vagrant/website/source/docs/provisioning/ansible_common.html.md

11 KiB

layout page_title sidebar_current description
docs Common Ansible Options - Provisioning provisioning-ansible-common This page details the common options to the Vagrant Ansible provisioners.

Shared Ansible Options

The following options are available to both Vagrant Ansible provisioners:

These options get passed to the ansible-playbook command that ships with Ansible, either via command line arguments or environment variables, depending on Ansible own capabilities.

Some of these options are for advanced usage only and should not be used unless you understand their purpose.

  • become (boolean) - Perform all the Ansible playbook tasks as another user, different from the user used to log into the guest system.

    The default value is false.

  • become_user (string) - Set the default username to be used by the Ansible become privilege escalation mechanism.

    By default this option is not set, and the Ansible default value (root) will be used.

  • compatibility_mode (string) - Set the minimal version of Ansible to be supported. Vagrant will only use parameters that are compatible with the given version.

    Possible values:

    • "auto" (Vagrant will automatically select the optimal compatibility mode by checking the Ansible version currently available)
    • "1.8" (Ansible versions prior to 1.8 should mostly work well, but some options might not be supported)
    • "2.0" (The generated Ansible inventory will be incompatible with Ansible 1.x)

    By default this option is set to "auto". If Vagrant is not able to detect any supported Ansible version, it will fall back on the compatibility mode "1.8" with a warning.

    Vagrant will error if the specified compatibility mode is incompatible with the current Ansible version.

    Attention: Vagrant doesn't perform any validation between the `compatibility_mode` value and the value of the [`version`](#version) option.
    Compatibility Note: This option was introduced in Vagrant 2.0. The behavior of previous Vagrant versions can be simulated by setting the `compatibility_mode` to `"1.8"`.
  • config_file (string) - The path to an Ansible Configuration file.

    By default, this option is not set, and Ansible will search for a possible configuration file in some default locations.

  • extra_vars (string or hash) - Pass additional variables (with highest priority) to the playbook.

    This parameter can be a path to a JSON or YAML file, or a hash.

    Example:

    ansible.extra_vars = {
      ntp_server: "pool.ntp.org",
      nginx: {
        port: 8008,
        workers: 4
      }
    }
    

    These variables take the highest precedence over any other variables.

  • galaxy_command (template string) - The command pattern used to install Galaxy roles when galaxy_role_file is set.

    The following (optional) placeholders can be used in this command pattern:

    • %{role_file} is replaced by the absolute path to the galaxy_role_file option
    • %{roles_path} is
      • replaced by the absolute path to the galaxy_roles_path option when such option is defined, or
      • replaced by the absolute path to a roles subdirectory sitting in the playbook parent directory.

    By default, this option is set to

    ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path} --force

    Example:

    Vagrant.configure(2) do |config|
      config.vm.box = "centos/7"
      config.vm.provision "ansible_local" do |ansible|        
        ansible.playbook = "/vagrant/playbook.yml"
        ansible.galaxy_role_file = "/vagrant/requirements.yml"
        ansible.galaxy_role_path = "/etc/ansible/roles"
        ansible.galaxy_command = "sudo ansible-galaxy install --force --ignore-certs --role-file=%{role_file} --roles-path=%{roles_path}"
      end
    end
    
  • galaxy_role_file (string) - The path to the Ansible Galaxy role file.

    By default, this option is set to nil and Galaxy support is then disabled.

    Note: if an absolute path is given, the ansible_local provisioner will assume that it corresponds to the exact location on the guest system.

  • galaxy_roles_path (string) - The path to the directory where Ansible Galaxy roles must be installed

    By default, this option is set to nil, which means that the Galaxy roles will be installed in a roles subdirectory located in the parent directory of the playbook file.

    Be careful that ansible-galaxy command is by default run as vagrant user. Setting galaxy_roles_path to a folder like /etc/ansible/roles will fail silently : unable to write there, ansible-galaxy will extract the role a second time in a /home/vagrant/.ansible/roles/. Then if your playbook uses become: true user: root, it will fail with a "role was not found". To work around that, use ansible.galaxy_command to include a sudo ansible-galaxy ....

