Suggest : inventory variables should have more weight

Hello,

i would like to propose a behavoiur change for variable overwrite order:

When running a playbook, variables defined in the inventory ( or inventory groups) should have a higher weight then playbook group_vars. They should actually be at the same ‘level’ als the extra vars ( http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable ).

Why?
Because inventories are a commandline option and naturally they are therefore very specific for a given environment. One would expected them to overwrite playbooks variables.
E.g. we use the same playbook in all our environments. The designated site-teams provide their inventory with environment specific stuff ( endpoints, key and certs etc.). These should not be checked in at the low(er) security developer repository ( even with a vault ), so the production inventory needs a way to overwirte some/all variables. Currently this only works when these variables are not defined elsewhere. So if we didn’t think about providing a inventory-variable for overwrite a setting, we cannot change a varibale X via the inventory and have thereforte to change the playbook and rerun the complete (playbook) pipeline.

Workarounds:

  • extra vars
    This works, but does not have the power of groups, so you cannot have one site.yml run, but differences in group variables. ( So this only works in very rare cases. )

  • group_vars
    Will overwrite the inventory, but not playbook variables ( that only works with extra vars ).

Suggestion:

Sort variable precedence from the less specific ones to more specific ones:

  • role defaults
  • playbook group_vars
  • playbook host_vars
  • host facts
  • registered vars
  • set_facts
  • play vars
  • play vars_prompt
  • play vars_files
  • role and include vars
  • block vars (only for tasks in block)
  • task vars (only for the task)
  • inventory vars <

  • inventory group_vars <

  • inventory host_vars <

  • extra vars

I know this is a very different behaviour than 1.x , but this is the behaviour i would (have) expect(ed) when just using ansible as newbee.

Cheers Rainer

You could argue in the same way that the playbooks are also passed in
the command line (always, unlike inventories which can be inferred
from other configs).

This can be approached in many ways and there are good arguments for
each weight/precedence order, but changing this will break backwards
compatibility in a big way and not a good one, as it won't be a 'fail
the play' but 'run the play with data you did not expect'.