1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584
| # config file for ansible -- https://ansible.com/ # ===============================================
# nearly all parameters can be overridden in ansible-playbook # or with command line flags. ansible will read ANSIBLE_CONFIG, # ansible.cfg in the current working directory, .ansible.cfg in # the home directory or /etc/ansible/ansible.cfg, whichever it # finds first # 在ansible剧本中几乎所有的参数都可以被覆盖或带有命令行标志。ansible将读取ansible_CONFIG,当前工作目录中的ansible.cfg主目录或/etc/ansible/assible.cfg,以它为准
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts #library = /usr/share/my_modules/ #module_utils = /usr/share/my_module_utils/ remote_tmp = /tmp/.ansible #local_tmp = ~/.ansible/tmp #plugin_filters_cfg = /etc/ansible/plugin_filters.yml #forks = 5 #poll_interval = 15 #sudo_user = root #ask_sudo_pass = True #ask_pass = True #transport = smart #remote_port = 22 #module_lang = C #module_set_locale = False
# plays will gather facts by default, which contain information about # the remote system. # # smart - gather by default, but don't regather if already gathered # implicit - gather by default, turn off with gather_facts: False # explicit - do not gather by default, must say gather_facts: True # 默认情况下,plays将收集事实,其中包含有关远程系统的信息。smart-默认情况下收集,但如果已经收集,则不重新收集隐式-在默认情况下,使用gather_facts:False关闭收集 #explicit-默认情况下不聚集,必须gather_facts:True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive, # by default gathering retrieves all facts subsets # all - gather all subsets # network - gather min and network facts # hardware - gather hardware facts (longest facts to retrieve) # virtual - gather min and virtual facts # facter - import facts from facter # ohai - import facts from ohai # You can combine them using comma (ex: network,virtual) # You can negate them using ! (ex: !hardware,!facter,!ohai) # A minimal set of facts is always gathered. # 这只影响由play的gather_facts指令完成的收集,默认情况下,收集检索所有事实子集all-收集所有子集network-收集最小和网络事实hardware-收集硬件事实(要检索的最长事实)virtual-收集min和虚拟事实facter-从facter ohai导入事实-从ohai导入实际你可以使用逗号组合它们(例如:network,virtual)你可以使用否定它们!(例如:!hardware,!facter,!ohai)总是收集一组最小的事实。
#gather_subset = all
# some hardware related facts are collected # with a maximum timeout of 10 seconds. This # option lets you increase or decrease that # timeout to something more suitable for the # environment. # 以10秒的最大超时来收集一些与硬件相关的事实。此选项允许您将超时时间增加或减少到更适合环境的值。
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary # namespace. This setting maintains the behaviour which was the default prior # to 2.5, duplicating these variables into the main namespace, each with a # prefix of 'ansible_'. # This variable is set to True by default for backwards compatibility. It # will be changed to a default of 'False' in a future release. # ansible_facts. # Ansible_facts.*字典命名空间中提供了可靠的事实。此设置保持2.5之前的默认行为,将这些变量复制到主命名空间中,每个变量的前缀为“ansible_”。为了向后兼容,此变量默认设置为True。在将来的版本中,它将被更改为默认值“False”。 # inject_facts_as_vars = True
# additional paths to search for roles in, colon separated #在中搜索角色的其他路径,用冒号分隔 #roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking # 取消注释以禁用SSH密钥主机检查 host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time. #更改默认回调,一次只能启用一个“stdout”类型。 #stdout_callback = skippy
# Ansible ships with some plugins that require whitelisting, # this is done to avoid running all of a type by default. # These setting lists those that you want enabled for your system. # Custom plugins should not need this unless plugin author specifies it. # Ansible附带了一些需要白名单的插件,这样做是为了避免在默认情况下运行所有类型。这些设置列出了您希望为系统启用的设置。除非插件作者指定,否则自定义插件不应该需要这个。 # enable callback plugins, they can output to stdout but cannot be 'stdout' type. # 启用回调插件,它们可以输出到stdout,但不能是“stdout”类型。 #callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by # default. As of 2.0, includes are dynamic by default. Setting these # values to True will make includes behave more like they did in the # 1.x versions.