  • groups (hash) - Set of inventory groups to be included in the auto-generated inventory file.

    Example:

    ansible.groups = {
      "web" => ["vm1", "vm2"],
      "db"  => ["vm3"]
    }
    

    Example with group variables:

    ansible.groups = {
      "atlanta" => ["host1", "host2"],
      "atlanta:vars" => {"ntp_server" => "ntp.atlanta.example.com",
                         "proxy" => "proxy.atlanta.example.com"}
    }
    

    Notes:

    • Alphanumeric patterns are not supported (e.g. db-[a:f], vm[01:10]).
    • This option has no effect when the inventory_path option is defined.
  • host_vars (hash) - Set of inventory host variables to be included in the auto-generated inventory file.

    Example:

    ansible.host_vars = {
      "host1" => {"http_port" => 80,
                  "maxRequestsPerChild" => 808},
                  "comments" => "text with spaces",
      "host2" => {"http_port" => 303,
                  "maxRequestsPerChild" => 909}
    }
    

    Note: This option has no effect when the inventory_path option is defined.

  • inventory_path (string) - The path to an Ansible inventory resource (e.g. a static inventory file, a dynamic inventory script or even multiple inventories stored in the same directory).

    By default, this option is disabled and Vagrant generates an inventory based on the Vagrantfile information.

  • limit (string or array of strings) - Set of machines or groups from the inventory file to further control which hosts are affected.

    The default value is set to the machine name (taken from Vagrantfile) to ensure that vagrant provision command only affect the expected machine.

    Setting limit = "all" can be used to make Ansible connect to all machines from the inventory file.

  • playbook_command (string) - The command used to run playbooks.

    The default value is ansible-playbook

  • raw_arguments (array of strings) - a list of additional ansible-playbook arguments.

    It is an unsafe wildcard that can be used to apply Ansible options that are not (yet) supported by this Vagrant provisioner. As of Vagrant 1.7, raw_arguments has the highest priority and its values can potentially override or break other Vagrant settings.

    Examples:

    • ['--check', '-M', '/my/modules']
    • ["--connection=paramiko", "--forks=10"]
    Attention: The `ansible` provisioner does not support whitespace characters in `raw_arguments` elements. Therefore **don't write** something like `["-c paramiko"]`, which will result with an invalid `" paramiko"` parameter value.
  • skip_tags (string or array of strings) - Only plays, roles and tasks that do not match these values will be executed.

  • start_at_task (string) - The task name where the playbook execution will start.

  • sudo (boolean) - Backwards compatible alias for the become option.

    Deprecation: The `sudo` option is deprecated and will be removed in a future release. Please use the [**`become`**](#become) option instead.
  • sudo_user (string) - Backwards compatible alias for the become_user option.

    Deprecation: The `sudo_user` option is deprecated and will be removed in a future release. Please use the [**`become_user`**](#become_user) option instead.
  • tags (string or array of strings) - Only plays, roles and tasks tagged with these values will be executed .

  • vault_password_file (string) - The path of a file containing the password used by Ansible Vault.

  • verbose (boolean or string) - Set Ansible's verbosity to obtain detailed logging

    Default value is false (minimal verbosity).

    Examples: true (equivalent to v), -vvv (equivalent to vvv), vvvv.

    Note that when the verbose option is enabled, the ansible-playbook command used by Vagrant will be displayed.

  • version (string) - The expected Ansible version.

    This option is disabled by default.

    When an Ansible version is defined (e.g. "2.1.6.0"), the Ansible provisioner will be executed only if Ansible is installed at the requested version.

    When this option is set to "latest", no version check is applied.

    Tip: With the `ansible_local` provisioner, it is currently possible to use this option to specify which version of Ansible must be automatically installed, but only in combination with the [**`install_mode`**](/docs/provisioning/ansible_local.html#install_mode) set to `:pip`.