-
Notifications
You must be signed in to change notification settings - Fork 23.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ansible.cfg lookup paths for ansible-playbook #11175
Comments
On 5 June 2015 at 00:16, Tyler Kellen notifications@github.com wrote:
Given an ansible.cfg is often tightly related to the project, I think this Configuration of ansible should be part of the playbook scripts. (I One thing to consider though, might be how that extra path looks like in I often have my global playbook as ./main.yml which includes playbooks from -- Serge |
Perhaps this should be augmented to traverse from the playbook directory upwards until an ansible.cfg is found? I also wish you could control all of these options from a playbook rather than having an extra config file, but that seems like a much larger technical hurdle (I've looked into the codebase to attempt this for a few specific options). |
It could also be an option in the playbook itself, to reference the relevant ansible.cfg. I believe this would require re-spawning the process though. Basically, I'm looking for any guidance for what would be an acceptable solution to solve this:
|
actually, I don't think 'current directory' should be picked up, it should have always been 'play adjacent' |
@bcoca +1 |
Current directory shouldn't be changed though. Changing it would likely causes issues at this point |
but I can add BIG DEPRECATION warning .... |
Doing so would have a negative affect on the ansible ad-hoc command which has no playbook. Also I have a set of playbooks which I use for various customers that are actually all the same, but I have individual directories with ansible.cfg files that I to perform my execution from. My other primary environment has a site.yml in the root, and all other playbooks in a playbooks directory. I don't always run site.yml, this would require me to symlink, which would also make it more complicated for my team, since the ansible.cfg is not part of the repo, due to individual differences. Not sure there is really a problem with leaving it around. Just want to make sure I provide some additional context and use cases. |
@sivel my concern is that this can become a security issue pretty fast ( cd /tmp; asnible.cfg with roles pointing to suspect code ....) |
Deprecation of the existing functionality or not, it would be a huge boon to my team if this could be added in some fashion! |
I could perhaps live with deprecating the current directory, but only if good alternatives exist. I know of a couple of projects that rely on this functionality (e.g. stackforge/openstack-ansible-deployment). Whilst adjacent to the playbook makes a lot more sense (some options change behaviour of playbooks, e.g. the merge dict option), let's keep in mind a lot of projects do playbook includes from other directories, and all of those playbooks might need the link to that config. So this should be thought through very well. Should we take into account all the Now I think of it, the example of the |
ok, going back to the original issue ... ansible.cfg search locations, I'm good with following the list in the original post, but would like to check for 'world writable' directory ^ does that work for everyone? |
I think that should suffice. |
This comment has been minimized.
This comment has been minimized.
Do you mean only looking at the path of the playbook given to ansible-playbook? Which would then break if one was to target directly an playbook that the former includes from another directory? |
* See related issue ansible/ansible#11175 * ansible-playbook will need to be run from the project root for ssh agent forwarding (defined in ansible.cfg) to work.
Say, is this going to become a reality in Ansible 2.0? |
This comment has been minimized.
This comment has been minimized.
1 similar comment
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This support would allow a substantial improvement towards reusability and segregation of roles. Here is what I consider an ideal configuration:
Running: ansible-playbook -i environments/production/inventory environments/production/site.yml --limit <tier> -v Simpler environments would just benefit of what we have today as "ansible.cfg (in the current directory)" and would work nicely. Huge 👍 for this built-in in Ansible. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Righto, then strike option 5. Still think that as a temporary solution number 2 should work fine. Option 4 is good, but that is too big of a change for same major version IMO. I will prepare the PR for this. The change should be pretty minimal. |
This comment has been minimized.
This comment has been minimized.
Any update on this? It seems like a big gap that I can't specify it in the cli. |
make ansible-playbook logging via ANSIBLE_LOG_PATH env variable. Unfortunately we cannot use a single ansible.cfg file in our playbooks directory due to ansible/ansible#11175 We cannot neither use plain ansible logger facility since it's just based on utils/display.py See: ansible/ansible#25761 (comment) Current log format is really poor, we have more details in the extra dicitonay but we are not writing it. There is no filtering at all for sensitive information. Change-Id: Idc9eb76ea295462e51ca32fd376946c15d44ef56 Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
closing as paths are not going to change at this point for ansible.cfg. But keeping this in mind if we ever switch to a new yaml based config file |
curious what does the format of the cfg file have to do w/ the path? |
re implementing how config works to be mergeable and hierarchical gives the me license of setting a new 'discovery path' and leave the current ansible.cfg as for those that don't want to move to the new option. |
ISSUE TYPE
Feature Idea
COMPONENT NAME
ansible.cfg
ANSIBLE VERSION
N/A
SUMMARY
Would ya'll be open to a PR that adds a new location for finding
ansible.cfg
?I would like for
ansible-playbook
to search sibling to the playbook being used. I think it should be possible to runansible-playbook
from any directory without modifying global or per-user configuration files and have customizedansible.cfg
settings respected.I'm proposing a lookup precedence of:
I understand this wouldn't make sense for the
ansible
command, but I'm hopeful that isn't considered an issue."The text was updated successfully, but these errors were encountered: