Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
 
 
 
 
 

490 righe
19 KiB

  1. # config file for ansible -- https://ansible.com/
  2. # ===============================================
  3. # nearly all parameters can be overridden in ansible-playbook
  4. # or with command line flags. ansible will read ANSIBLE_CONFIG,
  5. # ansible.cfg in the current working directory, .ansible.cfg in
  6. # the home directory or /etc/ansible/ansible.cfg, whichever it
  7. # finds first
  8. [defaults]
  9. # some basic default values...
  10. inventory = ./hosts.yaml
  11. stdout_callback = debug
  12. #library = /usr/share/my_modules/
  13. #module_utils = /usr/share/my_module_utils/
  14. #local_tmp = ~/.ansible/tmp
  15. #plugin_filters_cfg = /etc/ansible/plugin_filters.yml
  16. #forks = 5
  17. #poll_interval = 15
  18. #sudo_user = root
  19. #ask_sudo_pass = True
  20. #ask_pass = True
  21. #transport = smart
  22. #remote_port = 22
  23. #module_lang = C
  24. #module_set_locale = False
  25. # plays will gather facts by default, which contain information about
  26. # the remote system.
  27. #
  28. # smart - gather by default, but don't regather if already gathered
  29. # implicit - gather by default, turn off with gather_facts: False
  30. # explicit - do not gather by default, must say gather_facts: True
  31. #gathering = implicit
  32. # This only affects the gathering done by a play's gather_facts directive,
  33. # by default gathering retrieves all facts subsets
  34. # all - gather all subsets
  35. # network - gather min and network facts
  36. # hardware - gather hardware facts (longest facts to retrieve)
  37. # virtual - gather min and virtual facts
  38. # facter - import facts from facter
  39. # ohai - import facts from ohai
  40. # You can combine them using comma (ex: network,virtual)
  41. # You can negate them using ! (ex: !hardware,!facter,!ohai)
  42. # A minimal set of facts is always gathered.
  43. #gather_subset = all
  44. # some hardware related facts are collected
  45. # with a maximum timeout of 10 seconds. This
  46. # option lets you increase or decrease that
  47. # timeout to something more suitable for the
  48. # environment.
  49. # gather_timeout = 10
  50. # Ansible facts are available inside the ansible_facts.* dictionary
  51. # namespace. This setting maintains the behaviour which was the default prior
  52. # to 2.5, duplicating these variables into the main namespace, each with a
  53. # prefix of 'ansible_'.
  54. # This variable is set to True by default for backwards compatibility. It
  55. # will be changed to a default of 'False' in a future release.
  56. # ansible_facts.
  57. # inject_facts_as_vars = True
  58. # additional paths to search for roles in, colon separated
  59. #roles_path = /etc/ansible/roles
  60. # uncomment this to disable SSH key host checking
  61. #host_key_checking = False
  62. # change the default callback, you can only have one 'stdout' type enabled at a time.
  63. #stdout_callback = skippy
  64. ## Ansible ships with some plugins that require whitelisting,
  65. ## this is done to avoid running all of a type by default.
  66. ## These setting lists those that you want enabled for your system.
  67. ## Custom plugins should not need this unless plugin author specifies it.
  68. # enable callback plugins, they can output to stdout but cannot be 'stdout' type.
  69. #callback_whitelist = timer, mail
  70. # Determine whether includes in tasks and handlers are "static" by
  71. # default. As of 2.0, includes are dynamic by default. Setting these
  72. # values to True will make includes behave more like they did in the
  73. # 1.x versions.
  74. #task_includes_static = False
  75. #handler_includes_static = False
  76. # Controls if a missing handler for a notification event is an error or a warning
  77. #error_on_missing_handler = True
  78. # change this for alternative sudo implementations
  79. #sudo_exe = sudo
  80. # What flags to pass to sudo
  81. # WARNING: leaving out the defaults might create unexpected behaviours
  82. #sudo_flags = -H -S -n
  83. # SSH timeout
  84. #timeout = 10
  85. # default user to use for playbooks if user is not specified
  86. # (/usr/bin/ansible will use current user as default)
  87. #remote_user = root
  88. # logging is off by default unless this path is defined
  89. # if so defined, consider logrotate
  90. #log_path = /var/log/ansible.log
  91. # default module name for /usr/bin/ansible
  92. #module_name = command
  93. # use this shell for commands executed under sudo
  94. # you may need to change this to bin/bash in rare instances
  95. # if sudo is constrained
  96. #executable = /bin/sh
  97. # if inventory variables overlap, does the higher precedence one win
  98. # or are hash values merged together? The default is 'replace' but
  99. # this can also be set to 'merge'.