# 通过确定任务和处理程序中的include是否为“静态”违约从2.0开始,默认情况下includes是动态的。设置这些值设置为True将使include的行为更像1.x版本。 #task_includes_static = False #handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning # 控制通知事件缺少的处理程序是错误还是警告 #error_on_missing_handler = True
# change this for alternative sudo implementations # 将其更改为可供选择的sudo实现 #sudo_exe = sudo
# What flags to pass to sudo # WARNING: leaving out the defaults might create unexpected behaviours
# 忽略sudo警告 #sudo_flags = -H -S -n
# SSH timeout # ssh超时时间 #timeout = 10
# default user to use for playbooks if user is not specified # 如果未指定用户,则用于剧本的默认用户 # (/usr/bin/ansible will use current user as default) #remote_user = root
# logging is off by default unless this path is defined # if so defined, consider logrotate # 除非定义了此路径,否则默认情况下会关闭日志记录 # 如果定义了logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible # 默认的模块名 #module_name = command
# use this shell for commands executed under sudo # you may need to change this to bin/bash in rare instances # if sudo is constrained
# 将这个shell用于在sudo下执行的命令,在极少数情况下,您可能需要将其更改为bin/bash,如果sudo受到约束 #executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win # or are hash values merged together? The default is 'replace' but # this can also be set to 'merge'.
# 如果库存变量重叠,优先级较高的一个是否获胜,还是将散列值合并在一起?默认为“替换”,但也可以将其设置为“merge”。 #hash_behaviour = replace
# by default, variables from roles will be visible in the global variable # scope. To prevent this, the following option can be enabled, and only # tasks and handlers within the role will see the variables there # 默认情况下,来自角色的变量将在全局变量中可见范围为了防止这种情况,可以启用以下选项,并且仅角色中的任务和处理程序将在那里看到变量 #private_role_vars = yes
# list any Jinja2 extensions to enable here: # 在此处列出要启用的任何Jinja2扩展 #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as # if passing --private-key to ansible or ansible-playbook # 如果设置了,则始终使用该私钥文件进行身份验证,与if passing-ansible或ansible剧本的私钥 #private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to # specifying --vault-password-file on the command line. # 如果设置了该选项,则将Vault密码文件的路径配置为替代在命令行中指定--Vault密码文件。 #vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2 # templates indicates to users editing templates files will be replaced. # replacing {file}, {host} and {uid} and strftime codes with proper values. #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence # in some situations so the default is a static string: # Jinja2中可用的字符串{{ansible_managed}}的格式模板指示用户编辑的模板文件将被替换。用正确的值替换{file}、{host}和{uid以及strftime代码。ansible_managed=由{主机}上的{uid}在%Y-%m-%d%H:%m:%S上修改了ansible-managed:{文件}、{file}、{host}、{uid}和时间戳都会干扰幂等性,在某些情况下,默认为静态字符串: #ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task # should not be run on a host. Set this to "False" if you don't want to see these "Skipping" # messages. NOTE: the task header will still be shown regardless of whether or not the # task is skipped. # 默认情况下,如果确定任务,ansible playbook将显示“跳过[host]”不应在主机上运行。如果您不想看到这些“跳过”,请将其设置为“False”消息。注意:无论是否任务被跳过。 #display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then # ansible-playbook will construct a header that includes the task's action but # not the task's args. This is a security feature because ansible cannot know # if the *module* considers an argument to be no_log at the time that the # header is printed. If your environment doesn't have a problem securing # stdout from ansible-playbook (or you have manually specified no_log in your # playbook on all of the tasks where you have secret information) then you can # safely set this to True to get more informative messages. # 默认情况下,如果剧本中的任务不包括名称:字段,则ansible playbook将构建一个包含任务操作的头,但是而不是任务的参数。这是一个安全功能,因为ansible无法知道如果*module*在打印页眉。如果您的环境在安全方面没有问题来自ansible playbook的stdout(或者您已经在所有你有秘密信息的任务的剧本),然后你可以安全地将其设置为True以获取更多信息。 #display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference # Jinja2 variables that are not set in templates or action lines. Uncomment this line # to revert the behavior to pre-1.3. # 默认情况下(从1.3开始),Ansible在尝试取消引用时将引发错误未在模板或操作行中设置的Jinja2变量。取消注释此行将行为恢复到1.3之前。 #error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the # system running ansible itself. This may include warnings about 3rd party packages or # other conditions that should be resolved if possible. # to disable these warnings, set the following value to False: # 默认情况下(自1.6起),Ansible可以根据的配置显示警告系统本身运行ansible。这可能包括关于第三方包裹的警告或如果可能,应解决的其他情况。若要禁用这些警告,请将以下值设置为False: #system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language # features that should no longer be used and will be removed in future versions. # to disable these warnings, set the following value to False: # 默认情况下(从1.4开始),Ansible可能会显示不应再使用的语言功能的弃用警告,这些功能将在未来版本中删除。若要禁用这些警告,请将以下值设置为False: #deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and # command module appear to be simplified by using a default Ansible module # instead. These warnings can be silenced by adjusting the following # setting or adding warn=yes or warn=no to the end of the command line # parameter string. This will for example suggest using the git module # instead of shelling out to the git command. #(从1.8开始),当外壳和命令模块的使用似乎通过使用默认的Ansible模块而得到简化时,Ansible可以选择性地发出警告。可以通过调整以下设置或在命令行参数字符串的末尾添加warn=yes或warn=no来使这些警告静音。例如,这将建议使用git模块,而不是使用git命令。 command_warnings = False
# set plugin path directories here, separate with colons # 在此处设置插件路径目录,用冒号分隔 #action_plugins = /usr/share/ansible/plugins/action #become_plugins = /usr/share/ansible/plugins/become #cache_plugins = /usr/share/ansible/plugins/cache #callback_plugins = /usr/share/ansible/plugins/callback #connection_plugins = /usr/share/ansible/plugins/connection #lookup_plugins = /usr/share/ansible/plugins/lookup #inventory_plugins = /usr/share/ansible/plugins/inventory #vars_plugins = /usr/share/ansible/plugins/vars #filter_plugins = /usr/share/ansible/plugins/filter #test_plugins = /usr/share/ansible/plugins/test #terminal_plugins = /usr/share/ansible/plugins/terminal #strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try another one # 默认情况下,ansible将使用“线性”策略,但您可能需要尝试另一种策略 #strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you # want, for example, a notification or logging callback to also apply to # /bin/ansible runs # 默认情况下,不会为/bin/ansible加载回调,如果您希望(例如)通知或日志回调也应用于/bin/anssible运行,请启用此选项 #bin_ansible_callbacks = False
# don't like cows? that's unfortunate.set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 # 默认ansible可以调用一些cowsay的特性 开启/禁用:0/1 #nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random', # a random stencil will be selected for each task. The selection will be filtered # against the `cow_whitelist` option below. # 设置默认情况下要使用的牛皮模板。当设置为“随机”时,将为每个任务选择一个随机模具。所选内容将根据下面的“cow_whitelist”选项进行筛选。 #cow_selection = default #cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list. # it should be formatted as a comma-separated list with no spaces between names. # NOTE: line continuations here are for formatting purposes only, as the INI parser # in python does not support them. # 当对cowsay使用“随机”选项时,模板将被限制在此列表中。它应该格式化为逗号分隔的列表,名称之间没有空格。注意:这里的换行符仅用于格式化,因为python中的INI解析器不支持它们。 #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either? # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 # 禁用输出颜色显示,开启/禁用:0/1 #nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values # from previous runs in Ansible will be stored. This may be useful when # wanting to use, for example, IP information from one group of servers # without having to talk to them in the same playbook run to get their # current IP information. # 如果设置为持久类型(而不是“内存”,例如“redis”),则将存储Ansible中以前运行的事实值。