Index of all Collection Environment Variables
The following index documents all environment variables declared by plugins in collections. Environment variables used by the ansible-core configuration are documented in Ansible Configuration Settings.
- AIM_CLIPASSWORDSDK_CMD
Cyberark CLI utility.
- ANSIBLE_ADMIN_USERS
list of users to be expected to have admin privileges. This is used by the controller to determine how to share temporary files between the remote user and the become user.
Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_ASYNC_DIR
Directory in which ansible will keep async job information
Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_BECOME_PASS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.runas become plugin, ansible.builtin.su become plugin, ansible.builtin.sudo become plugin, ansible.netcommon.enable become plugin, community.general.doas become plugin, community.general.dzdo become plugin, community.general.ksu become plugin, community.general.machinectl become plugin, community.general.pbrun become plugin, community.general.pfexec become plugin, community.general.pmrun become plugin, community.general.sesu become plugin, community.general.sudosu become plugin, containers.podman.podman_unshare become plugin
- ANSIBLE_CACHE_REDIS_KEYSET_NAME
User defined name for cache keyset name.
Used by: community.general.redis cache plugin
- ANSIBLE_CACHE_REDIS_SENTINEL
The redis sentinel service name (or referenced as cluster name).
Used by: community.general.redis cache plugin
- ANSIBLE_CALLBACK_DIY_ON_ANY_MSG
Output to be used for callback on_any.
- ANSIBLE_CALLBACK_DIY_ON_ANY_MSG_COLOR
Output color to be used for
on_any_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG
Output to be used for callback on_file_diff.
- ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG_COLOR
Output color to be used for
on_file_diff_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG
Output to be used for callback playbook_on_handler_task_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG_COLOR
Output color to be used for
playbook_on_handler_task_start_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG
Output to be used for callback playbook_on_include.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG_COLOR
Output color to be used for
playbook_on_include_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG
Output to be used for callback playbook_on_no_hosts_matched.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG_COLOR
Output color to be used for
playbook_on_no_hosts_matched_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG
Output to be used for callback playbook_on_no_hosts_remaining.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG_COLOR
Output color to be used for
playbook_on_no_hosts_remaining_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG
Output to be used for callback playbook_on_notify.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG_COLOR
Output color to be used for
playbook_on_notify_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG
Output to be used for callback playbook_on_play_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG_COLOR
Output color to be used for
playbook_on_play_start_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG
Output to be used for callback playbook_on_setup.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG_COLOR
Output color to be used for
playbook_on_setup_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG
Output to be used for callback playbook_on_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG_COLOR
Output color to be used for
playbook_on_start_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG
Output to be used for callback playbook_on_stats.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG_COLOR
Output color to be used for
playbook_on_stats_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG
Output to be used for callback playbook_on_task_start.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG_COLOR
Output color to be used for
playbook_on_task_start_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG
Output to be used for callback playbook_on_vars_prompt.
- ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG_COLOR
Output color to be used for
playbook_on_vars_prompt_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG
Output to be used for callback runner_item_on_failed.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG_COLOR
Output color to be used for
runner_item_on_failed_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG
Output to be used for callback runner_item_on_ok.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG_COLOR
Output color to be used for
runner_item_on_ok_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG
Output to be used for callback runner_item_on_skipped.
- ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG_COLOR
Output color to be used for
runner_item_on_skipped_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG
Output to be used for callback runner_on_failed.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG_COLOR
Output color to be used for
runner_on_failed_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG
Output to be used for callback runner_on_no_hosts.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG_COLOR
Output color to be used for
runner_on_no_hosts_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG
Output to be used for callback runner_on_ok.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG_COLOR
Output color to be used for
runner_on_ok_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG
Output to be used for callback runner_on_skipped.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG_COLOR
Output color to be used for
runner_on_skipped_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG
Output to be used for callback runner_on_start.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG_COLOR
Output color to be used for
runner_on_start_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG
Output to be used for callback runner_on_unreachable.
- ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG_COLOR
Output color to be used for
runner_on_unreachable_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG
Output to be used for callback runner_retry.
- ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG_COLOR
Output color to be used for
runner_retry_msg
.Template should render a valid color value.
- ANSIBLE_CALLBACK_FORMAT_PRETTY
Configure the result format to be more readable
When
result_format
is set toyaml
this option defaults toTrue
, and defaults toFalse
when configured tojson
.Setting this option to
True
will forcejson
andyaml
results to always be pretty printed regardless of verbosity.When set to
True
and used with theyaml
result format, this option will modify module responses in an attempt to produce a more human friendly output at the expense of correctness, and should not be relied upon to aid in writing variable manipulations or conditionals. For correctness, set this option toFalse
or setresult_format
tojson
.Used by: ansible.builtin.default callback plugin, ansible.builtin.minimal callback plugin, community.general.default_without_diff callback plugin
- ANSIBLE_CALLBACK_RESULT_FORMAT
Define the task result format used in the callback output.
These formats do not cause the callback to emit valid JSON or YAML formats.
The output contains these formats interspersed with other non-machine parsable data.
Used by: ansible.builtin.default callback plugin, ansible.builtin.minimal callback plugin, community.general.default_without_diff callback plugin
- ANSIBLE_CALLBACK_TREE_DIR
directory that will contain the per host JSON files. Also set by the
--tree
option when using adhoc.Used by: ansible.builtin.tree callback plugin
- ANSIBLE_CERTIFICATE_CHAIN_FILE
The PEM encoded certificate chain file used to create a SSL-enabled channel. If the value is None, no certificate chain is used.
