mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2024-09-14 20:13:21 +02:00 
			
		
		
		
	- become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
		
			
				
	
	
		
			225 lines
		
	
	
	
		
			8.2 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
			
		
		
	
	
			225 lines
		
	
	
	
		
			8.2 KiB
		
	
	
	
		
			INI
		
	
	
	
	
	
| # config file for ansible -- http://ansible.com/
 | |
| # ==============================================
 | |
| 
 | |
| # nearly all parameters can be overridden in ansible-playbook 
 | |
| # or with command line flags. ansible will read ANSIBLE_CONFIG,
 | |
| # ansible.cfg in the current working directory, .ansible.cfg in
 | |
| # the home directory or /etc/ansible/ansible.cfg, whichever it
 | |
| # finds first
 | |
| 
 | |
| [defaults]
 | |
| 
 | |
| # some basic default values...
 | |
| 
 | |
| inventory      = /etc/ansible/hosts
 | |
| #library        = /usr/share/my_modules/
 | |
| remote_tmp     = $HOME/.ansible/tmp
 | |
| pattern        = *
 | |
| forks          = 5
 | |
| poll_interval  = 15
 | |
| sudo_user      = root
 | |
| #ask_sudo_pass = True
 | |
| #ask_pass      = True
 | |
| transport      = smart
 | |
| #remote_port    = 22
 | |
| module_lang    = C
 | |
| 
 | |
| # plays will gather facts by default, which contain information about
 | |
| # the remote system.
 | |
| #
 | |
| # smart - gather by default, but don't regather if already gathered
 | |
| # implicit - gather by default, turn off with gather_facts: False
 | |
| # explicit - do not gather by default, must say gather_facts: True
 | |
| gathering = implicit
 | |
| 
 | |
| # additional paths to search for roles in, colon separated
 | |
| #roles_path    = /etc/ansible/roles
 | |
| 
 | |
| # uncomment this to disable SSH key host checking
 | |
| #host_key_checking = False
 | |
| 
 | |
| # change this for alternative sudo implementations
 | |
| sudo_exe = sudo
 | |
| 
 | |
| # what flags to pass to sudo
 | |
| #sudo_flags = -H
 | |
| 
 | |
| # SSH timeout
 | |
| timeout = 10
 | |
| 
 | |
| # default user to use for playbooks if user is not specified
 | |
| # (/usr/bin/ansible will use current user as default)
 | |
| #remote_user = root
 | |
| 
 | |
| # logging is off by default unless this path is defined
 | |
| # if so defined, consider logrotate
 | |
| #log_path = /var/log/ansible.log
 | |
| 
 | |
| # default module name for /usr/bin/ansible
 | |
| #module_name = command
 | |
| 
 | |
| # use this shell for commands executed under sudo
 | |
| # you may need to change this to bin/bash in rare instances
 | |
| # if sudo is constrained
 | |
| #executable = /bin/sh
 | |
| 
 | |
| # if inventory variables overlap, does the higher precedence one win
 | |
| # or are hash values merged together?  The default is 'replace' but
 | |
| # this can also be set to 'merge'.
 | |
| #hash_behaviour = replace
 | |
| 
 | |
| # list any Jinja2 extensions to enable here:
 | |
| #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
 | |
| 
 | |
| # if set, always use this private key file for authentication, same as 
 | |
| # if passing --private-key to ansible or ansible-playbook
 | |
| #private_key_file = /path/to/file
 | |
| 
 | |
| # format of string {{ ansible_managed }} available within Jinja2 
 | |
| # templates indicates to users editing templates files will be replaced.
 | |
| # replacing {file}, {host} and {uid} and strftime codes with proper values.
 | |
| ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
 | |
| 
 | |
| # by default, ansible-playbook will display "Skipping [host]" if it determines a task
 | |
| # should not be run on a host.  Set this to "False" if you don't want to see these "Skipping" 
 | |
| # messages. NOTE: the task header will still be shown regardless of whether or not the 
 | |
| # task is skipped.
 | |
| #display_skipped_hosts = True
 | |
| 
 | |
| # by default (as of 1.3), Ansible will raise errors when attempting to dereference 
 | |
| # Jinja2 variables that are not set in templates or action lines. Uncomment this line
 | |
| # to revert the behavior to pre-1.3.
 | |
| #error_on_undefined_vars = False
 | |
| 
 | |
| # by default (as of 1.6), Ansible may display warnings based on the configuration of the
 | |
| # system running ansible itself. This may include warnings about 3rd party packages or
 | |
| # other conditions that should be resolved if possible.
 | |
| # to disable these warnings, set the following value to False:
 | |
| #system_warnings = True
 | |
| 
 | |
| # by default (as of 1.4), Ansible may display deprecation warnings for language
 | |
| # features that should no longer be used and will be removed in future versions.
 | |
| # to disable these warnings, set the following value to False:
 | |
| #deprecation_warnings = True
 | |
| 
 | |
| # (as of 1.8), Ansible can optionally warn when usage of the shell and
 | |
| # command module appear to be simplified by using a default Ansible module
 | |
| # instead.  These warnings can be silenced by adjusting the following
 | |
| # setting or adding warn=yes or warn=no to the end of the command line 
