Hello,
i would like to propose a behavoiur change for variable overwrite order:
When running a playbook, variables defined in the inventory ( or inventory groups) should have a higher weight then playbook group_vars. They should actually be at the same ‘level’ als the extra vars ( http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable ).
Why?
Because inventories are a commandline option and naturally they are therefore very specific for a given environment. One would expected them to overwrite playbooks variables.
E.g. we use the same playbook in all our environments. The designated site-teams provide their inventory with environment specific stuff ( endpoints, key and certs etc.). These should not be checked in at the low(er) security developer repository ( even with a vault ), so the production inventory needs a way to overwirte some/all variables. Currently this only works when these variables are not defined elsewhere. So if we didn’t think about providing a inventory-variable for overwrite a setting, we cannot change a varibale X via the inventory and have thereforte to change the playbook and rerun the complete (playbook) pipeline.
Workarounds:
-
extra vars
This works, but does not have the power of groups, so you cannot have one site.yml run, but differences in group variables. ( So this only works in very rare cases. ) -
group_vars
Will overwrite the inventory, but not playbook variables ( that only works with extra vars ).
Suggestion:
Sort variable precedence from the less specific ones to more specific ones:
- role defaults
- playbook group_vars
- playbook host_vars
- host facts
- registered vars
- set_facts
- play vars
- play vars_prompt
- play vars_files
- role and include vars
- block vars (only for tasks in block)
- task vars (only for the task)
-
inventory vars <
-
inventory group_vars <
-
inventory host_vars <
- extra vars
I know this is a very different behaviour than 1.x , but this is the behaviour i would (have) expect(ed) when just using ansible as newbee.
Cheers Rainer