- ANSIBLE_CHECK_MODE_MARKERS
Toggle to control displaying markers when running in check mode.
The markers are
DRY RUN
at the beginning and ending of playbook execution (when callingansible-playbook --check
) andCHECK MODE
as a suffix at every play and task that is run in check mode.Used by: ansible.builtin.default callback plugin, ansible.posix.debug callback plugin, ansible.posix.skippy callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
Do not check that the user is not root.
- ANSIBLE_CHROOT_EXE
User specified chroot binary
- ANSIBLE_COMMON_REMOTE_GROUP
Checked when Ansible needs to execute a module as a different user.
If setfacl and chown both fail and do not let the different user access the module’s files, they will be chgrp’d to this group.
In order for this to work, the remote_user and become_user must share a common group and this setting must be set to that group.
Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_CONSUL_CLIENT_CERT
The client cert to verify the ssl connection.
- ANSIBLE_CONSUL_URL
The target to connect to.
Should look like this:
https://my.consul.server:8500
.
- ANSIBLE_CONSUL_VALIDATE_CERTS
Whether to verify the ssl connection or not.
- ANSIBLE_DISPLAY_FAILED_STDERR
Toggle to control whether failed and unreachable tasks are displayed to STDERR (vs. STDOUT)
Used by: ansible.builtin.default callback plugin, ansible.posix.debug callback plugin, ansible.posix.skippy callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_DISPLAY_OK_HOSTS
Toggle to control displaying ‘ok’ task/host results in a task
Used by: ansible.builtin.default callback plugin, ansible.posix.debug callback plugin, ansible.posix.skippy callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_DOAS_EXE
Doas executable
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_FLAGS
Options to pass to doas
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_PASS
password for doas prompt
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_PROMPT_L10N
List of localized strings to match for prompt detection
If empty we’ll use the built in one
Used by: community.general.doas become plugin
- ANSIBLE_DOAS_USER
User you ‘become’ to execute the task
Used by: community.general.doas become plugin
- ANSIBLE_DOCKER_PRIVILEGED
Whether commands should be run with extended privileges.
Note that this allows command to potentially break out of the container. Use with care!
Used by: community.docker.docker connection plugin, community.docker.docker_api connection plugin
- ANSIBLE_DOCKER_TIMEOUT
Controls how long we can wait to access reading output from the container once execution started.
Used by: community.docker.docker connection plugin, community.docker.docker_api connection plugin
- ANSIBLE_DOCKER_WORKING_DIR
See the documentations for the options where this environment variable is used.
Used by: community.docker.docker connection plugin, community.docker.docker_api connection plugin
- ANSIBLE_DZDO_EXE
Dzdo executable
Used by: community.general.dzdo become plugin
- ANSIBLE_DZDO_FLAGS
Options to pass to dzdo
Used by: community.general.dzdo become plugin
- ANSIBLE_DZDO_PASS
Options to pass to dzdo
Used by: community.general.dzdo become plugin
- ANSIBLE_DZDO_USER
User you ‘become’ to execute the task
Used by: community.general.dzdo become plugin
- ANSIBLE_ENABLE_PASS
password
- ANSIBLE_EOS_USE_SESSIONS
Specifies if sessions should be used on remote host or not
Used by: arista.eos.eos cliconf plugin, arista.eos.eos httpapi plugin
- ANSIBLE_ETCD_URL
Environment variable with the URL for the etcd server
Used by: community.general.etcd lookup plugin
- ANSIBLE_ETCD_VERSION
Environment variable with the etcd protocol version
Used by: community.general.etcd lookup plugin
- ANSIBLE_GPRC_SSL_TARGET_NAME_OVERRIDE
The option overrides SSL target name used for SSL host name checking. The name used for SSL host name checking will be the target parameter (assuming that the secure channel is an SSL channel). If this parameter is specified and the underlying is not an SSL channel, it will just be ignored.
- ANSIBLE_GRPC_CONNECTION_TYPE
This option indicates the grpc type and it can be used in place of network_os. (example cisco.iosxr.iosxr)
- ANSIBLE_HASHI_VAULT_ADDR
URL to the Vault service.
If not specified by any other means, the value of the
VAULT_ADDR
environment variable will be used.If
VAULT_ADDR
is also not defined then an error will be raised.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_AUTH_METHOD
Authentication method to be used.
none
auth method was added in collection version1.2.0
.cert
auth method was added in collection version1.4.0
.aws_iam_login
was renamedaws_iam
in collection version2.1.0
and was removed in3.0.0
.azure
auth method was added in collection version3.2.0
.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_AWS_IAM_SERVER_ID
If specified, sets the value to use for the
X-Vault-AWS-IAM-Server-ID
header as part ofGetCallerIdentity
request.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_AZURE_CLIENT_ID
The client ID (also known as application ID) of the Azure AD service principal or managed identity. Should be a UUID.
If not specified, will use the system assigned managed identity.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_AZURE_CLIENT_SECRET
The client secret of the Azure AD service principal.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_AZURE_RESOURCE
The resource URL for the application registered in Azure Active Directory. Usually should not be changed from the default.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_AZURE_TENANT_ID
The Azure Active Directory Tenant ID (also known as the Directory ID) of the service principal. Should be a UUID.
Required when using a service principal to authenticate to Vault, e.g. required when both azure_client_id and azure_client_secret are specified.
