host-specific ansible.cfg?

Archives Ansible Project
1

Greetings.

Short question – Where/how can I set configuration settings (not variables) based on the target host?

Long question –

My standard ansible.cfg includes:

[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

And these settings are good for most of our hosts. But there are a handful of hosts that require a sudo password.

I tried putting this into /etc/ansible/group_vars/sudohosts
become_ask_pass: true
but that doesn’t appear to be working.

I found this list of variables:
https://docs.ansible.com/ansible/2.6/user_guide/intro_inventory.html#list-of-behavioral-inventory-parameters
but “become_ask_pass” isn’t one of them.

Is there a way that i can set a configuration option on a per-host basis?

Thanks.

2

in your inventory, make sure the hosts are in the group “sudohosts” if you want any variables in the group_vars/sudohosts/ directory to be picked up.

`

all:vars]

ansible_connection=local
another_var_all_servers_get=some_value

[sudohosts]

server1
server2

`

Here “sudohosts” is a subdirectory of group_vars/ and any .yml in that “sudohosts” sub dir should get picked up by any hosts you’ve listed in the “sudohosts” group in the inventory.

`

├── group_vars

│ ├── all.yml

│ ├── sudohosts
│ │ ├── README.md

│ │ ├── vars.yml

│ │ ├── more_vars.yml

│ └── some_other_group

│ └── vars.yml

│ └── i_want_vars.yml

├── host_vars

│ └── server1.yml

│ └── server2.yml

`

3

Yes, I am aware of all that. I left all of that out for the sake of brevity.

However, as far as I can tell, my problem is not with variables, it is with configuration settings. If there is a variable to accomplish my task, I cannot find it.

4

For settings that are 'host specific' you'll find there are existing
variables that can be used, as for 'ask password' those are 'global'
so they cannot be host specific. Passwords are prompted for BEFORE any
host data is looked at and only once per run, not per host contacted.

5

Apologies, I guess I was confusing this with be able to control this as shown here https://docs.ansible.com/ansible/2.5/network/user_guide/network_best_practices_2.5.html. I had just assume since the ‘user’ can be specified per group, then the ability control to ‘ask_pass’ per group could be too.