  100. #hash_behaviour = replace
  101. # by default, variables from roles will be visible in the global variable
  102. # scope. To prevent this, the following option can be enabled, and only
  103. # tasks and handlers within the role will see the variables there
  104. #private_role_vars = yes
  105. # list any Jinja2 extensions to enable here:
  106. #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
  107. # if set, always use this private key file for authentication, same as
  108. # if passing --private-key to ansible or ansible-playbook
  109. #private_key_file = /path/to/file
  110. # If set, configures the path to the Vault password file as an alternative to
  111. # specifying --vault-password-file on the command line.
  112. # format of string {{ ansible_managed }} available within Jinja2
  113. # templates indicates to users editing templates files will be replaced.
  114. # replacing {file}, {host} and {uid} and strftime codes with proper values.
  115. #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
  116. # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
  117. # in some situations so the default is a static string:
  118. #ansible_managed = Ansible managed
  119. # by default, ansible-playbook will display "Skipping [host]" if it determines a task
  120. # should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
  121. # messages. NOTE: the task header will still be shown regardless of whether or not the
  122. # task is skipped.
  123. #display_skipped_hosts = True
  124. # by default, if a task in a playbook does not include a name: field then
  125. # ansible-playbook will construct a header that includes the task's action but
  126. # not the task's args. This is a security feature because ansible cannot know
  127. # if the *module* considers an argument to be no_log at the time that the
  128. # header is printed. If your environment doesn't have a problem securing
  129. # stdout from ansible-playbook (or you have manually specified no_log in your
  130. # playbook on all of the tasks where you have secret information) then you can
  131. # safely set this to True to get more informative messages.
  132. #display_args_to_stdout = False
  133. # by default (as of 1.3), Ansible will raise errors when attempting to dereference
  134. # Jinja2 variables that are not set in templates or action lines. Uncomment this line
  135. # to revert the behavior to pre-1.3.
  136. #error_on_undefined_vars = False
  137. # by default (as of 1.6), Ansible may display warnings based on the configuration of the
  138. # system running ansible itself. This may include warnings about 3rd party packages or
  139. # other conditions that should be resolved if possible.
  140. # to disable these warnings, set the following value to False:
  141. #system_warnings = True
  142. # by default (as of 1.4), Ansible may display deprecation warnings for language
  143. # features that should no longer be used and will be removed in future versions.
  144. # to disable these warnings, set the following value to False:
  145. #deprecation_warnings = True
  146. # (as of 1.8), Ansible can optionally warn when usage of the shell and
  147. # command module appear to be simplified by using a default Ansible module
  148. # instead. These warnings can be silenced by adjusting the following
  149. # setting or adding warn=yes or warn=no to the end of the command line
  150. # parameter string. This will for example suggest using the git module
  151. # instead of shelling out to the git command.
  152. # command_warnings = False
  153. # set plugin path directories here, separate with colons
  154. #action_plugins = /usr/share/ansible/plugins/action
  155. #become_plugins = /usr/share/ansible/plugins/become
  156. #cache_plugins = /usr/share/ansible/plugins/cache
  157. #callback_plugins = /usr/share/ansible/plugins/callback
  158. #connection_plugins = /usr/share/ansible/plugins/connection
  159. #lookup_plugins = /usr/share/ansible/plugins/lookup
  160. #inventory_plugins = /usr/share/ansible/plugins/inventory
  161. #vars_plugins = /usr/share/ansible/plugins/vars
  162. #filter_plugins = /usr/share/ansible/plugins/filter
  163. #test_plugins = /usr/share/ansible/plugins/test
  164. #terminal_plugins = /usr/share/ansible/plugins/terminal
  165. #strategy_plugins = /usr/share/ansible/plugins/strategy
  166. # by default, ansible will use the 'linear' strategy but you may want to try
  167. # another one
  168. #strategy = free
  169. # by default callbacks are not loaded for /bin/ansible, enable this if you
  170. # want, for example, a notification or logging callback to also apply to
  171. # /bin/ansible runs
  172. #bin_ansible_callbacks = False
  173. # don't like cows? that's unfortunate.
  174. # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
  175. #nocows = 1
  176. # set which cowsay stencil you'd like to use by default. When set to 'random',
  177. # a random stencil will be selected for each task. The selection will be filtered
  178. # against the `cow_whitelist` option below.
  179. #cow_selection = default
  180. #cow_selection = random
  181. # when using the 'random' option for cowsay, stencils will be restricted to this list.
  182. # it should be formatted as a comma-separated list with no spaces between names.
  183. # NOTE: line continuations here are for formatting purposes only, as the INI parser
  184. # in python does not support them.