Optional when using managed identity to authenticate to Vault.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_CA_CERT
Path to certificate to use for authentication.
If not specified by any other means, the
VAULT_CACERT
environment variable will be used.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_CERT_AUTH_PRIVATE_KEY
For
cert
auth, path to the private key file to authenticate with, in PEM format.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_CERT_AUTH_PUBLIC_KEY
For
cert
auth, path to the certificate file to authenticate with, in PEM format.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_JWT
The JSON Web Token (JWT) to use for JWT authentication to Vault.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_MOUNT_POINT
Vault mount point.
If not specified, the default mount point for a given auth method is used.
Does not apply to token authentication.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_NAMESPACE
Vault namespace where secrets reside. This option requires HVAC 0.7.0+ and Vault 0.11+.
Optionally, this may be achieved by prefixing the authentication mount point and/or secret path with the namespace (e.g
mynamespace/secret/mysecret
).If environment variable
VAULT_NAMESPACE
is set, its value will be used last among all ways to specify namespace.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_PASSWORD
Authentication password.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_PROXIES
URL(s) to the proxies used to access the Vault service.
It can be a string or a dict.
If it’s a dict, provide the scheme (eg.
http
orhttps
) as the key, and the URL as the value.If it’s a string, provide a single URL that will be used as the proxy for both
http
andhttps
schemes.A string that can be interpreted as a dictionary will be converted to one (see examples).
You can specify a different proxy for HTTP and HTTPS resources.
If not specified, environment variables from the Requests library are used.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_RETRIES
Allows for retrying on errors, based on the Retry class in the urllib3 library.
This collection defines recommended defaults for retrying connections to Vault.
This option can be specified as a positive number (integer) or dictionary.
If this option is not specified or the number is
0
, then retries are disabled.A number sets the total number of retries, and uses collection defaults for the other settings.
A dictionary value is used directly to initialize the
Retry
class, so it can be used to fully customize retries.For detailed information on retries, see the collection User Guide.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_RETRY_ACTION
Controls whether and how to show messages on retries.
This has no effect if a request is not retried.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_ROLE_ID
Vault Role ID or name. Used in
approle
,aws_iam
,azure
andcert
auth methods.For
cert
auth, if no role_id is supplied, the default behavior is to try all certificate roles and return any one that matches.For
azure
auth, role_id is required.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_SECRET_ID
Secret ID to be used for Vault AppRole authentication.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_TIMEOUT
Sets the connection timeout in seconds.
If not set, then the
hvac
library’s default is used.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_TOKEN
Vault token. Token may be specified explicitly, through the listed [env] vars, and also through the
VAULT_TOKEN
env var.If no token is supplied, explicitly or through env, then the plugin will check for a token file, as determined by token_path and token_file.
The order of token loading (first found wins) is
token param -> ansible var -> ANSIBLE_HASHI_VAULT_TOKEN -> VAULT_TOKEN -> token file
.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_TOKEN_FILE
If no token is specified, will try to read the token from this file in token_path.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_TOKEN_PATH
If no token is specified, will try to read the token_file from this path.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_TOKEN_VALIDATE
For token auth, will perform a
lookup-self
operation to determine the token’s validity before using it.Disable if your token does not have the
lookup-self
capability.Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HASHI_VAULT_USERNAME
Authentication user name.
Used by: community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- ANSIBLE_HIERA_BIN
Binary file to execute Hiera.
- ANSIBLE_HIERA_CFG
File that describes the hierarchy of Hiera.
- ANSIBLE_HOST_KEY_AUTO_ADD
By default, Ansible will prompt the user before adding SSH keys to the known hosts file. Since persistent connections such as network_cli run in background processes, the user will never be prompted. By enabling this option, unknown host keys will automatically be added to the known hosts file.
Be sure to fully understand the security implications of enabling this option on production systems as it could create a security vulnerability.
- ANSIBLE_HOSTTECH_API_PASSWORD
The password for the Hosttech API user.
If provided,
hosttech_username
must also be provided.Mutually exclusive with
hosttech_token
.Used by: community.dns.hosttech_dns_records inventory plugin
- ANSIBLE_HOSTTECH_API_USERNAME
The username for the Hosttech API user.
If provided,
hosttech_password
must also be provided.Mutually exclusive with
hosttech_token
.Used by: community.dns.hosttech_dns_records inventory plugin
- ANSIBLE_HOSTTECH_DNS_TOKEN
The password for the Hosttech API user.
Mutually exclusive with
hosttech_username
andhosttech_password
.Since community.dns 1.2.0, the alias
api_token
can be used.Used by: community.dns.hosttech_dns_records inventory plugin
- ANSIBLE_HTTPAPI_LOGIN_DOMAIN
The login domain name to use for authentication.
The default value is Local.
Used by: cisco.mso.mso httpapi plugin
- ANSIBLE_IGNORE_ERRORS
Whether to ignore errors on failing or not.
- ANSIBLE_INVENTORY_PLUGIN_EXTS
list of ‘valid’ extensions for files containing YAML
- ANSIBLE_INVENTORY_PLUGIN_SCRIPT_STDERR
Toggle display of stderr even when script was successful
- ANSIBLE_INVENTORY_USE_EXTRA_VARS
Merge extra vars into the available variables for composition (highest precedence).