例如,当想要使用来自一组服务器的IP信息而不必在同一剧本中与它们交谈以获得它们的当前IP信息时,这可能很有用。 #fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent. #For the jsonfile plugin, it should be a path to a local directory. #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 # 此选项告诉Ansible将事实缓存到何处。该值依赖于插件。 # 对于jsonfile插件,它应该是本地目录的路径。 # 对于redis插件,其值为host:port:database三元组:fact_caching_connection=localhost:6379:0 #fact_caching_connection=/tmp
# retry files # When a playbook fails a .retry file can be created that will be placed in ~/ # You can enable this feature by setting retry_files_enabled to True # and you can change the location of the files by setting retry_files_save_path # retry files当剧本失败时,可以创建一个.retry文件,该文件将被放置在~/您可以通过将retry_files_enabled设置为True来启用此功能,也可以通过设置retry_file_save_path来更改文件的位置 #retry_files_enabled = False #retry_files_save_path = ~/.ansible-retry
# squash actions # Ansible can optimise actions that call modules with list parameters # when looping. Instead of calling the module once per with_ item, the # module is called once with all items at once. Currently this only works # under limited circumstances, and only with parameters named 'name'. #挤压操作Ansible可以优化循环时调用具有列表参数的模块的操作。不是每个with_项调用一次模块,而是一次调用所有项的一次模块。目前,这只能在有限的情况下工作,并且只能使用名为“name”的参数。 #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default # 阻止记录任务数据,默认情况下关闭 #no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller # 阻止记录任务,但仅在目标上,数据仍记录在主/控制器上 #no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no # choice but to create world readable temporary files to execute a module on # the remote machine. This option is False by default for security. Users may # turn this on to have behaviour more like Ansible prior to 2.1.x. See # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user # for more secure ways to fix this than enabling this option. # 控制如果任务别无选择,只能创建全局可读的临时文件以在远程计算机上执行模块,Ansible是否会引发错误或警告。出于安全考虑,此选项默认为False。用户可以打开此功能,使其行为更像2.1.x之前的Ansible。请参阅https://docs.ansible.com/ansible/become.html#becoming-一个没有特权的用户,以获得比启用此选项更安全的解决方法。 #allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to # worker processes. At the default of 0, no compression # is used. This value must be an integer from 0 to 9. # 控制发送到工作进程的变量的压缩级别。默认值为0时,不使用压缩。此值必须是0到9之间的整数。 #var_compression_level = 9
# controls what compression method is used for new-style ansible modules when # they are sent to the remote system. The compression types depend on having # support compiled into both the controller's python and the client's python. # The names should match with the python Zipfile compression types: # * ZIP_STORED (no compression. available everywhere) # * ZIP_DEFLATED (uses zlib, the default) # These values may be set per host via the ansible_module_compression inventory # variable # 控制在将新型ansible模块发送到远程系统时对其使用什么压缩方法。压缩类型取决于是否将支持编译到控制器的python和客户端的python中。名称应与python Zipfile压缩类型匹配:*ZIP_STORED(无压缩。到处可用)*ZIP_DEFLATED(使用zlib,默认值)这些值可以通过ansible_module_compression库存变量为每个主机设置 #module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files # set to 0 for unlimited (RAM may suffer!). # 这控制了文件的--diff上的截止点(以字节为单位),该文件设置为0表示无限制(RAM可能会受到影响!)。 #max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments # on the CLI. If this is True then multiple arguments are merged together. If # it is False, then the last specified argument is used and the others are ignored. # This option will be removed in 2.8. # 这控制ansible如何在CLI上处理多个--tags和--skip tags参数。如果为True,则多个参数将合并在一起。如果为False,则使用最后一个指定的参数,而忽略其他参数。此选项将在2.8中删除。 #merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default # 控件在末尾显示自定义统计信息,默认情况下关闭 #show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with # possibly multiple sources (both static and dynamic) # 控制在使用可能具有多个源(静态和动态)的目录作为资源清册时要忽略的文件 #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances # only update this setting if you know how this works, otherwise it can break module execution # 此模块系列使用为网络设备优化的替代执行路径。