Index of all Collection Environment Variables
The following index documents all environment variables declared by plugins in collections. Environment variables used by the ansible-core configuration are documented in Ansible Configuration Settings.
- AIM_CLIPASSWORDSDK_CMD
Cyberark CLI utility.
- ANSIBLE_ADMIN_USERS
list of users to be expected to have admin privileges. This is used by the controller to determine how to share temporary files between the remote user and the become user.
Used by: ansible.builtin.sh shell plugin
- ANSIBLE_ASYNC_DIR
Directory in which ansible will keep async job information
Used by: ansible.builtin.sh shell plugin
- ANSIBLE_BECOME_PASS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.runas become plugin, ansible.builtin.su become plugin, ansible.builtin.sudo become plugin, community.general.doas become plugin, community.general.dzdo become plugin, community.general.ksu become plugin, community.general.machinectl become plugin, community.general.pbrun become plugin, community.general.pfexec become plugin, community.general.pmrun become plugin, community.general.sesu become plugin, community.general.sudosu become plugin
- ANSIBLE_CACHE_REDIS_KEYSET_NAME
User defined name for cache keyset name.
Used by: community.general.redis cache plugin
- ANSIBLE_CACHE_REDIS_SENTINEL
The redis sentinel service name (or referenced as cluster name).
Used by: community.general.redis cache plugin
- ANSIBLE_CALLBACK_DIY_ON_ANY_MSG
Output to be used for callback on_any.
- ANSIBLE_CALLBACK_DIY_ON_ANY_MSG_COLOR
Output color to be used for
on_any_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG
Output to be used for callback on_file_diff.
- ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG_COLOR
Output color to be used for
on_file_diff_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG
Output to be used for callback playbook_on_handler_task_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG_COLOR
Output color to be used for
playbook_on_handler_task_start_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG
Output to be used for callback playbook_on_include.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG_COLOR
Output color to be used for
playbook_on_include_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG
Output to be used for callback playbook_on_no_hosts_matched.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG_COLOR
Output color to be used for
playbook_on_no_hosts_matched_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG
Output to be used for callback playbook_on_no_hosts_remaining.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG_COLOR
Output color to be used for
playbook_on_no_hosts_remaining_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG
Output to be used for callback playbook_on_notify.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG_COLOR
Output color to be used for
playbook_on_notify_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG
Output to be used for callback playbook_on_play_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG_COLOR
Output color to be used for
playbook_on_play_start_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG
Output to be used for callback playbook_on_setup.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG_COLOR
Output color to be used for
playbook_on_setup_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG
Output to be used for callback playbook_on_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG_COLOR
Output color to be used for
playbook_on_start_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG
Output to be used for callback playbook_on_stats.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG_COLOR
Output color to be used for
playbook_on_stats_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG
Output to be used for callback playbook_on_task_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG_COLOR
Output color to be used for
playbook_on_task_start_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG
Output to be used for callback playbook_on_vars_prompt.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG_COLOR
Output color to be used for
playbook_on_vars_prompt_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG
Output to be used for callback runner_item_on_failed.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG_COLOR
Output color to be used for
runner_item_on_failed_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG
Output to be used for callback runner_item_on_ok.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG_COLOR
Output color to be used for
runner_item_on_ok_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG
Output to be used for callback runner_item_on_skipped.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG_COLOR
Output color to be used for
runner_item_on_skipped_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG
Output to be used for callback runner_on_failed.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG_COLOR
Output color to be used for
runner_on_failed_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG
Output to be used for callback runner_on_no_hosts.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG_COLOR
Output color to be used for
runner_on_no_hosts_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG
Output to be used for callback runner_on_ok.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG_COLOR
Output color to be used for
runner_on_ok_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG
Output to be used for callback runner_on_skipped.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG_COLOR
Output color to be used for
runner_on_skipped_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG
Output to be used for callback runner_on_start.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG_COLOR
Output color to be used for
runner_on_start_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG
Output to be used for callback runner_on_unreachable.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG_COLOR
Output color to be used for
runner_on_unreachable_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG
Output to be used for callback runner_retry.
- ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG_COLOR
Output color to be used for
runner_retry_msg.Template should render a valid color value.
- ANSIBLE_CALLBACK_FORMAT_PRETTY
Configure the result format to be more readable
When
result_formatis set toyamlthis option defaults toTrue, and defaults toFalsewhen configured tojson.Setting this option to
Truewill forcejsonandyamlresults to always be pretty printed regardless of verbosity.When set to
Trueand used with theyamlresult format, this option will modify module responses in an attempt to produce a more human friendly output at the expense of correctness, and should not be relied upon to aid in writing variable manipulations or conditionals. For correctness, set this option toFalseor setresult_formattojson.Used by: ansible.builtin.default callback plugin, ansible.builtin.minimal callback plugin, community.general.default_without_diff callback plugin
- ANSIBLE_CALLBACK_RESULT_FORMAT
Define the task result format used in the callback output.