Used by: amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, ansible.builtin.constructed inventory plugin, azure.azcollection.azure_rm inventory plugin, cloudscale_ch.cloud.inventory inventory plugin, community.aws.aws_mq inventory plugin, community.digitalocean.digitalocean inventory plugin, community.docker.docker_containers inventory plugin, community.docker.docker_machine inventory plugin, community.docker.docker_swarm inventory plugin, community.general.gitlab_runners inventory plugin, community.general.icinga2 inventory plugin, community.general.linode inventory plugin, community.general.nmap inventory plugin, community.general.opennebula inventory plugin, community.general.proxmox inventory plugin, community.general.stackpath_compute inventory plugin, community.general.virtualbox inventory plugin, community.general.xen_orchestra inventory plugin, community.hrobot.robot inventory plugin, community.libvirt.libvirt inventory plugin, community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_vm_inventory inventory plugin, community.zabbix.zabbix_inventory inventory plugin, google.cloud.gcp_compute inventory plugin, hetzner.hcloud.hcloud inventory plugin, microsoft.ad.ldap inventory plugin, netbox.netbox.nb_inventory inventory plugin, ngine_io.cloudstack.instance inventory plugin, openstack.cloud.openstack inventory plugin, ovirt.ovirt.ovirt inventory plugin, telekom_mms.icinga_director.icinga_director_inventory inventory plugin, theforeman.foreman.foreman inventory plugin, vultr.cloud.vultr inventory plugin
- ANSIBLE_IOS_COMMIT_CONFIRM_IMMEDIATE
Enable or disable commit confirm mode.
Confirms the configuration pushed after a custom/ default timeout.(default 1 minute).
For custom timeout configuration set commit_confirm_timeout value.
On commit_confirm_immediate default value for commit_confirm_timeout is considered 1 minute when variable in not explicitly declared.
Used by: cisco.ios.ios cliconf plugin
- ANSIBLE_IOS_COMMIT_CONFIRM_TIMEOUT
Commits the configuration on a trial basis for the time specified in minutes.
Using commit_confirm_timeout without specifying commit_confirm_immediate would need an explicit
configure confirm
using the ios_command module to confirm/commit the changes made.Refer to example for a use case demonstration.
Used by: cisco.ios.ios cliconf plugin
- ANSIBLE_IOSXR_COMMIT_COMMENT
Adds comment to commit confirmed..
Used by: cisco.iosxr.iosxr cliconf plugin
- ANSIBLE_IOSXR_COMMIT_CONFIRMED
enable or disable commit confirmed mode
Used by: cisco.iosxr.iosxr cliconf plugin
- ANSIBLE_IOSXR_COMMIT_CONFIRMED_TIMEOUT
Commits the configuration on a trial basis for the time specified in seconds or minutes.
Used by: cisco.iosxr.iosxr cliconf plugin
- ANSIBLE_IOSXR_COMMIT_LABEL
Adds label to commit confirmed.
Used by: cisco.iosxr.iosxr cliconf plugin
- ANSIBLE_IOSXR_CONFIG_MODE_EXCLUSIVE
enable or disable config mode exclusive
Used by: cisco.iosxr.iosxr cliconf plugin
- ANSIBLE_JSON_INDENT
See the documentations for the options where this environment variable is used.
Used by: ansible.posix.json callback plugin, ansible.posix.jsonl callback plugin
- ANSIBLE_KSU_EXE
Su executable
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_FLAGS
Options to pass to ksu
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_PASS
ksu password
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_PROMPT_L10N
List of localized strings to match for prompt detection
If empty we’ll use the built in one
Used by: community.general.ksu become plugin
- ANSIBLE_KSU_USER
User you ‘become’ to execute the task
Used by: community.general.ksu become plugin
- ANSIBLE_LIBSSH_CONFIG_FILE
Alternate SSH config file location
- ANSIBLE_LIBSSH_HOST_KEY_AUTO_ADD
TODO: write it
- ANSIBLE_LIBSSH_HOST_KEY_CHECKING
Set this to “False” if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
- ANSIBLE_LIBSSH_LOOK_FOR_KEYS
TODO: write it
- ANSIBLE_LIBSSH_PROXY_COMMAND
Proxy information for running the connection via a jumphost.
Also this plugin will scan ‘ssh_args’, ‘ssh_extra_args’ and ‘ssh_common_args’ from the ‘ssh’ plugin settings for proxy information if set.
- ANSIBLE_LIBSSH_PTY
TODO: write it
- ANSIBLE_LIBSSH_REMOTE_USER
User to login/authenticate as
Can be set from the CLI via the
--user
or-u
options.
- ANSIBLE_LOG_FOLDER
The folder where log files will be created.
- ANSIBLE_LOOKUP_URL_AGENT
User-Agent to use in the request. The default was changed in 2.11 to
ansible-httpget
.Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_CA_PATH
String of file system path to CA cert bundle to use
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_CIPHERS
SSL/TLS Ciphers to use for the request
When a list is provided, all ciphers are joined in order with
:
See the OpenSSL Cipher List Format for more details.
