If you want to use Ansible to really empower your configuration management function, its important to have a solid understanding of how variables work.
Here’s a few must-knows:
Values in ansible.cfg are environment variables, not script variables
The ansible.cfg file is provided to allow the user set default values that are used when ansible is executed from a local environment. This file isn’t a YAML file, which is why assignments use “=” rather than “:”.
The values in this file are set as environment variables when Ansible runs. You cannot access these values directly as script variables eg
remote_user = root
does not provide you with a
{{ remote_user }}
variable in your playbooks.
Its important to create your variables in the right place: inventory or play
Generally, a variable will apply to either a host (or group of hosts), or to a task (play) within a playbook. Decide early where your variable applies and create it in the right place.
For variables that apply to hosts (eg a username to login with) create the variable in either:
Your inventory file:
[server_group_1] server1 ansible_ssh_user=admin
Under your group_vars directory:
#file: ./groups_vars/server_group_1 ansible_ssh_user=admin
Under your host_vars directory:
#file: ./host_vars/server1 ansible_ssh_user=admin
You can also create host-related variables deeper in your playbook:
- hosts: webservers remote_user: admin
but I don’t recommend this. Ansible provides sufficient functionality to create an abstraction layer for variables above the play/task level, and it makes sense to use it.
For variables that are specific to plays, the value can be set closer to the point of execution, for example:
After the hosts specification:
- hosts: webservers vars: app_version: 12.03
As a parameter for the role that is being applied to the hosts:
- hosts: webservers roles: - { role: app, app_version: 12.03 }
Variables in Ansible have precedence rules
Particular care needs to be paid to precedence. In instances, you may want a variable to have an absolute value which cannot be changed by an assignment in any other part of the playbook or from the command line. In other instances you may wish to allow a variable to be changed. These behaviours are controlled by where you create the assignment of the variable.