只有当您知道这是如何工作的时,才更新此设置,否则可能会中断模块执行 #network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain # jinja2 templating language which will be run through the templating engine. # ENABLING THIS COULD BE A SECURITY RISK # 启用此选项后,此选项允许查找(通过{{lookup('fo')}}等变量或与'with_foo'一起用作循环时)返回未标记为“不安全”的数据。这意味着数据可能包含jinja2模板语言,该语言将通过模板引擎运行。启用此功能可能会带来安全风险 #allow_unsafe_lookups = False
# set default errors for all plays # 为所有播放设置默认错误 #any_errors_fatal = False
[inventory] # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' # 启用清单插件,默认值:“host_list”、“script”、“auto”、“yaml”、“ini”、“toml” #enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source # 将目录解析为清单源时忽略这些扩展 #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source # 在将目录解析为清单源时忽略与这些模式匹配的文件 #ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. # 如果“true”未分析的库存源成为致命错误,则为警告,否则为警告。 #unparsed_is_failed=False
[privilege_escalation] #become=True #become_method=sudo #become_user=root #become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host # keys encountered. Increases performance on new host additions. Setting works independently of the # host key checking setting above. # 取消注释此行以使paramiko连接插件不记录遇到的新主机密钥。增加新主机的性能。设置与上述主机密钥检查设置无关。 #record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this # line to disable this behaviour. # 默认情况下,Ansible为在sudo下执行的命令请求一个伪终端。取消注释此行以禁用此行为。 #pty=False
# paramiko will default to looking for SSH keys initially when trying to # authenticate to remote devices. This is a problem for some network devices # that close the connection after a key failure. Uncomment this line to # disable the Paramiko look for keys function # 在尝试对远程设备进行身份验证时,paramiko将默认最初查找SSH密钥。对于某些在密钥故障后关闭连接的网络设备来说,这是一个问题。取消注释此行以禁用Paramiko查找键功能 #look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a # background process. If the host doesn't already have a valid SSH key, by # default Ansible will prompt to add the host key. This will cause connections # running in background processes to fail. Uncomment this line to have # Paramiko automatically add host keys. # 当使用Paramiko的持久连接时,该连接在后台进程中运行。如果主机还没有有效的SSH密钥,默认情况下Ansible将提示添加主机密钥。这将导致后台进程中运行的连接失败。取消注释此行以使Paramiko自动添加主机密钥。 #host_key_auto_add = True
[ssh_connection]
# ssh arguments to use # Leaving off ControlPersist will result in poor performance, so use # paramiko on older platforms rather than removing it, -C controls compression use # 使用Leaving-off-ControlPersist的ssh参数将导致较差的性能,因此在较旧的平台上使用paramiko而不是删除它,-C控制压缩使用 #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets. # This is the "%(directory)s" in the control_path option # ControlPath套接字的基本目录。这是control_path optio中的“%(目录)s” # Example: # control_path_dir = /tmp/.ansible/cp #control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, # port and username (empty string in the config). The hash mitigates a common problem users # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. # In those cases, a "too long for Unix domain socket" ssh error would occur. # 用于ControlPath套接字的路径。这默认为主机名、端口和用户名的散列字符串(配置中为空字符串)。该哈希缓解了用户在使用长主机名和传统的%(目录)s/ansible ssh-%%h-%%p-%%r格式时发现的一个常见问题。在这些情况下,“对于Unix域套接字来说太长”的ssh错误将导致 # Example: # control_path = %(directory)s/%%h-%%r #control_path =
# Enabling pipelining reduces the number of SSH operations required to # execute a module on the remote server. This can result in a significant # performance improvement when enabled, however when using "sudo:" you must # first disable 'requiretty' in /etc/sudoers # # By default, this option is disabled to preserve compatibility with # sudoers configurations that have requiretty (the default on many distros). # # 启用流水线减少了在远程服务器上执行模块所需的SSH操作数量。