These formats do not cause the callback to emit valid JSON or YAML formats.
The output contains these formats interspersed with other non-machine parsable data.
Used by: ansible.builtin.default callback plugin, ansible.builtin.minimal callback plugin, community.general.default_without_diff callback plugin
- ANSIBLE_CALLBACK_TREE_DIR
directory that will contain the per host JSON files. Also set by the
--treeoption when using adhoc.Used by: ansible.builtin.tree callback plugin
- ANSIBLE_CHECK_MODE_MARKERS
Toggle to control displaying markers when running in check mode.
The markers are
DRY RUNat the beginning and ending of playbook execution (when callingansible-playbook --check) andCHECK MODEas a suffix at every play and task that is run in check mode.Used by: ansible.builtin.default callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
Do not check that the user is not root.
- ANSIBLE_CHROOT_EXE
User specified chroot binary
- ANSIBLE_COMMON_REMOTE_GROUP
Checked when Ansible needs to execute a module as a different user.
If setfacl and chown both fail and do not let the different user access the module’s files, they will be chgrp’d to this group.
In order for this to work, the remote_user and become_user must share a common group and this setting must be set to that group.
Used by: ansible.builtin.sh shell plugin
- ANSIBLE_CONSUL_CLIENT_CERT
The client cert to verify the ssl connection.
- ANSIBLE_CONSUL_URL
The target to connect to.
Should look like this:
https://my.consul.server:8500.
- ANSIBLE_CONSUL_VALIDATE_CERTS
Whether to verify the ssl connection or not.
- ANSIBLE_DISPLAY_FAILED_STDERR
Toggle to control whether failed and unreachable tasks are displayed to STDERR (vs. STDOUT)
Used by: ansible.builtin.default callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_DISPLAY_OK_HOSTS
Toggle to control displaying ‘ok’ task/host results in a task
Used by: ansible.builtin.default callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_DOAS_EXE
Doas executable
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_FLAGS
Options to pass to doas
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_PASS
password for doas prompt
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_PROMPT_L10N
List of localized strings to match for prompt detection
If empty we’ll use the built in one
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_USER
User you ‘become’ to execute the task
Used by: community.general.doas become plugin
- ANSIBLE_DOCKER_TIMEOUT
Controls how long we can wait to access reading output from the container once execution started.
Used by: community.docker.docker connection plugin, community.docker.docker_api connection plugin
- ANSIBLE_DZDO_EXE
Dzdo executable
Used by: community.general.dzdo become plugin
- ANSIBLE_DZDO_FLAGS
Options to pass to dzdo
Used by: community.general.dzdo become plugin
- ANSIBLE_DZDO_PASS
Options to pass to dzdo
Used by: community.general.dzdo become plugin
- ANSIBLE_DZDO_USER
User you ‘become’ to execute the task
Used by: community.general.dzdo become plugin
- ANSIBLE_ETCD_URL
Environment variable with the URL for the etcd server
Used by: community.general.etcd lookup plugin
- ANSIBLE_ETCD_VERSION
Environment variable with the etcd protocol version
Used by: community.general.etcd lookup plugin
- ANSIBLE_HIERA_BIN
Binary file to execute Hiera.
- ANSIBLE_HIERA_CFG
File that describes the hierarchy of Hiera.
- ANSIBLE_HOSTTECH_API_PASSWORD
The password for the Hosttech API user.
If provided,
hosttech_usernamemust also be provided.Mutually exclusive with
hosttech_token.Used by: community.dns.hosttech_dns_records inventory plugin
- ANSIBLE_HOSTTECH_API_USERNAME
The username for the Hosttech API user.
If provided,
hosttech_passwordmust also be provided.Mutually exclusive with
hosttech_token.Used by: community.dns.hosttech_dns_records inventory plugin
- ANSIBLE_HOSTTECH_DNS_TOKEN
The password for the Hosttech API user.
Mutually exclusive with
hosttech_usernameandhosttech_password.Since community.dns 1.2.0, the alias
api_tokencan be used.Used by: community.dns.hosttech_dns_records inventory plugin
- ANSIBLE_IGNORE_ERRORS
Whether to ignore errors on failing or not.
- ANSIBLE_INVENTORY_PLUGIN_EXTS
list of ‘valid’ extensions for files containing YAML
- ANSIBLE_INVENTORY_PLUGIN_SCRIPT_STDERR
Toggle display of stderr even when script was successful
- ANSIBLE_INVENTORY_USE_EXTRA_VARS
Merge extra vars into the available variables for composition (highest precedence).
