i would like to propose a behavoiur change for variable overwrite order:
When running a playbook, variables defined in the inventory ( or inventory groups) should have a higher weight then playbook group_vars. They should actually be at the same ‘level’ als the extra vars ( http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable ).
Because inventories are a commandline option and naturally they are therefore very specific for a given environment. One would expected them to overwrite playbooks variables.
E.g. we use the same playbook in all our environments. The designated site-teams provide their inventory with environment specific stuff ( endpoints, key and certs etc.). These should not be checked in at the low(er) security developer repository ( even with a vault ), so the production inventory needs a way to overwirte some/all variables. Currently this only works when these variables are not defined elsewhere. So if we didn’t think about providing a inventory-variable for overwrite a setting, we cannot change a varibale X via the inventory and have thereforte to change the playbook and rerun the complete (playbook) pipeline.
extra vars
This works, but does not have the power of groups, so you cannot have one site.yml run, but differences in group variables. ( So this only works in very rare cases. ) -
Will overwrite the inventory, but not playbook variables ( that only works with extra vars ).
Sort variable precedence from the less specific ones to more specific ones:
- role defaults
- playbook group_vars
- playbook host_vars
- host facts
- registered vars
- set_facts
- play vars
- play vars_prompt
- play vars_files
- role and include vars
- block vars (only for tasks in block)
- task vars (only for the task)
inventory vars <
inventory group_vars <
inventory host_vars <
- extra vars
I know this is a very different behaviour than 1.x , but this is the behaviour i would (have) expect(ed) when just using ansible as newbee.
Cheers Rainer