What a mess: Ansible connection and become plugins configuration

1 Too many places to configure ansible

There are four different places where ansible connection/become behaviors can be configured.

https://docs.ansible.com/ansible/2.8/plugins/become.html

• Configuration settings

• Command-line options

• Playbook keywords

• Variables

For variables, there are even more places to define them.

https://docs.ansible.com/ansible/2.8/user_guide/playbooks_variables.html#ansible-variable-precedence

1. command line values (eg “-u user”)

2. role defaults 1

3. inventory file or script group vars 2

4. inventory group_vars/all 3

5. playbook group_vars/all 3

6. inventory group_vars/* 3

7. playbook group_vars/* 3

8. inventory file or script host vars 2

9. inventory host_vars/* 3

10. playbook host_vars/* 3

11. host facts / cached set_facts 4

12. play vars

13. play vars_prompt

14. play vars_files

15. role vars (defined in role/vars/main.yml)

16. block vars (only for tasks in block)

17. task vars (only for the task)

18. include_vars

19. set_facts / registered vars

20. role (and include_role) params

21. include params

22. extra vars (always win precedence)

2 Examples

2.1 for ssh connection plugin

Playbook_keywords     General_variables     plugin_specific_variables

connection:ssh

                      ansible_host           ansible_ssh_host

                      ansible_port           ansible_ssh_port

                      ansible_user           ansible_ssh_user

 remote_user          ansible_password       ansible_ssh_password

 

 2.2 for su become plugin

Playbook_keywords     General_variables     plugin_specific_variables

become: yes

become_method: su

become_method         ansible_become_exe     ansible_su_exe

become_user           ansible_become_user    ansible_su_user

                      ansible_become_pass    ansible_su_pass

3 where to find help?

ansible-doc -h

ansible-doc -t connection -l

ansible-doc -t connection ssh

ansible-doc -t become -l

ansible-doc -t become su