  185. #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
  186. # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
  187. # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
  188. # don't like colors either?
  189. # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
  190. #nocolor = 1
  191. # if set to a persistent type (not 'memory', for example 'redis') fact values
  192. # from previous runs in Ansible will be stored. This may be useful when
  193. # wanting to use, for example, IP information from one group of servers
  194. # without having to talk to them in the same playbook run to get their
  195. # current IP information.
  196. #fact_caching = memory
  197. #This option tells Ansible where to cache facts. The value is plugin dependent.
  198. #For the jsonfile plugin, it should be a path to a local directory.
  199. #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
  200. #fact_caching_connection=/tmp
  201. # retry files
  202. # When a playbook fails a .retry file can be created that will be placed in ~/
  203. # You can enable this feature by setting retry_files_enabled to True
  204. # and you can change the location of the files by setting retry_files_save_path
  205. retry_files_enabled = False
  206. #retry_files_save_path = ~/.ansible-retry
  207. # squash actions
  208. # Ansible can optimise actions that call modules with list parameters
  209. # when looping. Instead of calling the module once per with_ item, the
  210. # module is called once with all items at once. Currently this only works
  211. # under limited circumstances, and only with parameters named 'name'.
  212. #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
  213. # prevents logging of task data, off by default
  214. #no_log = False
  215. # prevents logging of tasks, but only on the targets, data is still logged on the master/controller
  216. #no_target_syslog = False
  217. # controls whether Ansible will raise an error or warning if a task has no
  218. # choice but to create world readable temporary files to execute a module on
  219. # the remote machine. This option is False by default for security. Users may
  220. # turn this on to have behaviour more like Ansible prior to 2.1.x. See
  221. # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
  222. # for more secure ways to fix this than enabling this option.
  223. #allow_world_readable_tmpfiles = False
  224. # controls the compression level of variables sent to
  225. # worker processes. At the default of 0, no compression
  226. # is used. This value must be an integer from 0 to 9.
  227. #var_compression_level = 9
  228. # controls what compression method is used for new-style ansible modules when
  229. # they are sent to the remote system. The compression types depend on having
  230. # support compiled into both the controller's python and the client's python.
  231. # The names should match with the python Zipfile compression types:
  232. # * ZIP_STORED (no compression. available everywhere)
  233. # * ZIP_DEFLATED (uses zlib, the default)
  234. # These values may be set per host via the ansible_module_compression inventory
  235. # variable
  236. #module_compression = 'ZIP_DEFLATED'
  237. # This controls the cutoff point (in bytes) on --diff for files
  238. # set to 0 for unlimited (RAM may suffer!).
  239. #max_diff_size = 1048576
  240. # This controls how ansible handles multiple --tags and --skip-tags arguments
  241. # on the CLI. If this is True then multiple arguments are merged together. If
  242. # it is False, then the last specified argument is used and the others are ignored.
  243. # This option will be removed in 2.8.
  244. #merge_multiple_cli_flags = True
  245. # Controls showing custom stats at the end, off by default
  246. #show_custom_stats = True
  247. # Controls which files to ignore when using a directory as inventory with
  248. # possibly multiple sources (both static and dynamic)
  249. #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
  250. # This family of modules use an alternative execution path optimized for network appliances
  251. # only update this setting if you know how this works, otherwise it can break module execution
  252. #network_group_modules=eos, nxos, ios, iosxr, junos, vyos
  253. # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
  254. # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
  255. # jinja2 templating language which will be run through the templating engine.
  256. # ENABLING THIS COULD BE A SECURITY RISK
  257. #allow_unsafe_lookups = False
  258. # set default errors for all plays
  259. #any_errors_fatal = False
  260. [inventory]
  261. # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
  262. #enable_plugins = host_list, virtualbox, yaml, constructed
  263. # ignore these extensions when parsing a directory as inventory source
  264. #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
  265. # ignore files matching these patterns when parsing a directory as inventory source
  266. #ignore_patterns=
  267. # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
  268. #unparsed_is_failed=False
  269. [privilege_escalation]
  270. #become=True
  271. #become_method=sudo
  272. #become_user=root
  273. #become_ask_pass=False
  274. [paramiko_connection]
  275. # uncomment this line to cause the paramiko connection plugin to not record new host
  276. # keys encountered. Increases performance on new host additions. Setting works independently of the
  277. # host key checking setting above.
  278. #record_host_keys=False
  279. # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
  280. # line to disable this behaviour.