Used by: ansible.builtin.constructed inventory plugin, community.docker.docker_containers inventory plugin, community.docker.docker_machine inventory plugin, community.docker.docker_swarm inventory plugin, community.general.gitlab_runners inventory plugin, community.general.icinga2 inventory plugin, community.general.linode inventory plugin, community.general.nmap inventory plugin, community.general.opennebula inventory plugin, community.general.proxmox inventory plugin, community.general.stackpath_compute inventory plugin, community.general.virtualbox inventory plugin, community.general.xen_orchestra inventory plugin, community.hrobot.robot inventory plugin
- ANSIBLE_KSU_EXE
Su executable
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_FLAGS
Options to pass to ksu
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_PASS
ksu password
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_PROMPT_L10N
List of localized strings to match for prompt detection
If empty we’ll use the built in one
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_USER
User you ‘become’ to execute the task
Used by: community.general.ksu become plugin
- ANSIBLE_LOG_FOLDER
The folder where log files will be created.
- ANSIBLE_LOOKUP_URL_AGENT
User-Agent to use in the request. The default was changed in 2.11 to
ansible-httpget.Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_CA_PATH
String of file system path to CA cert bundle to use
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_CIPHERS
SSL/TLS Ciphers to use for the request
When a list is provided, all ciphers are joined in order with
:See the OpenSSL Cipher List Format for more details.
The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_FOLLOW_REDIRECTS
String of urllib2, all/yes, safe, none to determine how redirects are followed
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_FORCE
Whether or not to set “cache-control” header with value “no-cache”
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_FORCE_BASIC_AUTH
Force basic authentication
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_TIMEOUT
How long to wait for the server to send data before giving up
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_UNIX_SOCKET
String of file system path to unix socket file to use when establishing connection to the provided url
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_UNREDIR_HEADERS
A list of headers to not attach on a redirected request
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_USE_GSSAPI
Use GSSAPI handler of requests
As of Ansible 2.11, GSSAPI credentials can be specified with
usernameandpassword.Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_USE_NETRC
Determining whether to use credentials from ``~/.netrc`` file
By default .netrc is used with Basic authentication headers
When set to False, .netrc credentials are ignored
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_MACHINECTL_EXE
Machinectl executable
- ANSIBLE_MACHINECTL_FLAGS
Options to pass to machinectl
- ANSIBLE_MACHINECTL_PASS
Password for machinectl
- ANSIBLE_MACHINECTL_USER
User you ‘become’ to execute the task
- ANSIBLE_MERGE_VARIABLES_OVERRIDE
Return an error, print a warning or ignore it when a key will be overwritten.
The default behavior
errormakes the plugin fail when a key would be overwritten.When
warnandignoreare used, note that it is important to know that the variables are sorted by name before being merged. Keys for later variables in this order will overwrite keys of the same name for variables earlier in this order. To avoid potential confusion, better useoverride=errorwhenever possible.
- ANSIBLE_MERGE_VARIABLES_PATTERN_TYPE
Change the way of searching for the specified pattern.
- ANSIBLE_NMAP_ADDRESS
Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation.
- ANSIBLE_NMAP_EXCLUDE
List of addresses to exclude.
For example
10.2.2.15-25or10.2.2.15,10.2.2.16.
- ANSIBLE_NSENTER_PID
PID to attach with using nsenter.
The default should be fine unless you are attaching as a non-root user.
- ANSIBLE_OPENTELEMETRY_DISABLE_ATTRIBUTES_IN_LOGS
Disable populating span attributes to the logs.
- ANSIBLE_OPENTELEMETRY_DISABLE_LOGS
Disable sending logs.
- ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT
Whether to enable this callback only if the given environment variable exists and it is set to
true.This is handy when you use Configuration as Code and want to send distributed traces if running in the CI rather when running Ansible locally.
For such, it evaluates the given
enable_from_environmentvalue as environment variable and if set to true this plugin will be enabled.
- ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
Hide the arguments for a task.
Used by: community.general.elastic callback plugin, community.general.opentelemetry callback plugin
- ANSIBLE_PARAMIKO_BANNER_TIMEOUT
Configures, in seconds, the amount of time to wait for the SSH banner to be presented. This option is supported by paramiko version 1.15.0 or newer.
- ANSIBLE_PARAMIKO_HOST_KEY_CHECKING
Set this to “False” if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
- ANSIBLE_PARAMIKO_PRIVATE_KEY_FILE
Path to private key file to use for authentication.
- ANSIBLE_PARAMIKO_PROXY_COMMAND
Proxy information for running the connection via a jumphost
Also this plugin will scan ‘ssh_args’, ‘ssh_extra_args’ and ‘ssh_common_args’ from the ‘ssh’ plugin settings for proxy information if set.
- ANSIBLE_PARAMIKO_PTY
SUDO usually requires a PTY, True to give a PTY and False to not give a PTY.
- ANSIBLE_PARAMIKO_RECORD_HOST_KEYS
Save the host keys to a file
- ANSIBLE_PARAMIKO_REMOTE_USER
User to login/authenticate as
Can be set from the CLI via the
--useror-uoptions.
- ANSIBLE_PARAMIKO_TIMEOUT
Number of seconds until the plugin gives up on failing to establish a TCP connection.