The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_FOLLOW_REDIRECTS
String of urllib2, all/yes, safe, none to determine how redirects are followed, see RedirectHandlerFactory for more information.
all
Will follow all redirects.none
Will not follow any redirects.safe
Only redirects doing GET or HEAD requests will be followed.urllib2
Defer to urllib2 behavior (As of writing this follows HTTP redirects).'no'
(DEPRECATED, will be removed in the future version) alias ofnone
.'yes'
(DEPRECATED, will be removed in the future version) alias ofall
.Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_FORCE
Whether or not to set “cache-control” header with value “no-cache”
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_FORCE_BASIC_AUTH
Force basic authentication
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_TIMEOUT
How long to wait for the server to send data before giving up
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_UNIX_SOCKET
String of file system path to unix socket file to use when establishing connection to the provided url
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_UNREDIR_HEADERS
A list of headers to not attach on a redirected request
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_USE_GSSAPI
Use GSSAPI handler of requests
As of Ansible 2.11, GSSAPI credentials can be specified with
username
andpassword
.Used by: ansible.builtin.url lookup plugin
- ANSIBLE_LOOKUP_URL_USE_NETRC
Determining whether to use credentials from ``~/.netrc`` file
By default .netrc is used with Basic authentication headers
When set to False, .netrc credentials are ignored
Used by: ansible.builtin.url lookup plugin
- ANSIBLE_MACHINECTL_EXE
Machinectl executable
- ANSIBLE_MACHINECTL_FLAGS
Options to pass to machinectl
- ANSIBLE_MACHINECTL_PASS
Password for machinectl
- ANSIBLE_MACHINECTL_USER
User you ‘become’ to execute the task
- ANSIBLE_MERGE_VARIABLES_OVERRIDE
Return an error, print a warning or ignore it when a key will be overwritten.
The default behavior
error
makes the plugin fail when a key would be overwritten.When
warn
andignore
are used, note that it is important to know that the variables are sorted by name before being merged. Keys for later variables in this order will overwrite keys of the same name for variables earlier in this order. To avoid potential confusion, better useoverride=error
whenever possible.
- ANSIBLE_MERGE_VARIABLES_PATTERN_TYPE
Change the way of searching for the specified pattern.
- ANSIBLE_NETCONF_HOST_KEY_CHECKING
Set this to “False” if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
- ANSIBLE_NETCONF_PROXY_COMMAND
Proxy information for running the connection via a jumphost.
This requires ncclient >= 0.6.10 to be installed on the controller.
- ANSIBLE_NETWORK_CLI_RETRIES
Number of attempts to connect to remote host. The delay time between the retires increases after every attempt by power of 2 in seconds till either the maximum attempts are exhausted or any of the
persistent_command_timeout
orpersistent_connect_timeout
timers are triggered.
- ANSIBLE_NETWORK_CLI_SSH_TYPE
The python package that will be used by the
network_cli
connection plugin to create a SSH connection to remote host.libssh will use the ansible-pylibssh package, which needs to be installed in order to work.
paramiko will instead use the paramiko package to manage the SSH connection.
auto will use ansible-pylibssh if that package is installed, otherwise will fallback to paramiko.
- ANSIBLE_NETWORK_IMPORT_MODULES
Reduce CPU usage and network module execution time by enabling direct execution. Instead of the module being packaged and executed by the shell, it will be directly executed by the Ansible control node using the same python interpreter as the Ansible process. Note- Incompatible with
asynchronous mode
. Note- Python 3 and Ansible 2.9.16 or greater required. Note- With Ansible 2.9.x fully qualified modules names are required in tasks.Used by: ansible.netcommon.grpc connection plugin, ansible.netcommon.httpapi connection plugin, ansible.netcommon.netconf connection plugin, ansible.netcommon.network_cli connection plugin, ansible.netcommon.persistent connection plugin
- ANSIBLE_NETWORK_SINGLE_USER_MODE
This option enables caching of data fetched from the target for re-use. The cache is invalidated when the target device enters configuration mode.
Applicable only for platforms where this has been implemented.
- ANSIBLE_NMAP_ADDRESS
Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation.
- ANSIBLE_NMAP_EXCLUDE
List of addresses to exclude.
For example
10.2.2.15-25
or10.2.2.15,10.2.2.16
.
- ANSIBLE_NSENTER_PID
PID to attach with using nsenter.
The default should be fine unless you are attaching as a non-root user.
- ANSIBLE_OPENTELEMETRY_DISABLE_ATTRIBUTES_IN_LOGS
Disable populating span attributes to the logs.
- ANSIBLE_OPENTELEMETRY_DISABLE_LOGS
Disable sending logs.
- ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT
Whether to enable this callback only if the given environment variable exists and it is set to
true
.This is handy when you use Configuration as Code and want to send distributed traces if running in the CI rather when running Ansible locally.
For such, it evaluates the given
enable_from_environment
value as environment variable and if set to true this plugin will be enabled.
- ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
Hide the arguments for a task.
Used by: community.general.elastic callback plugin, community.general.opentelemetry callback plugin
- ANSIBLE_PARAMIKO_BANNER_TIMEOUT
Configures, in seconds, the amount of time to wait for the SSH banner to be presented. This option is supported by paramiko version 1.15.0 or newer.
- ANSIBLE_PARAMIKO_HOST_KEY_CHECKING
Set this to “False” if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
- ANSIBLE_PARAMIKO_PRIVATE_KEY_FILE
Path to private key file to use for authentication.
- ANSIBLE_PARAMIKO_PROXY_COMMAND
Proxy information for running the connection via a jumphost
Also this plugin will scan ‘ssh_args’, ‘ssh_extra_args’ and ‘ssh_common_args’ from the ‘ssh’ plugin settings for proxy information if set.
- ANSIBLE_PARAMIKO_PTY
SUDO usually requires a PTY, True to give a PTY and False to not give a PTY.
- ANSIBLE_PARAMIKO_RECORD_HOST_KEYS
Save the host keys to a file
- ANSIBLE_PARAMIKO_REMOTE_USER
User to login/authenticate as
Can be set from the CLI via the
--user
or-u
options.