  281. #pty=False
  282. # paramiko will default to looking for SSH keys initially when trying to
  283. # authenticate to remote devices. This is a problem for some network devices
  284. # that close the connection after a key failure. Uncomment this line to
  285. # disable the Paramiko look for keys function
  286. #look_for_keys = False
  287. # When using persistent connections with Paramiko, the connection runs in a
  288. # background process. If the host doesn't already have a valid SSH key, by
  289. # default Ansible will prompt to add the host key. This will cause connections
  290. # running in background processes to fail. Uncomment this line to have
  291. # Paramiko automatically add host keys.
  292. #host_key_auto_add = True
  293. [ssh_connection]
  294. # ssh arguments to use
  295. # Leaving off ControlPersist will result in poor performance, so use
  296. # paramiko on older platforms rather than removing it, -C controls compression use
  297. #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
  298. # The base directory for the ControlPath sockets.
  299. # This is the "%(directory)s" in the control_path option
  300. #
  301. # Example:
  302. # control_path_dir = /tmp/.ansible/cp
  303. #control_path_dir = ~/.ansible/cp
  304. # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
  305. # port and username (empty string in the config). The hash mitigates a common problem users
  306. # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
  307. # In those cases, a "too long for Unix domain socket" ssh error would occur.
  308. #
  309. # Example:
  310. # control_path = %(directory)s/%%h-%%r
  311. #control_path =
  312. # Enabling pipelining reduces the number of SSH operations required to
  313. # execute a module on the remote server. This can result in a significant
  314. # performance improvement when enabled, however when using "sudo:" you must
  315. # first disable 'requiretty' in /etc/sudoers
  316. #
  317. # By default, this option is disabled to preserve compatibility with
  318. # sudoers configurations that have requiretty (the default on many distros).
  319. #
  320. #pipelining = False
  321. # Control the mechanism for transferring files (old)
  322. # * smart = try sftp and then try scp [default]
  323. # * True = use scp only
  324. # * False = use sftp only
  325. #scp_if_ssh = smart
  326. # Control the mechanism for transferring files (new)
  327. # If set, this will override the scp_if_ssh option
  328. # * sftp = use sftp to transfer files
  329. # * scp = use scp to transfer files
  330. # * piped = use 'dd' over SSH to transfer files
  331. # * smart = try sftp, scp, and piped, in that order [default]
  332. #transfer_method = smart
  333. # if False, sftp will not use batch mode to transfer files. This may cause some
  334. # types of file transfer failures impossible to catch however, and should
  335. # only be disabled if your sftp version has problems with batch mode
  336. #sftp_batch_mode = False
  337. # The -tt argument is passed to ssh when pipelining is not enabled because sudo
  338. # requires a tty by default.
  339. #usetty = True
  340. # Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
  341. # For each retry attempt, there is an exponential backoff,
  342. # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
  343. #retries = 3
  344. [persistent_connection]
  345. # Configures the persistent connection timeout value in seconds. This value is
  346. # how long the persistent connection will remain idle before it is destroyed.
  347. # If the connection doesn't receive a request before the timeout value
  348. # expires, the connection is shutdown. The default value is 30 seconds.
  349. #connect_timeout = 30
  350. # The command timeout value defines the amount of time to wait for a command
  351. # or RPC call before timing out. The value for the command timeout must
  352. # be less than the value of the persistent connection idle timeout (connect_timeout)
  353. # The default value is 30 second.
  354. #command_timeout = 30
  355. [accelerate]
  356. #accelerate_port = 5099
  357. #accelerate_timeout = 30
  358. #accelerate_connect_timeout = 5.0
  359. # The daemon timeout is measured in minutes. This time is measured
  360. # from the last activity to the accelerate daemon.
  361. #accelerate_daemon_timeout = 30
  362. # If set to yes, accelerate_multi_key will allow multiple
  363. # private keys to be uploaded to it, though each user must
  364. # have access to the system via SSH to add a new key. The default
  365. # is "no".
  366. #accelerate_multi_key = yes
  367. [selinux]
  368. # file systems that require special treatment when dealing with security context
  369. # the default behaviour that copies the existing context or uses the user default
  370. # needs to be changed to use the file system dependent context.
  371. #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat
  372. # Set this to yes to allow libvirt_lxc connections to work without SELinux.
  373. #libvirt_lxc_noseclabel = yes
  374. [colors]
  375. #highlight = white
  376. #verbose = blue
  377. #warn = bright purple
  378. #error = red
  379. #debug = dark gray
  380. #deprecate = purple
  381. #skip = cyan
  382. #unreachable = red
  383. #ok = green
  384. #changed = yellow
  385. #diff_add = green
  386. #diff_remove = red
  387. #diff_lines = cyan
  388. [diff]
  389. # Always print diff when running ( same as always running with -D/--diff )
  390. # always = no
  391. # Set how many context lines to show in diff
  392. # context = 3