- ANSIBLE_PARAMIKO_USE_RSA_SHA2_ALGORITHMS
Whether or not to enable RSA SHA2 algorithms for pubkeys and hostkeys
On paramiko versions older than 2.9, this only affects hostkeys
For behavior matching paramiko<2.9 set this to
False
- ANSIBLE_PBRUN_EXE
Sudo executable
- ANSIBLE_PBRUN_FLAGS
Options to pass to pbrun
- ANSIBLE_PBRUN_PASS
Password for pbrun
- ANSIBLE_PBRUN_USER
User you ‘become’ to execute the task
- ANSIBLE_PBRUN_WRAP_EXECUTION
Toggle to wrap the command pbrun calls in ‘shell -c’ or not
- ANSIBLE_PFEXEC_EXE
Sudo executable
- ANSIBLE_PFEXEC_FLAGS
Options to pass to pfexec
- ANSIBLE_PFEXEC_PASS
pfexec password
- ANSIBLE_PFEXEC_USER
User you ‘become’ to execute the task
This plugin ignores this setting as pfexec uses it’s own
exec_attrto figure this out, but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.
- ANSIBLE_PFEXEC_WRAP_EXECUTION
Toggle to wrap the command pfexec calls in ‘shell -c’ or not
- ANSIBLE_PKCS11_PROVIDER
PKCS11 SmartCard provider such as opensc, example: /usr/local/lib/opensc-pkcs11.so
Requires sshpass version 1.06+, sshpass must support the -P option.
- ANSIBLE_PMRUN_EXE
Sudo executable
- ANSIBLE_PMRUN_FLAGS
Options to pass to pmrun
- ANSIBLE_PMRUN_PASS
pmrun password
- ANSIBLE_REDIS_HOST
location of Redis host
- ANSIBLE_REDIS_PORT
port on which Redis is listening on
- ANSIBLE_REDIS_SOCKET
path to socket on which to query Redis, this option overrides host and port options when set.
- ANSIBLE_REMOTE_PARAMIKO_PORT
Remote port to connect to.
- ANSIBLE_REMOTE_TEMP
Temporary directory to use on targets when executing tasks.
Used by: ansible.builtin.sh shell plugin
- ANSIBLE_REMOTE_TMP
Temporary directory to use on targets when executing tasks.
Used by: ansible.builtin.sh shell plugin
- ANSIBLE_RUNAS_FLAGS
Options to pass to runas, a space delimited list of k=v pairs
Used by: ansible.builtin.runas become plugin
- ANSIBLE_RUNAS_PASS
password
Used by: ansible.builtin.runas become plugin
- ANSIBLE_RUNAS_USER
User you ‘become’ to execute the task
Used by: ansible.builtin.runas become plugin
- ANSIBLE_SCP_EXECUTABLE
This defines the location of the scp binary. It defaults to
scpwhich will use the first binary available in $PATH.
- ANSIBLE_SCP_EXTRA_ARGS
Extra exclusive to the
scpCLI
- ANSIBLE_SELECTIVE_DONT_COLORIZE
This setting allows suppressing colorizing output.
- ANSIBLE_SESU_EXE
sesu executable
Used by: community.general.sesu become plugin
- ANSIBLE_SESU_FLAGS
Options to pass to sesu
Used by: community.general.sesu become plugin
- ANSIBLE_SESU_PASS
Password to pass to sesu
Used by: community.general.sesu become plugin
- ANSIBLE_SESU_USER
User you ‘become’ to execute the task
Used by: community.general.sesu become plugin
- ANSIBLE_SFTP_BATCH_MODE
TODO: write it
- ANSIBLE_SFTP_EXECUTABLE
This defines the location of the sftp binary. It defaults to
sftpwhich will use the first binary available in $PATH.
- ANSIBLE_SFTP_EXTRA_ARGS
Extra exclusive to the
sftpCLI
- ANSIBLE_SHELL_ALLOW_WORLD_READABLE_TEMP
This makes the temporary files created on the machine world-readable and will issue a warning instead of failing the task.
It is useful when becoming an unprivileged user.
Used by: ansible.builtin.sh shell plugin
- ANSIBLE_SHOW_PER_HOST_START
This adds output that shows when a task is started to execute for each host
Used by: ansible.builtin.default callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_SHOW_TASK_PATH_ON_FAILURE
When a task fails, display the path to the file containing the failed task and the line number. This information is displayed automatically for every task when running with
-vvor greater verbosity.Used by: ansible.builtin.default callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_SOPS_AGE_KEY
One or more age private keys that can be used to decrypt encrypted files.
Will be set as the
SOPS_AGE_KEYenvironment variable when calling sops.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AGE_KEYFILE
The file containing the age private keys that sops can use to decrypt encrypted files.
Will be set as the
SOPS_AGE_KEY_FILEenvironment variable when calling sops.By default, sops looks for
sops/age/keys.txtinside your user configuration directory.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_ACCESS_KEY_ID
The AWS access key ID to use for requests to AWS.