- ANSIBLE_PARAMIKO_TIMEOUT
Number of seconds until the plugin gives up on failing to establish a TCP connection.
- ANSIBLE_PARAMIKO_USE_RSA_SHA2_ALGORITHMS
Whether or not to enable RSA SHA2 algorithms for pubkeys and hostkeys
On paramiko versions older than 2.9, this only affects hostkeys
For behavior matching paramiko<2.9 set this to
False
- ANSIBLE_PBRUN_EXE
Sudo executable
- ANSIBLE_PBRUN_FLAGS
Options to pass to pbrun
- ANSIBLE_PBRUN_PASS
Password for pbrun
- ANSIBLE_PBRUN_USER
User you ‘become’ to execute the task
- ANSIBLE_PBRUN_WRAP_EXECUTION
Toggle to wrap the command pbrun calls in ‘shell -c’ or not
- ANSIBLE_PERSISTENT_BUFFER_READ_TIMEOUT
Configures, in seconds, the amount of time to wait for the data to be read from Paramiko channel after the command prompt is matched. This timeout value ensures that command prompt matched is correct and there is no more data left to be received from remote host.
- ANSIBLE_PERSISTENT_LOG_MESSAGES
This flag will enable logging the command executed and response received from target device in the ansible log file. For this option to work ‘log_path’ ansible configuration option is required to be set to a file path with write access.
Be sure to fully understand the security implications of enabling this option as it could create a security vulnerability by logging sensitive information in log file.
Used by: ansible.netcommon.grpc connection plugin, ansible.netcommon.httpapi connection plugin, ansible.netcommon.netconf connection plugin, ansible.netcommon.network_cli connection plugin, ansible.netcommon.persistent connection plugin
- ANSIBLE_PFEXEC_EXE
Sudo executable
- ANSIBLE_PFEXEC_FLAGS
Options to pass to pfexec
- ANSIBLE_PFEXEC_PASS
pfexec password
- ANSIBLE_PFEXEC_USER
User you ‘become’ to execute the task
This plugin ignores this setting as pfexec uses it’s own
exec_attr
to figure this out, but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.
- ANSIBLE_PFEXEC_WRAP_EXECUTION
Toggle to wrap the command pfexec calls in ‘shell -c’ or not
- ANSIBLE_PKCS11_PROVIDER
PKCS11 SmartCard provider such as opensc, example: /usr/local/lib/opensc-pkcs11.so
Requires sshpass version 1.06+, sshpass must support the -P option.
- ANSIBLE_PLATFORM_TYPE
Set type of platform.
- ANSIBLE_PMRUN_EXE
Sudo executable
- ANSIBLE_PMRUN_FLAGS
Options to pass to pmrun
- ANSIBLE_PMRUN_PASS
pmrun password
- ANSIBLE_PODMAN_EXECUTABLE
Executable for podman command.
- ANSIBLE_PODMAN_EXTRA_ARGS
Extra arguments to pass to the podman command line.
- ANSIBLE_REDIS_HOST
location of Redis host
- ANSIBLE_REDIS_PORT
port on which Redis is listening on
- ANSIBLE_REDIS_SOCKET
path to socket on which to query Redis, this option overrides host and port options when set.
- ANSIBLE_REMOTE_PARAMIKO_PORT
Remote port to connect to.
- ANSIBLE_REMOTE_TEMP
Temporary directory to use on targets when executing tasks.
Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_REMOTE_TMP
Temporary directory to use on targets when executing tasks.
Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_ROOT_CERTIFICATES_FILE
The PEM encoded root certificate file used to create a SSL-enabled channel, if the value is None it reads the root certificates from a default location chosen by gRPC at runtime.
- ANSIBLE_RUNAS_FLAGS
Options to pass to runas, a space delimited list of k=v pairs
Used by: ansible.builtin.runas become plugin
- ANSIBLE_RUNAS_PASS
password
Used by: ansible.builtin.runas become plugin
- ANSIBLE_RUNAS_USER
User you ‘become’ to execute the task
Used by: ansible.builtin.runas become plugin
- ANSIBLE_SCP_EXECUTABLE
This defines the location of the scp binary. It defaults to
scp
which will use the first binary available in $PATH.
- ANSIBLE_SCP_EXTRA_ARGS
Extra exclusive to the
scp
CLI
- ANSIBLE_SCP_IF_SSH
Preferred method to use when transferring files over SSH.
When set to
smart
, Ansible will try them until one succeeds or they all fail.If set to
True
, it will force ‘scp’, ifFalse
it will use ‘sftp’.For OpenSSH >=9.0 you must add an additional option to enable scp (
scp_extra_args="-O"
)This setting will overridden by
ssh_transfer_method
if set.
- ANSIBLE_SELECTIVE_DONT_COLORIZE
This setting allows suppressing colorizing output.
- ANSIBLE_SESU_EXE
sesu executable
Used by: community.general.sesu become plugin
- ANSIBLE_SESU_FLAGS
Options to pass to sesu
Used by: community.general.sesu become plugin
- ANSIBLE_SESU_PASS
Password to pass to sesu
Used by: community.general.sesu become plugin
- ANSIBLE_SESU_USER
User you ‘become’ to execute the task
Used by: community.general.sesu become plugin
- ANSIBLE_SFTP_BATCH_MODE
TODO: write it
- ANSIBLE_SFTP_EXECUTABLE
This defines the location of the sftp binary. It defaults to
sftp
which will use the first binary available in $PATH.
