ansible/docs/templates/config.rst.j2

.. _ansible_configuration_settings:

{% set name = 'Ansible Configuration Settings' -%}
{% set name_slug = 'config' -%}

{% set name_len = name|length + 0-%}
{{ '=' * name_len }}
{{name}}
{{ '=' * name_len }}

Ansible supports a few ways of providing configuration variables, mainly through environment variables, command line switches and an ini file named ``ansible.cfg``.

Starting at Ansible 2.4 the ``ansible-config`` utility allows users to see all the configuration settings available, their defaults, how to set them and
where their current value comes from. See :ref:`ansible-config` for more information.

.. _ansible_configuration_settings_locations:

The configuration file
======================

Changes can be made and used in a configuration file which will be searched for in the following order:

 * ``ANSIBLE_CONFIG`` (environment variable if set)
 * ``ansible.cfg`` (in the current directory)
 * ``~/.ansible.cfg`` (in the home directory)
 * ``/etc/ansible/ansible.cfg``

Ansible will process the above list and use the first file found, all others are ignored.

.. note::

   The configuration file is one variant of an INI format.
   Both the hash sign (``#``) and semicolon (``;``) are allowed as
   comment markers when the comment starts the line.
   However, if the comment is inline with regular values,
   only the semicolon is allowed to introduce the comment.
   For instance::

        # some basic default values...
        inventory = /etc/ansible/hosts  ; This points to the file that lists your hosts


.. _cfg_in_world_writable_dir:

Avoiding security risks with ``ansible.cfg`` in the current directory
---------------------------------------------------------------------


If Ansible were to load :file:ansible.cfg from a world-writable current working
directory, it would create a serious security risk. Another user could place
their own config file there, designed to make Ansible run malicious code both
locally and remotely, possibly with elevated privileges. For this reason,
Ansible will not automatically load a config file from the current working
directory if the directory is world-writable.

If you depend on using Ansible with a config file in the current working
directory, the best way to avoid this problem is to restrict access to your
Ansible directories to particular user(s) and/or group(s). If your Ansible
directories live on a filesystem which has to emulate Unix permissions, like
Vagrant or Windows Subsystem for Linux (WSL), you may, at first, not know how
you can fix this as ``chmod``, ``chown``, and ``chgrp`` might not work there.
In most of those cases, the correct fix is to modify the mount options of the
filesystem so the files and directories are readable and writable by the users
and groups running Ansible but closed to others.  For more details on the
correct settings, see:

* for Vagrant, Jeremy Kendall's `blog post <http://jeremykendall.net/2013/08/09/vagrant-synced-folders-permissions/>`_ covers synced folder permissions. 
* for WSL, the `WSL docs <https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings>`_
  and this `Microsoft blog post <https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/>`_ cover mount options.

If you absolutely depend on having the config live in a world-writable current
working directory, you can explicitly specify the config file via the
:envvar:`ANSIBLE_CONFIG` environment variable. Please take
appropriate steps to mitigate the security concerns above before doing so.


Common Options
==============

This is a copy of the options available from our release, your local install might have extra options due to additional plugins,
you can use the command line utility mentioned above (`ansible-config`) to browse through those.

{% if config_options %}


{% for config_option in config_options|sort %}
{% set config_len = config_option|length -%}
{% set config = config_options[config_option] %}
.. _{{config_option}}:

{{config_option}}
{{ '-' * config_len }}

{% if config['description'] and config['description'] != [''] %}
{% if config['description'] != ['TODO: write it'] %}
:Description: {{' '.join(config['description'])}}
{% endif %}
{% endif %}
{% if config['type'] %}
:Type: {{config['type']}}
{% endif %}
:Default: {{config['default']}}
{% if config['version_added'] %}
:Version Added: {{config['version_added']}}
{% endif %}
{% for ini_map in config['ini']|sort(attribute='section') %}
:Ini Section: {{ini_map['section']}}
:Ini Key: {{ini_map['key']}}
{% endfor %}
{% for env_var_map in config['env']|sort(attribute='name') %}
:Environment: :envvar:`{{env_var_map['name']}}`
{% endfor %}
{% if config['deprecated'] %}
:Deprecated in: {{config['deprecated']['version']}}
:Deprecated detail: {{config['deprecated']['why']}}
:Deprecated alternatives: {{config['deprecated']['alternatives']}}
{% endif %}

{% endfor %}

Environment Variables
=====================

.. envvar:: ANSIBLE_CONFIG


    Override the default ansible config file


{% for config_option in config_options %}
{% for env_var_map in config_options[config_option]['env'] %}
.. envvar:: {{env_var_map['name']}}

{% if config_options[config_option]['description']  and config_options[config_option]['description'] != [''] %}
{% if config_options[config_option]['description'] != ['TODO: write it'] %}
    {{ ''.join(config_options[config_option]['description']) }}
{% endif %}
{% endif %}

    See also :ref:`{{config_option}} <{{config_option}}>`

{% endfor %}

{% endfor %}

{% endif %}