Sets the environment variable
AWS_ACCESS_KEY_IDfor the sops call.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_PROFILE
The AWS profile to use for requests to AWS.
This corresponds to the sops
--aws-profileoption.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_SECRET_ACCESS_KEY
The AWS secret access key to use for requests to AWS.
Sets the environment variable
AWS_SECRET_ACCESS_KEYfor the sops call.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_SESSION_TOKEN
The AWS session token to use for requests to AWS.
Sets the environment variable
AWS_SESSION_TOKENfor the sops call.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_BINARY
Path to the sops binary.
By default uses
sops.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_CONFIG_PATH
Path to the sops configuration file.
If not set, sops will recursively search for the config file starting at the file that is encrypted or decrypted.
This corresponds to the sops
--configoption.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_ENABLE_LOCAL_KEYSERVICE
Tell sops to use local key service.
This corresponds to the sops
--enable-local-keyserviceoption.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_KEYSERVICE
Specify key services to use next to the local one.
A key service must be specified in the form
protocol://address, for exampletcp://myserver.com:5000.This corresponds to the sops
--keyserviceoption.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SSH_ARGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin
- ANSIBLE_SSH_COMMON_ARGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin
- ANSIBLE_SSH_CONTROL_PATH
This is the location to save SSH’s ControlPath sockets, it uses SSH’s variable substitution.
Since 2.3, if null (default), ansible will generate a unique hash. Use ``%(directory)s`` to indicate where to use the control dir path setting.
Before 2.3 it defaulted to ``control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r``.
Be aware that this setting is ignored if
-o ControlPathis set in ssh args.
- ANSIBLE_SSH_CONTROL_PATH_DIR
This sets the directory to use for ssh control path if the control path setting is null.
Also, provides the ``%(directory)s`` variable for the control path setting.
- ANSIBLE_SSH_EXECUTABLE
This defines the location of the SSH binary. It defaults to
sshwhich will use the first SSH binary available in $PATH.This option is usually not required, it might be useful when access to system SSH is restricted, or when using SSH wrappers to connect to remote hosts.
- ANSIBLE_SSH_EXTRA_ARGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin
- ANSIBLE_SSH_HOST_KEY_CHECKING
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin
- ANSIBLE_SSH_PIPELINING
Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers.
This can result in a very significant performance improvement when enabled.
However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable ‘requiretty’ in the sudoers file for the target hosts, which is why this feature is disabled by default.
- ANSIBLE_SSH_RETRIES
Number of attempts to connect.
Ansible retries connections only if it gets an SSH error with a return code of 255.
Any errors with return codes other than 255 indicate an issue with program execution.
- ANSIBLE_SSH_TIMEOUT
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin
- ANSIBLE_SSH_TRANSFER_METHOD
Preferred method to use when transferring files over ssh
- ANSIBLE_SSH_USETTY
add -tt to ssh commands to force tty allocation.
- ANSIBLE_SSHPASS_PROMPT
Password prompt that sshpass should search for. Supported by sshpass 1.06 and up.
Defaults to
Enter PIN forwhen pkcs11_provider is set.
- ANSIBLE_SU_EXE
Su executable
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_FLAGS
Options to pass to su
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_PASS
Password to pass to su
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_PROMPT_L10N
List of localized strings to match for prompt detection
If empty we’ll use the built in one
Do NOT add a colon (:) to your custom entries. Ansible adds a colon at the end of each prompt; if you add another one in your string, your prompt will fail with a “Timeout” error.
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_USER
User you ‘become’ to execute the task
Used by: ansible.builtin.su become plugin
- ANSIBLE_SUDO_EXE
Sudo executable
Used by: ansible.builtin.sudo become plugin
- ANSIBLE_SUDO_FLAGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.sudo become plugin, community.general.sudosu become plugin
- ANSIBLE_SUDO_PASS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.sudo become plugin, community.general.sudosu become plugin
- ANSIBLE_SUDO_USER
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.sudo become plugin, community.general.sudosu become plugin
- ANSIBLE_SYSLOG_SETUP
Log setup tasks.
- ANSIBLE_SYSTEM_TMPDIRS
List of valid system temporary directories on the managed machine for Ansible to validate
remote_tmpagainst, when specific permissions are needed. These must be world readable, writable, and executable. This list should only contain directories which the system administrator has pre-created with the proper ownership and permissions otherwise security issues can arise.When
remote_tmpis required to be a system temp dir and it does not match any in the list, the first one from the list will be used instead.Used by: ansible.builtin.sh shell plugin
- ANSIBLE_VARS_PLUGIN_STAGE
Control when this vars plugin may be executed.
Setting this option to
allwill run the vars plugin after importing inventory and whenever it is demanded by a task.Setting this option to
taskwill only run the vars plugin whenever it is demanded by a task.Setting this option to
inventorywill only run the vars plugin after parsing inventory.If this option is omitted, the global
RUN_VARS_PLUGINSconfiguration is used to determine when to execute the vars plugin.