- ANSIBLE_SFTP_EXTRA_ARGS
Extra exclusive to the
sftp
CLI
- ANSIBLE_SHELL_ALLOW_WORLD_READABLE_TEMP
This makes the temporary files created on the machine world-readable and will issue a warning instead of failing the task.
It is useful when becoming an unprivileged user.
Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_SHOW_PER_HOST_START
This adds output that shows when a task is started to execute for each host
Used by: ansible.builtin.default callback plugin, ansible.posix.debug callback plugin, ansible.posix.skippy callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_SHOW_TASK_PATH_ON_FAILURE
When a task fails, display the path to the file containing the failed task and the line number. This information is displayed automatically for every task when running with
-vv
or greater verbosity.Used by: ansible.builtin.default callback plugin, ansible.posix.debug callback plugin, ansible.posix.skippy callback plugin, community.general.counter_enabled callback plugin, community.general.default_without_diff callback plugin, community.general.dense callback plugin, community.general.diy callback plugin, community.general.unixy callback plugin, community.general.yaml callback plugin
- ANSIBLE_SOPS_AGE_KEY
One or more age private keys that can be used to decrypt encrypted files.
Will be set as the
SOPS_AGE_KEY
environment variable when calling SOPS.Requires SOPS 3.7.1+.
Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AGE_KEYFILE
The file containing the age private keys that SOPS can use to decrypt encrypted files.
Will be set as the
SOPS_AGE_KEY_FILE
environment variable when calling SOPS.By default, SOPS looks for
sops/age/keys.txt
inside your user configuration directory.Requires SOPS 3.7.0+.
Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_ACCESS_KEY_ID
The AWS access key ID to use for requests to AWS.
Sets the environment variable
AWS_ACCESS_KEY_ID
for the SOPS call.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_PROFILE
The AWS profile to use for requests to AWS.
This corresponds to the SOPS
--aws-profile
option.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_SECRET_ACCESS_KEY
The AWS secret access key to use for requests to AWS.
Sets the environment variable
AWS_SECRET_ACCESS_KEY
for the SOPS call.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_AWS_SESSION_TOKEN
The AWS session token to use for requests to AWS.
Sets the environment variable
AWS_SESSION_TOKEN
for the SOPS call.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_BINARY
Path to the SOPS binary.
By default uses
sops
.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_CONFIG_PATH
Path to the SOPS configuration file.
If not set, SOPS will recursively search for the config file starting at the file that is encrypted or decrypted.
This corresponds to the SOPS
--config
option.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_ENABLE_LOCAL_KEYSERVICE
Tell SOPS to use local key service.
This corresponds to the SOPS
--enable-local-keyservice
option.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SOPS_KEYSERVICE
Specify key services to use next to the local one.
A key service must be specified in the form
protocol://address
, for exampletcp://myserver.com:5000
.This corresponds to the SOPS
--keyservice
option.Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin
- ANSIBLE_SSH_ARGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin, ansible.netcommon.libssh connection plugin
- ANSIBLE_SSH_COMMON_ARGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin, ansible.netcommon.libssh connection plugin
- ANSIBLE_SSH_CONTROL_PATH
This is the location to save SSH’s ControlPath sockets, it uses SSH’s variable substitution.
Since 2.3, if null (default), ansible will generate a unique hash. Use ``%(directory)s`` to indicate where to use the control dir path setting.
Before 2.3 it defaulted to ``control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r``.
Be aware that this setting is ignored if
-o ControlPath
is set in ssh args.
- ANSIBLE_SSH_CONTROL_PATH_DIR
This sets the directory to use for ssh control path if the control path setting is null.
Also, provides the ``%(directory)s`` variable for the control path setting.
- ANSIBLE_SSH_EXECUTABLE
This defines the location of the SSH binary. It defaults to
ssh
which will use the first SSH binary available in $PATH.This option is usually not required, it might be useful when access to system SSH is restricted, or when using SSH wrappers to connect to remote hosts.
- ANSIBLE_SSH_EXTRA_ARGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin, ansible.netcommon.libssh connection plugin
- ANSIBLE_SSH_HOST_KEY_CHECKING
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin, ansible.netcommon.libssh connection plugin, ansible.netcommon.netconf connection plugin, ansible.netcommon.network_cli connection plugin
- ANSIBLE_SSH_PIPELINING
Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers.
This can result in a very significant performance improvement when enabled.
However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable ‘requiretty’ in the sudoers file for the target hosts, which is why this feature is disabled by default.
- ANSIBLE_SSH_RETRIES
Number of attempts to connect.
Ansible retries connections only if it gets an SSH error with a return code of 255.
Any errors with return codes other than 255 indicate an issue with program execution.
- ANSIBLE_SSH_TIMEOUT
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.paramiko_ssh connection plugin, ansible.builtin.ssh connection plugin
- ANSIBLE_SSH_TRANSFER_METHOD
Preferred method to use when transferring files over ssh
Setting to ‘smart’ (default) will try them in order, until one succeeds or they all fail
For OpenSSH >=9.0 you must add an additional option to enable scp (scp_extra_args=”-O”)
Using ‘piped’ creates an ssh pipe with
dd
on either side to copy the data
- ANSIBLE_SSH_USETTY
add -tt to ssh commands to force tty allocation.
- ANSIBLE_SSHPASS_PROMPT
Password prompt that sshpass should search for. Supported by sshpass 1.06 and up.
