plugin_filters.yml
23 forks = 5
24 #poll_interval = 15
25 sudo_user = root
26 #ask_sudo_pass = True
27 #ask_pass = True
28 #transport = smart
29 remote_port = 22
30 #module_lang = C
31 #module_set_locale = False
32
33 # plays will gather facts by default, which contain information about
34 # the remote system.
35 #
36 # smart - gather by default, but don't regather if already gathered
37 # implicit - gather by default, turn off with gather_facts: False
38 # explicit - do not gather by default, must say gather_facts: True
39 #gathering = implicit
40
41 # This only affects the gathering done by a play's gather_facts directive,
42 # by default gathering retrieves all facts subsets
43 # all - gather all subsets
44 # network - gather min and network facts
45 # hardware - gather hardware facts (longest facts to retrieve)
46 # virtual - gather min and virtual facts
47 # facter - import facts from facter
48 # ohai - import facts from ohai
49 # You can combine them using comma (ex: network,virtual)
50 # You can negate them using ! (ex: !hardware,!facter,!ohai)
51 # A minimal set of facts is always gathered.
52 #gather_subset = all
53
54 # some hardware related facts are collected
55 # with a maximum timeout of 10 seconds. This
56 # option lets you increase or decrease that
57 # timeout to something more suitable for the
58 # environment.
59 # gather_timeout = 10
60
61 # Ansible facts are available inside the ansible_facts.* dictionary
62 # namespace. This setting maintains the behaviour which was the default prior
63 # to 2.5, duplicating these variables into the main namespace, each with a
64 # prefix of 'ansible_'.
65 # This variable is set to True by default for backwards compatibility. It
66 # will be changed to a default of 'False' in a future release.
67 # ansible_facts.
68 # inject_facts_as_vars = True
69
70 # additional paths to search for roles in, colon separated
71 #roles_path = /etc/ansible/roles
72
73 # uncomment this to disable SSH key host checking
74 host_key_checking = False
75
76 # change the default callback, you can only have one 'stdout' type enabled at a time.
77 #stdout_callback = skippy
78
79
80 ## Ansible ships with some plugins that require whitelisting,
81 ## this is done to avoid running all of a type by default.
82 ## These setting lists those that you want enabled for your system.
83 ## Custom plugins should not need this unless plugin author specifies it.
84
85 # enable callback plugins, they can output to stdout but cannot be 'stdout' type.
86 #callback_whitelist = timer, mail
87
88 # Determine whether includes in tasks and handlers are "static" by
89 # default. As of 2.0, includes are dynamic by default. Setting these
90 # values to True will make includes behave more like they did in the
91 # 1.x versions.
92 #task_includes_static = False
93 #handler_includes_static = False
94
95 # Controls if a missing handler for a notification event is an error or a warning
96 #error_on_missing_handler = True
97
98 # change this for alternative sudo implementations
99 #sudo_exe = sudo
100
101 # What flags to pass to sudo
102 # WARNING: leaving out the defaults might create unexpected behaviours
103 #sudo_flags = -H -S -n
104
105 # SSH timeout
106 timeout = 20
107
108 # default user to use for playbooks if user is not specified
109 # (/usr/bin/ansible will use current user as default)
110 #remote_user = root
111
112 # logging is off by default unless this path is defined
113 # if so defined, consider logrotate
114 log_path = /var/log/ansible/ansible.log
115
116 # default module name for /usr/bin/ansible
117 #module_name = command
118
119 # use this shell for commands executed under sudo
120 # you may need to change this to bin/bash in rare instances
121 # if sudo is constrained
122 #executable = /bin/sh
123
124 # if inventory variables overlap, does the higher precedence one win
125 # or are hash values merged together? The default is 'replace' but
126 # this can also be set to 'merge'.
127 #hash_behaviour = replace
128
129 # by default, variables from roles will be visible in the global variable
130 # scope. To prevent this, the following option can be enabled, and only
131 # tasks and handlers within the role will see the variables there
132 #private_role_vars = yes
133
134 # list any Jinja2 extensions to enable here:
135 #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
136
137 # if set, always use this private key file for authentication, same as
138 # if passing --private-key to ansible or ansible-playbook
139 private_key_file = /root/.ssh/id_rsa
140
141 # If set, configures the path to the Vault password file as an alternative to
142 # specifying --vault-password-file on the command line.
143 #vault_password_file = /path/to/vault_password_file
144
145 # format of string {{ ansible_managed }} available within Jinja2
146 # templates indicates to users editing templates files will be replaced.
147 # replacing {file}, {host} and {uid} and strftime codes with proper values.