- ANSIBLE_VARS_SOPS_PLUGIN_CACHE
Whether to cache decrypted files or not.
If the cache is disabled, the files will be decrypted for almost every task. This is very slow!
Only disable caching if you modify the variable files during a playbook run and want the updated result to be available from the next task on.
Note that setting
stage=inventoryhas the same effect as settingcache=true: the variables will be loaded only once (during inventory loading) and the vars plugin will not be called for every task.Used by: community.sops.sops vars plugin
- ANSIBLE_VARS_SOPS_PLUGIN_STAGE
Control when this vars plugin may be executed.
Setting this option to
allwill run the vars plugin after importing inventory and whenever it is demanded by a task.Setting this option to
taskwill only run the vars plugin whenever it is demanded by a task.Setting this option to
inventorywill only run the vars plugin after parsing inventory.If this option is omitted, the global
RUN_VARS_PLUGINSconfiguration is used to determine when to execute the vars plugin.Used by: community.sops.sops vars plugin
- ANSIBLE_XO_HOST
API host to XOA API.
If the value is not specified in the inventory configuration, the value of environment variable
ANSIBLE_XO_HOSTwill be used instead.
- ANSIBLE_XO_PASSWORD
Xen Orchestra password.
If the value is not specified in the inventory configuration, the value of environment variable
ANSIBLE_XO_PASSWORDwill be used instead.
- ANSIBLE_XO_USER
Xen Orchestra user.
If the value is not specified in the inventory configuration, the value of environment variable
ANSIBLE_XO_USERwill be used instead.
- AWS_ACCESS_KEY_ID
AWS access key ID
- AWS_PROFILE
AWS profile to use for authentication
- AWS_SECRET_ACCESS_KEY
AWS access key
- AWS_SESSION_TOKEN
AWS session token
- BWS_ACCESS_TOKEN
The BWS access token to use for this lookup.
Used by: community.general.bitwarden_secrets_manager lookup plugin
- CGROUP_CUR_MEM_FILE
Path to
memory.usage_in_bytesfile. Example/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes.Used by: community.general.cgroup_memory_recap callback plugin
- CGROUP_MAX_MEM_FILE
Path to cgroups
memory.max_usage_in_bytesfile. Example/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes.Used by: community.general.cgroup_memory_recap callback plugin
- COBBLER_PASSWORD
Cobbler authentication password.
- COBBLER_SERVER
URL to cobbler.
- COBBLER_USER
Cobbler authentication user.
- DSV_CLIENT_ID
The client_id with which to request the Access Grant.
Used by: community.general.dsv lookup plugin
- DSV_CLIENT_SECRET
The client secret associated with the specific
client_id.Used by: community.general.dsv lookup plugin
- DSV_TENANT
The first format parameter in the default
url_template.Used by: community.general.dsv lookup plugin
- DSV_TLD
The top-level domain of the tenant; the second format parameter in the default
url_template.Used by: community.general.dsv lookup plugin
- DSV_URL_TEMPLATE
The path to prepend to the base URL to form a valid REST API request.
Used by: community.general.dsv lookup plugin
- ELASTIC_APM_API_KEY
Use the APM API key
- ELASTIC_APM_SECRET_TOKEN
Use the APM server token
- ELASTIC_APM_SERVER_URL
Use the APM server and its environment variables.
- ELASTIC_APM_SERVICE_NAME
The service name resource attribute.
- ELASTIC_APM_VERIFY_SERVER_CERT
Verifies the SSL certificate if an HTTPS connection.
- ETCDCTL_CACERT
etcd3 CA authority.
- ETCDCTL_CERT
etcd3 client certificate.
- ETCDCTL_DIAL_TIMEOUT
Client timeout.
- ETCDCTL_ENDPOINTS
Counterpart of
ETCDCTL_ENDPOINTSenvironment variable. Specify the etcd3 connection with and URL form, for examplehttps://hostname:2379, or<host>:<port>form.The
hostpart is overwritten byhostoption, if defined.The
portpart is overwritten byportoption, if defined.
- ETCDCTL_KEY
etcd3 client private key.
- ETCDCTL_PASSWORD
Authenticated user password.
- ETCDCTL_USER
Authenticated user name.
- GITLAB_API_TOKEN
GitLab token for logging in.
- GITLAB_FILTER
filter runners from GitLab API
- GITLAB_SERVER_URL
The URL of the GitLab server, with protocol (i.e. http or https).
- HETZNER_DNS_TOKEN
The token for the Hetzner API.
If not provided, will be read from the environment variable
HETZNER_DNS_TOKEN.
- HIPCHAT_API_VERSION
HipChat API version, v1 or v2.
- HIPCHAT_FROM
Name to post as
- HIPCHAT_NOTIFY
Add notify flag to important messages
- HIPCHAT_ROOM
HipChat room to post in.