 | |
| # parameter string.  This will for example suggest using the git module
 | |
| # instead of shelling out to the git command.
 | |
| # command_warnings = False
 | |
| 
 | |
| 
 | |
| # set plugin path directories here, separate with colons
 | |
| action_plugins     = /usr/share/ansible_plugins/action_plugins
 | |
| callback_plugins   = /usr/share/ansible_plugins/callback_plugins
 | |
| connection_plugins = /usr/share/ansible_plugins/connection_plugins
 | |
| lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
 | |
| vars_plugins       = /usr/share/ansible_plugins/vars_plugins
 | |
| filter_plugins     = /usr/share/ansible_plugins/filter_plugins
 | |
| 
 | |
| # by default callbacks are not loaded for /bin/ansible, enable this if you
 | |
| # want, for example, a notification or logging callback to also apply to 
 | |
| # /bin/ansible runs
 | |
| #bin_ansible_callbacks = False
 | |
| 
 | |
| 
 | |
| # don't like cows?  that's unfortunate.
 | |
| # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 
 | |
| #nocows = 1
 | |
| 
 | |
| # don't like colors either?
 | |
| # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
 | |
| #nocolor = 1
 | |
| 
 | |
| # the CA certificate path used for validating SSL certs. This path 
 | |
| # should exist on the controlling node, not the target nodes
 | |
| # common locations:
 | |
| # RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
 | |
| # Fedora     : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 | |
| # Ubuntu     : /usr/share/ca-certificates/cacert.org/cacert.org.crt
 | |
| #ca_file_path = 
 | |
| 
 | |
| # the http user-agent string to use when fetching urls. Some web server
 | |
| # operators block the default urllib user agent as it is frequently used
 | |
| # by malicious attacks/scripts, so we set it to something unique to 
 | |
| # avoid issues.
 | |
| #http_user_agent = ansible-agent
 | |
| 
 | |
| # if set to a persistent type (not 'memory', for example 'redis') fact values
 | |
| # from previous runs in Ansible will be stored.  This may be useful when
 | |
| # wanting to use, for example, IP information from one group of servers
 | |
| # without having to talk to them in the same playbook run to get their
 | |
| # current IP information.
 | |
| fact_caching = memory
 | |
| 
 | |
| 
 | |
| # retry files
 | |
| #retry_files_enabled = False
 | |
| #retry_files_save_path = ~/.ansible-retry
 | |
| 
 | |
| [privilege_escalation]
 | |
| #become=True
 | |
| #become_method='sudo'
 | |
| #become_user='root'
 | |
| #become_ask_pass=False
 | |
| 
 | |
| [paramiko_connection]
 | |
| 
 | |
| # uncomment this line to cause the paramiko connection plugin to not record new host
 | |
| # keys encountered.  Increases performance on new host additions.  Setting works independently of the
 | |
| # host key checking setting above.
 | |
| #record_host_keys=False
 | |
| 
 | |
| # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
 | |
| # line to disable this behaviour.
 | |
| #pty=False
 | |
| 
 | |
| [ssh_connection]
 | |
| 
 | |
| # ssh arguments to use
 | |
| # Leaving off ControlPersist will result in poor performance, so use 
 | |
| # paramiko on older platforms rather than removing it
 | |
| #ssh_args = -o ControlMaster=auto -o ControlPersist=60s
 | |
| 
 | |
| # The path to use for the ControlPath sockets. This defaults to
 | |
| # "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
 | |
| # very long hostnames or very long path names (caused by long user names or 
 | |
| # deeply nested home directories) this can exceed the character limit on
 | |
| # file socket names (108 characters for most platforms). In that case, you 
 | |
| # may wish to shorten the string below.
 | |
| # 
 | |
| # Example: 
 | |
| # control_path = %(directory)s/%%h-%%r
 | |
| #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
 | |
| 
 | |
| # Enabling pipelining reduces the number of SSH operations required to 
 | |
| # execute a module on the remote server. This can result in a significant 
 | |
| # performance improvement when enabled, however when using "sudo:" you must 
 | |
| # first disable 'requiretty' in /etc/sudoers
 | |
| #
 | |
| # By default, this option is disabled to preserve compatibility with
 | |
| # sudoers configurations that have requiretty (the default on many distros).
 | |
| # 
 | |
| #pipelining = False
 | |
| 
 | |
| # if True, make ansible use scp if the connection type is ssh 
 | |
| # (default is sftp)
 | |
| #scp_if_ssh = True
 | |
| 
 | |
| [accelerate]
 | |
| accelerate_port = 5099
 | |
| accelerate_timeout = 30
 | |
| accelerate_connect_timeout = 5.0
 | |
| 
 | |
| # The daemon timeout is measured in minutes. This time is measured
 | |
| # from the last activity to the accelerate daemon.
 | |
| accelerate_daemon_timeout = 30 
 | |
| 
 | |
| # If set to yes, accelerate_multi_key will allow multiple
 | |
| # private keys to be uploaded to it, though each user must
 | |
| # have access to the system via SSH to add a new key. The default
 | |
| # is "no".
 | |
| #accelerate_multi_key = yes
 | |
| 
 |