148 #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
149 # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
150 # in some situations so the default is a static string:
151 #ansible_managed = Ansible managed
152
153 # by default, ansible-playbook will display "Skipping [host]" if it determines a task
154 # should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
155 # messages. NOTE: the task header will still be shown regardless of whether or not the
156 # task is skipped.
157 #display_skipped_hosts = True
158
159 # by default, if a task in a playbook does not include a name: field then
160 # ansible-playbook will construct a header that includes the task's action but
161 # not the task's args. This is a security feature because ansible cannot know
162 # if the *module* considers an argument to be no_log at the time that the
163 # header is printed. If your environment doesn't have a problem securing
164 # stdout from ansible-playbook (or you have manually specified no_log in your
165 # playbook on all of the tasks where you have secret information) then you can
166 # safely set this to True to get more informative messages.
167 #display_args_to_stdout = False
168
169 # by default (as of 1.3), Ansible will raise errors when attempting to dereference
170 # Jinja2 variables that are not set in templates or action lines. Uncomment this line
171 # to revert the behavior to pre-1.3.
172 #error_on_undefined_vars = False
173
174 # by default (as of 1.6), Ansible may display warnings based on the configuration of the
175 # system running ansible itself. This may include warnings about 3rd party packages or
176 # other conditions that should be resolved if possible.
177 # to disable these warnings, set the following value to False:
178 #system_warnings = True
179
180 # by default (as of 1.4), Ansible may display deprecation warnings for language
181 # features that should no longer be used and will be removed in future versions.
182 # to disable these warnings, set the following value to False:
183 deprecation_warnings = False
184
185 # (as of 1.8), Ansible can optionally warn when usage of the shell and
186 # command module appear to be simplified by using a default Ansible module
187 # instead. These warnings can be silenced by adjusting the following
188 # setting or adding warn=yes or warn=no to the end of the command line
189 # parameter string. This will for example suggest using the git module
190 # instead of shelling out to the git command.
191 # command_warnings = False
192
193
194 # set plugin path directories here, separate with colons
195 #action_plugins = /usr/share/ansible/plugins/action
196 #become_plugins = /usr/share/ansible/plugins/become
197 #cache_plugins = /usr/share/ansible/plugins/cache
198 #callback_plugins = /usr/share/ansible/plugins/callback
199 #connection_plugins = /usr/share/ansible/plugins/connection
200 #lookup_plugins = /usr/share/ansible/plugins/lookup
201 #inventory_plugins = /usr/share/ansible/plugins/inventory
202 #vars_plugins = /usr/share/ansible/plugins/vars
203 #filter_plugins = /usr/share/ansible/plugins/filter
204 #test_plugins = /usr/share/ansible/plugins/test
205 #terminal_plugins = /usr/share/ansible/plugins/terminal
206 #strategy_plugins = /usr/share/ansible/plugins/strategy
207
208
209 # by default, ansible will use the 'linear' strategy but you may want to try
210 # another one
211 #strategy = free
212
213 # by default callbacks are not loaded for /bin/ansible, enable this if you
214 # want, for example, a notification or logging callback to also apply to
215 # /bin/ansible runs
216 #bin_ansible_callbacks = False
217
218
219 # don't like cows? that's unfortunate.
220 # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
221 #nocows = 1
222
223 # set which cowsay stencil you'd like to use by default. When set to 'random',
224 # a random stencil will be selected for each task. The selection will be filtered
225 # against the `cow_whitelist` option below.
226 #cow_selection = default
227 #cow_selection = random
228
229 # when using the 'random' option for cowsay, stencils will be restricted to this list.
230 # it should be formatted as a comma-separated list with no spaces between names.
231 # NOTE: line continuations here are for formatting purposes only, as the INI parser
232 # in python does not support them.
233 #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
234 # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
235 # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
236
237 # don't like colors either?
238 # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
239 #nocolor = 1
240
241 # if set to a persistent type (not 'memory', for example 'redis') fact values
242 # from previous runs in Ansible will be stored. This may be useful when
243 # wanting to use, for example, IP information from one group of servers
244 # without having to talk to them in the same playbook run to get their
245 # current IP information.
246 #fact_caching = memory
247
248 #This option tells Ansible where to cache facts. The value is plugin dependent.
249 #For the jsonfile plugin, it should be a path to a local directory.
250 #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
251
252 #fact_caching_connection=/tmp
253
254
255
256 # retry files
257 # When a playbook fails a .retry file can be created that will be placed in ~/
258 # You can enable this feature by setting retry_files_enabled to True
259 # and you can change the location of the files by setting retry_files_save_path
260
261 #retry_files_enabled = False
262 #retry_files_save_path = ~/.ansible-retry
263
264 # squash actions
265 # Ansible can optimise actions that call modules with list parameters
266 # when looping. Instead of calling the module once per with_ item, the
267 # module is called once with all items at once. Currently this only works
268 # under limited circumstances, and only with parameters named 'name'.