- HIPCHAT_TOKEN
HipChat API token for v1 or v2 API.
- HROBOT_API_PASSWORD
The password for the Robot webservice user.
- HROBOT_API_USER
The username for the Robot webservice user.
- JABBER_PASS
Password for the user to the jabber server
- JABBER_SERV
connection info to jabber server
- JABBER_TO
chat identifier that will receive the message
- JABBER_USER
Jabber user to authenticate as
- JUNIT_FAIL_ON_CHANGE
Consider any tasks reporting “changed” as a junit test failure
- JUNIT_FAIL_ON_IGNORE
Consider failed tasks as a junit test failure even if ignore_on_error is set
- JUNIT_HIDE_TASK_ARGUMENTS
Hide the arguments for a task
- JUNIT_INCLUDE_SETUP_TASKS_IN_REPORT
Should the setup tasks be included in the final report
- JUNIT_OUTPUT_DIR
Directory to write XML files to.
- JUNIT_REPLACE_OUT_OF_TREE_PATH
Replace the directory portion of an out-of-tree relative task path with the given placeholder
- JUNIT_TASK_CLASS
Configure the output to be one class per yaml file
- JUNIT_TASK_RELATIVE_PATH
Configure the output to use relative paths to given directory
- JUNIT_TEST_CASE_PREFIX
Consider a task only as test case if it has this value as prefix. Additionally failing tasks are recorded as failed test cases.
- LINODE_ACCESS_TOKEN
The Linode account personal access token.
- LOGDNA_HOSTNAME
Alternative Host Name; the current host name by default.
- LOGDNA_INGESTION_KEY
LogDNA Ingestion Key.
- LOGDNA_TAGS
Tags.
- LOGENTRIES_ANSIBLE_TOKEN
The logentries
TCP token.
- LOGENTRIES_API
URI to the Logentries API.
- LOGENTRIES_FLATTEN
Flatten complex data structures into a single dictionary with complex keys.
- LOGENTRIES_PORT
HTTP port to use when connecting to the API.
- LOGENTRIES_TLS_PORT
Port to use when connecting to the API when TLS is enabled.
- LOGENTRIES_USE_TLS
Toggle to decide whether to use TLS to encrypt the communications with the API server.
- LOGSTASH_FORMAT_VERSION
Logging format.
- LOGSTASH_PORT
Port on which logstash is listening.
- LOGSTASH_PRE_COMMAND
Executes command before run and its result is added to the
ansible_pre_command_outputlogstash field.
- LOGSTASH_SERVER
Address of the Logstash server.
- LOGSTASH_TYPE
Message type.
- MANIFOLD_API_TOKEN
manifold API token
- NRDP_HOSTNAME
Hostname where the passive check is linked to.
- NRDP_SERVICENAME
Service where the passive check is linked to.
- NRDP_TOKEN
Token to be allowed to push nrdp events.
- NRDP_URL
URL of the nrdp server.
- NRDP_VALIDATE_CERTS
Validate the SSL certificate of the nrdp server. (Used for HTTPS URLs.)
- ONE_AUTH
If both
api_usernameorapi_passwordare not set, then it will try authenticate with ONE auth file. Default path is~/.one/one_auth.Set environment variable
ONE_AUTHto override this path.
- ONE_PASSWORD
Password or a token of the user to login into OpenNebula RPC server.
If not set, the value of the
ONE_PASSWORDenvironment variable is used.
- ONE_URL
URL of the OpenNebula RPC server.
It is recommended to use HTTPS so that the username/password are not transferred over the network unencrypted.
If not set then the value of the
ONE_URLenvironment variable is used.
- ONE_USERNAME
Name of the user to login into the OpenNebula RPC server. If not set then the value of the
ONE_USERNAMEenvironment variable is used.
- ONLINE_API_KEY
Online OAuth token.
- ONLINE_OAUTH_TOKEN
Online OAuth token.
- ONLINE_TOKEN
Online OAuth token.
- OP_CONNECT_HOST
The host for 1Password Connect. Must be used in combination with
connect_token.Used by: community.general.onepassword lookup plugin, community.general.onepassword_doc lookup plugin, community.general.onepassword_raw lookup plugin
- OP_CONNECT_TOKEN
The token for 1Password Connect. Must be used in combination with
connect_host.Used by: community.general.onepassword lookup plugin, community.general.onepassword_doc lookup plugin, community.general.onepassword_raw lookup plugin
- OP_SERVICE_ACCOUNT_TOKEN
The access key for a service account.
Only works with 1Password CLI version 2 or later.
Used by: community.general.onepassword lookup plugin, community.general.onepassword_doc lookup plugin, community.general.onepassword_raw lookup plugin
- OTEL_SERVICE_NAME
The service name resource attribute.
- PASSWORD_STORE_DIR
The directory of the password store.
