-
Notifications
You must be signed in to change notification settings - Fork 5
Configuration
DenAV edited this page Mar 19, 2026
·
3 revisions
All variables can be overridden via inventory, group_vars, host_vars, or --extra-vars.
| Variable | Description | Default |
|---|---|---|
npm_user |
NPM admin email (store in Vault) | — |
npm_password |
NPM admin password (store in Vault) | — |
npm_api_domain_name |
Domain name for the proxy host | "" |
npm_api_host |
Forward hostname / IP | "" |
| Variable | Description | Default |
|---|---|---|
npm_api_url |
NPM API base URL | http://localhost:81/api |
npm_api_state |
present to create, absent to delete |
present |
npm_api_ssl_forced |
Force SSL on the proxy host | false |
npm_api_letsencrypt_email |
Email for Let's Encrypt certificates | "" |
npm_api_host_port |
Forward port | 80 |
npm_api_hosts |
List of proxy hosts for batch operations (see below) | [] |
Each item in npm_api_hosts supports:
| Property | Required | Default | Description |
|---|---|---|---|
domain_name |
yes | — | Domain name for the proxy host |
host |
yes | — | Forward hostname / IP |
host_port |
no | 80 |
Forward port |
ssl_forced |
no | npm_api_ssl_forced |
Force SSL (determines execution phase) |
letsencrypt_email |
no | npm_api_letsencrypt_email |
Email for Let's Encrypt certificate |
state |
no | npm_api_state |
present or absent
|
SSL vs non-SSL execution: Hosts with
ssl_forced: falserun in parallel (fast, 30s timeout). Hosts withssl_forced: truerun sequentially withthrottle: 1(120s timeout) because Let's Encrypt certificate provisioning via certbot takes 10-30 seconds per domain.
The custom module library/npm_proxy.py accepts these parameters:
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
url |
str | yes | — | NPM API base URL |
token |
str | yes | — | API access token (obtained via /tokens endpoint) |
domain |
str | yes | — | Domain name for the proxy host |
host |
str | yes | — | Forward hostname / IP |
host_port |
int | no | 80 |
Forward port |
ssl_forced |
bool | no | true |
Force SSL |
letsencrypt_email |
str | no | "" |
Email for Let's Encrypt certificate |
state |
str | no | present |
present to create, absent to delete |
| File | Purpose |
|---|---|
roles/npm-management/defaults/main.yml |
Default values (lowest precedence, safe to override) |
roles/npm-management/vars/main.yml |
Role variables (higher precedence) |
roles/npm-management/vars/api_secret.yml |
API credentials (Ansible Vault encrypted) |
[npm]
localhost ansible_connection=local
[npm:vars]
npm_api_url=http://10.0.0.5:81/api# group_vars/npm.yml
npm_api_url: http://10.0.0.5:81/api
npm_api_ssl_forced: trueansible-playbook pl_npm-management.yml \
--extra-vars "npm_api_domain_name=site.example.com npm_api_host=172.16.0.10"From lowest to highest:
defaults/main.yml- Inventory variables
group_vars/host_vars/vars/main.yml- Task
vars: --extra-vars
Tip: Put
npm_api_urlindefaults/main.ymlor inventory so it can be easily overridden per environment.