269 #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
270
271 # prevents logging of task data, off by default
272 #no_log = False
273
274 # prevents logging of tasks, but only on the targets, data is still logged on the master/controller
275 #no_target_syslog = False
276
277 # controls whether Ansible will raise an error or warning if a task has no
278 # choice but to create world readable temporary files to execute a module on
279 # the remote machine. This option is False by default for security. Users may
280 # turn this on to have behaviour more like Ansible prior to 2.1.x. See
281 # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
282 # for more secure ways to fix this than enabling this option.
283 #allow_world_readable_tmpfiles = False
284
285 # controls the compression level of variables sent to
286 # worker processes. At the default of 0, no compression
287 # is used. This value must be an integer from 0 to 9.
288 #var_compression_level = 9
289
290 # controls what compression method is used for new-style ansible modules when
291 # they are sent to the remote system. The compression types depend on having
292 # support compiled into both the controller's python and the client's python.
293 # The names should match with the python Zipfile compression types:
294 # * ZIP_STORED (no compression. available everywhere)
295 # * ZIP_DEFLATED (uses zlib, the default)
296 # These values may be set per host via the ansible_module_compression inventory
297 # variable
298 #module_compression = 'ZIP_DEFLATED'
299
300 # This controls the cutoff point (in bytes) on --diff for files
301 # set to 0 for unlimited (RAM may suffer!).
302 #max_diff_size = 1048576
303
304 # This controls how ansible handles multiple --tags and --skip-tags arguments
305 # on the CLI. If this is True then multiple arguments are merged together. If
306 # it is False, then the last specified argument is used and the others are ignored.
307 # This option will be removed in 2.8.
308 #merge_multiple_cli_flags = True
309
310 # Controls showing custom stats at the end, off by default
311 #show_custom_stats = True
312
313 # Controls which files to ignore when using a directory as inventory with
314 # possibly multiple sources (both static and dynamic)
315 #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
316
317 # This family of modules use an alternative execution path optimized for network appliances
318 # only update this setting if you know how this works, otherwise it can break module execution
319 #network_group_modules=eos, nxos, ios, iosxr, junos, vyos
320
321 # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
322 # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
323 # jinja2 templating language which will be run through the templating engine.
324 # ENABLING THIS COULD BE A SECURITY RISK
325 #allow_unsafe_lookups = False
326
327 # set default errors for all plays
328 #any_errors_fatal = False
329
330 [inventory]
331 # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
332 #enable_plugins = host_list, virtualbox, yaml, constructed
333
334 # ignore these extensions when parsing a directory as inventory source
335 #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
336
337 # ignore files matching these patterns when parsing a directory as inventory source
338 #ignore_patterns=
339
340 # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
341 #unparsed_is_failed=False
342
343 [privilege_escalation]
344 #become=True
345 #become_method=sudo
346 #become_user=root
347 #become_ask_pass=False
348
349 [paramiko_connection]
350
351 # uncomment this line to cause the paramiko connection plugin to not record new host
352 # keys encountered. Increases performance on new host additions. Setting works independently of the
353 # host key checking setting above.
354 #record_host_keys=False
355
356 # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
357 # line to disable this behaviour.
358 #pty=False
359
360 # paramiko will default to looking for SSH keys initially when trying to
361 # authenticate to remote devices. This is a problem for some network devices
362 # that close the connection after a key failure. Uncomment this line to
363 # disable the Paramiko look for keys function
364 #look_for_keys = False
365
366 # When using persistent connections with Paramiko, the connection runs in a
367 # background process. If the host doesn't already have a valid SSH key, by
368 # default Ansible will prompt to add the host key. This will cause connections
369 # running in background processes to fail. Uncomment this line to have
370 # Paramiko automatically add host keys.
371 #host_key_auto_add = True
372
373 [ssh_connection]
374
375 # ssh arguments to use
376 # Leaving off ControlPersist will result in poor performance, so use
377 # paramiko on older platforms rather than removing it, -C controls compression use
378 #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
379
380 # The base directory for the ControlPath sockets.
381 # This is the "%(directory)s" in the control_path option
382 #
383 # Example:
384 # control_path_dir = /tmp/.ansible/cp
385 #control_path_dir = ~/.ansible/cp
386
387 # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
388 # port and username (empty string in the config). The hash mitigates a common problem users
389 # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
390 # In those cases, a "too long for Unix domain socket" ssh error would occur.