If
backend=pass, the default is~/.password-storeis used.If
backend=gopass, then the default is thepathfield in~/.config/gopass/config.yml, falling back to~/.local/share/gopass/stores/rootifpathis not defined in the gopass config.
- PASSWORD_STORE_UMASK
Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
Note pass’ default value is
'077'.
- PROXMOX_PASSWORD
Proxmox authentication password.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_PASSWORDwill be used instead.Since community.general 4.7.0 you can also use templating to specify the value of the
password.If you do not specify a password, you must set
token_idandtoken_secretinstead.
- PROXMOX_TOKEN_ID
Proxmox authentication token ID.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_TOKEN_IDwill be used instead.To use token authentication, you must also specify
token_secret. If you do not specifytoken_idandtoken_secret, you must set a password instead.Make sure to grant explicit pve permissions to the token or disable ‘privilege separation’ to use the users’ privileges instead.
- PROXMOX_TOKEN_SECRET
Proxmox authentication token secret.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_TOKEN_SECRETwill be used instead.To use token authentication, you must also specify
token_id. If you do not specifytoken_idandtoken_secret, you must set a password instead.
- PROXMOX_URL
URL to Proxmox cluster.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_URLwill be used instead.Since community.general 4.7.0 you can also use templating to specify the value of the
url.
- PROXMOX_USER
Proxmox authentication user.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_USERwill be used instead.Since community.general 4.7.0 you can also use templating to specify the value of the
user.
- SCW_API_KEY
Scaleway OAuth token.
If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (
$SCW_CONFIG_PATH,$XDG_CONFIG_HOME/scw/config.yaml, or~/.config/scw/config.yaml).More details on how to generate token.
- SCW_OAUTH_TOKEN
Scaleway OAuth token.
If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (
$SCW_CONFIG_PATH,$XDG_CONFIG_HOME/scw/config.yaml, or~/.config/scw/config.yaml).More details on how to generate token.
- SCW_TOKEN
Scaleway OAuth token.
If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (
$SCW_CONFIG_PATH,$XDG_CONFIG_HOME/scw/config.yaml, or~/.config/scw/config.yaml).More details on how to generate token.
- SLACK_CHANNEL
Slack room to post in.
- SLACK_USERNAME
Username to post as.
- SLACK_VALIDATE_CERTS
Validate the SSL certificate of the Slack server for HTTPS URLs.
- SLACK_WEBHOOK_URL
Slack Webhook URL.
- SMTPHOST
Mail Transfer Agent, server that accepts SMTP.
- SOPS_ANSIBLE_AWX_DISABLE_VARS_PLUGIN_TEMPORARILY
Temporarily disable this plugin.
Useful if ansible-inventory is supposed to be run without decrypting secrets (in AWX for instance).
Used by: community.sops.sops vars plugin
- SPLUNK_AUTHTOKEN
Token to authenticate the connection to the Splunk HTTP collector.
- SPLUNK_BATCH
Correlation ID which can be set across multiple playbook executions.
- SPLUNK_INCLUDE_MILLISECONDS
Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk HTTP collector.
- SPLUNK_URL
URL to the Splunk HTTP collector source.
- SPLUNK_VALIDATE_CERTS
Whether to validate certificates for connections to HEC. It is not recommended to set to
falseexcept when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it tofalseallows man-in-the-middle attacks!
- SUMOLOGIC_URL
URL to the Sumologic HTTP collector source.
- SYSLOG_FACILITY
Syslog facility to log as.
- SYSLOG_PORT
Port on which the syslog server is listening.
- SYSLOG_SERVER
Syslog server that will receive the event.
- TRACEPARENT
The W3C Trace Context header traceparent.
Used by: community.general.elastic callback plugin, community.general.opentelemetry callback plugin
- TSS_API_PATH_URI
The path to append to the base URL to form a valid REST API request.
Used by: community.general.tss lookup plugin
- TSS_BASE_URL
The base URL of the server, for example
https://localhost/SecretServer.Used by: community.general.tss lookup plugin
- TSS_DOMAIN
The domain with which to request the OAuth2 Access Grant.
Optional when
tokenis not provided.Requires
python-tss-sdkversion 1.0.0 or greater.Used by: community.general.tss lookup plugin
- TSS_PASSWORD
The password associated with the supplied username.
Required when
tokenis not provided.Used by: community.general.tss lookup plugin
- TSS_TOKEN
Existing token for Thycotic authorizer.
If provided,
usernameandpasswordare not needed.Requires
python-tss-sdkversion 1.0.0 or greater.Used by: community.general.tss lookup plugin
- TSS_TOKEN_PATH_URI
The path to append to the base URL to form a valid OAuth2 Access Grant request.
Used by: community.general.tss lookup plugin
- TSS_USERNAME
The username with which to request the OAuth2 Access Grant.
Used by: community.general.tss lookup plugin
- WORKSPACE_ID
Workspace ID of the Azure log analytics workspace.
- WORKSPACE_SHARED_KEY
Shared key to connect to Azure log analytics workspace.