启用后,这可能会显著提高性能,但当使用“sudo:”时,必须首先在/etc/sudoers中禁用“requiretty”。默认情况下,禁用此选项以保持与具有requiretty的sudoers配置的兼容性(在许多发行版上是默认设置) pipelining = True
# Control the mechanism for transferring files (old) # * smart = try sftp and then try scp [default] # * True = use scp only # * False = use sftp only # 控制传输文件的机制(旧) # * smart=尝试sftp,然后尝试scp[默认值] # * True=仅使用scp # * False=仅使用sftp #scp_if_ssh = smart
# Control the mechanism for transferring files (new) # If set, this will override the scp_if_ssh option # * sftp = use sftp to transfer files # * scp = use scp to transfer files # * piped = use 'dd' over SSH to transfer files # * smart = try sftp, scp, and piped, in that order [default] # 控制传输文件的机制(新) # 如果设置,这将覆盖scp_If_ssh选项 # * sftp=使用sftp传输文件 # * scp=使用scp传输文件 # * piped=通过SSH使用“dd”传输文件 # * smart=按顺序尝试sftp、scp和piped[默认值] #transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some # types of file transfer failures impossible to catch however, and should # only be disabled if your sftp version has problems with batch mode # 如果为False,则sftp将不使用批处理模式传输文件。然而,这可能会导致无法捕获某些类型的文件传输失败,并且只有当您的sftp版本在批处理模式方面存在问题时,才应禁用该故障 #sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo # requires a tty by default. # 当由于sudo默认情况下需要tty而未启用管道时,将-t参数传递给ssh #usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE. # For each retry attempt, there is an exponential backoff, # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). # 在无法访问的情况下,重试与主机的SSH连接的次数。对于每次重试尝试,都会有一个指数退避,因此在第一次尝试后,会有1s的等待,然后是2s、4s等,直到30s(最大值) #retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is # how long the persistent connection will remain idle before it is destroyed. # If the connection doesn't receive a request before the timeout value # expires, the connection is shutdown. The default value is 30 seconds. # 配置持久连接超时值(以秒为单位)。此值是持久连接在被破坏之前将保持空闲的时间。如果连接在超时值到期之前没有收到请求,则连接将关闭。默认值为30秒。 #connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command # or RPC call before timing out. The value for the command timeout must # be less than the value of the persistent connection idle timeout (connect_timeout) # The default value is 30 second. # 命令超时值定义在超时之前等待命令或RPC调用的时间量。命令超时值必须小于持久连接空闲超时值(connect_timeout)。默认值为30秒。 #command_timeout = 30
[accelerate] #accelerate_port = 5099 #accelerate_timeout = 30 #accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured # from the last activity to the accelerate daemon. # 守护进程超时以分钟为单位。这个时间是从最后一个活动到加速守护进程的时间。 #accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple # private keys to be uploaded to it, though each user must # have access to the system via SSH to add a new key. The default # is "no". # 如果设置为yes,accelerate_multi_key将允许向其上载多个私钥,尽管每个用户必须通过SSH访问系统才能添加新密钥。默认值为“否”。 #accelerate_multi_key = yes
[selinux] # file systems that require special treatment when dealing with security context # the default behaviour that copies the existing context or uses the user default # needs to be changed to use the file system dependent context. # 在处理安全上下文时需要特殊处理的文件系统复制现有上下文或使用用户默认值的默认行为需要更改为使用依赖于文件系统的上下文 #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat
# Set this to yes to allow libvirt_lxc connections to work without SELinux. # 将其设置为yes,以允许libvirt_lxc连接在没有SELinux的情况下工作。 #libvirt_lxc_noseclabel = yes
# 日志输出颜色设置 [colors] #highlight = white #verbose = blue #warn = bright purple #error = red #debug = dark gray #deprecate = purple #skip = cyan #unreachable = red #ok = green #changed = yellow #diff_add = green #diff_remove = red #diff_lines = cyan
[diff] # Always print diff when running ( same as always running with -D/--diff ) # 运行时始终打印diff(与始终使用-D/-diff运行相同) # always = no
# Set how many context lines to show in diff # 设置要在diff中显示的上下文行数 # context = 3 gather_facts: nogather_facts: no
|