391 #
392 # Example:
393 # control_path = %(directory)s/%%h-%%r
394 #control_path =
395
396 # Enabling pipelining reduces the number of SSH operations required to
397 # execute a module on the remote server. This can result in a significant
398 # performance improvement when enabled, however when using "sudo:" you must
399 # first disable 'requiretty' in /etc/sudoers
400 #
401 # By default, this option is disabled to preserve compatibility with
402 # sudoers configurations that have requiretty (the default on many distros).
403 #
404 #pipelining = False
405
406 # Control the mechanism for transferring files (old)
407 # * smart = try sftp and then try scp [default]
408 # * True = use scp only
409 # * False = use sftp only
410 #scp_if_ssh = smart
411
412 # Control the mechanism for transferring files (new)
413 # If set, this will override the scp_if_ssh option
414 # * sftp = use sftp to transfer files
415 # * scp = use scp to transfer files
416 # * piped = use 'dd' over SSH to transfer files
417 # * smart = try sftp, scp, and piped, in that order [default]
418 #transfer_method = smart
419
420 # if False, sftp will not use batch mode to transfer files. This may cause some
421 # types of file transfer failures impossible to catch however, and should
422 # only be disabled if your sftp version has problems with batch mode
423 #sftp_batch_mode = False
424
425 # The -tt argument is passed to ssh when pipelining is not enabled because sudo
426 # requires a tty by default.
427 #usetty = True
428
429 # Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
430 # For each retry attempt, there is an exponential backoff,
431 # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
432 #retries = 3
433
434 [persistent_connection]
435
436 # Configures the persistent connection timeout value in seconds. This value is
437 # how long the persistent connection will remain idle before it is destroyed.
438 # If the connection doesn't receive a request before the timeout value
439 # expires, the connection is shutdown. The default value is 30 seconds.
440 #connect_timeout = 30
441
442 # The command timeout value defines the amount of time to wait for a command
443 # or RPC call before timing out. The value for the command timeout must
444 # be less than the value of the persistent connection idle timeout (connect_timeout)
445 # The default value is 30 second.
446 #command_timeout = 30
447
448 [accelerate]
449 #accelerate_port = 5099
450 #accelerate_timeout = 30
451 #accelerate_connect_timeout = 5.0
452
453 # The daemon timeout is measured in minutes. This time is measured
454 # from the last activity to the accelerate daemon.
455 #accelerate_daemon_timeout = 30
456
457 # If set to yes, accelerate_multi_key will allow multiple
458 # private keys to be uploaded to it, though each user must
459 # have access to the system via SSH to add a new key. The default
460 # is "no".
461 #accelerate_multi_key = yes
462
463 [selinux]
464 # file systems that require special treatment when dealing with security context
465 # the default behaviour that copies the existing context or uses the user default
466 # needs to be changed to use the file system dependent context.
467 #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
468
469 # Set this to yes to allow libvirt_lxc connections to work without SELinux.
470 #libvirt_lxc_noseclabel = yes
471
472 [colors]
473 #highlight = white
474 #verbose = blue
475 #warn = bright purple
476 #error = red
477 #debug = dark gray
478 #deprecate = purple
479 #skip = cyan
480 #unreachable = red
481 #ok = green
482 #changed = yellow
483 #diff_add = green
484 #diff_remove = red
485 #diff_lines = cyan
486
487
488 [diff]
489 # Always print diff when running ( same as always running with -D/--diff )
490 # always = no
491
492 # Set how many context lines to show in diff
493 # context = 3
最新文章
- mybatis缓存
- [pdf.js]预览pdf时,中文名称乱码的问题
- Ubuntu 开机自启动工具 update-rd.d 使用详解
- python之chardet库
- (二)Java对象与内存控制
- C++使用模版技术将任意类型的数据转为某个类型的数据
- 《UNIX环境高级编程》笔记--信号集
- proxy 利用get拦截,实现一个生成各种DOM节点的通用函数dom。
- 在SQL2005中部署CLR 程序集
- 在ASP.NET MVC 中获取当前URL、controller、action(转)
- vim 字符串替换整理
- 理解性能的奥秘——应用程序中慢,SSMS中快(5)——案例:如何应对参数嗅探
- vue学习笔记(nvm安装)
- Gym 102056I - Misunderstood … Missing - [DP][The 2018 ICPC Asia-East Continent Final Problem I]
- [android] 手机卫士欢迎细节和主界面
- android 简单的读写联系人
- 网络侦查与网络扫描-P201421410029
- Spark-自定义排序
- SpringBoot(二) Core Features: SpringApplication
- Java并发编程原理与实战三:多线程与多进程的联系以及上下文切换所导致资源浪费问题