Defaults to
Enter PIN for
when pkcs11_provider is set.
- ANSIBLE_SU_EXE
Su executable
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_FLAGS
Options to pass to su
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_PASS
Password to pass to su
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_PROMPT_L10N
List of localized strings to match for prompt detection
If empty we’ll use the built in one
Do NOT add a colon (:) to your custom entries. Ansible adds a colon at the end of each prompt; if you add another one in your string, your prompt will fail with a “Timeout” error.
Used by: ansible.builtin.su become plugin
- ANSIBLE_SU_USER
User you ‘become’ to execute the task
Used by: ansible.builtin.su become plugin
- ANSIBLE_SUDO_EXE
Sudo executable
Used by: ansible.builtin.sudo become plugin, containers.podman.podman_unshare become plugin
- ANSIBLE_SUDO_FLAGS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.sudo become plugin, community.general.sudosu become plugin
- ANSIBLE_SUDO_PASS
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.sudo become plugin, community.general.sudosu become plugin, containers.podman.podman_unshare become plugin
- ANSIBLE_SUDO_USER
See the documentations for the options where this environment variable is used.
Used by: ansible.builtin.sudo become plugin, community.general.sudosu become plugin, containers.podman.podman_unshare become plugin
- ANSIBLE_SYSLOG_SETUP
Log setup tasks.
- ANSIBLE_SYSTEM_TMPDIRS
List of valid system temporary directories on the managed machine for Ansible to validate
remote_tmp
against, when specific permissions are needed. These must be world readable, writable, and executable. This list should only contain directories which the system administrator has pre-created with the proper ownership and permissions otherwise security issues can arise.When
remote_tmp
is required to be a system temp dir and it does not match any in the list, the first one from the list will be used instead.Used by: ansible.builtin.sh shell plugin, ansible.posix.csh shell plugin, ansible.posix.fish shell plugin
- ANSIBLE_VARS_PLUGIN_STAGE
Control when this vars plugin may be executed.
Setting this option to
all
will run the vars plugin after importing inventory and whenever it is demanded by a task.Setting this option to
task
will only run the vars plugin whenever it is demanded by a task.Setting this option to
inventory
will only run the vars plugin after parsing inventory.If this option is omitted, the global
RUN_VARS_PLUGINS
configuration is used to determine when to execute the vars plugin.
- ANSIBLE_VARS_SOPS_PLUGIN_CACHE
Whether to cache decrypted files or not.
If the cache is disabled, the files will be decrypted for almost every task. This is very slow!
Only disable caching if you modify the variable files during a playbook run and want the updated result to be available from the next task on.
Note that setting
stage=inventory
has the same effect as settingcache=true
: the variables will be loaded only once (during inventory loading) and the vars plugin will not be called for every task.Used by: community.sops.sops vars plugin
- ANSIBLE_VARS_SOPS_PLUGIN_HANDLE_UNENCRYPTED_FILES
How to handle files that match the extensions in
valid_extensions
that are not SOPS encrypted.The default value
error
will produce an error.The value
skip
will simply skip these files. This requires SOPS 3.9.0 or later.The value
warn
will skip these files and emit a warning. This requires SOPS 3.9.0 or later.Note that this will not help if the store SOPS uses cannot parse the file, for example because it is no valid JSON/YAML/… file despite its file extension. For extensions other than the default ones SOPS uses the binary store, which tries to parse the file as JSON.
Used by: community.sops.sops vars plugin
- ANSIBLE_VARS_SOPS_PLUGIN_STAGE
Control when this vars plugin may be executed.
Setting this option to
all
will run the vars plugin after importing inventory and whenever it is demanded by a task.Setting this option to
task
will only run the vars plugin whenever it is demanded by a task.Setting this option to
inventory
will only run the vars plugin after parsing inventory.If this option is omitted, the global
RUN_VARS_PLUGINS
configuration is used to determine when to execute the vars plugin.Used by: community.sops.sops vars plugin
- ANSIBLE_VARS_SOPS_PLUGIN_VALID_EXTENSIONS
Check all of these extensions when looking for ‘variable’ files.
These files must be SOPS encrypted YAML or JSON files.
By default the plugin will produce errors when encountering files matching these extensions that are not SOPS encrypted. This behavior can be controlled with the
handle_unencrypted_files
option.Used by: community.sops.sops vars plugin
- ANSIBLE_XO_HOST
API host to XOA API.
If the value is not specified in the inventory configuration, the value of environment variable
ANSIBLE_XO_HOST
will be used instead.
- ANSIBLE_XO_PASSWORD
Xen Orchestra password.
If the value is not specified in the inventory configuration, the value of environment variable
ANSIBLE_XO_PASSWORD
will be used instead.
- ANSIBLE_XO_USER
Xen Orchestra user.
If the value is not specified in the inventory configuration, the value of environment variable
ANSIBLE_XO_USER
will be used instead.
- ANSIBLE_ZABBIX_AUTH_KEY
Specifies API authentication key
- ANSIBLE_ZABBIX_URL_PATH
Specifies path portion in Zabbix WebUI URL, e.g. for https://myzabbixfarm.com/zabbixeu zabbix_url_path=zabbixeu.
If Zabbix WebUI is running at the root, i.e. https://myzabbixfarm.com/, then assign empty string to this variable
zabbix_url_path: ''
.
- AWS_ACCESS_KEY
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_ACCESS_KEY_ID
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.aws.aws_ssm connection plugin, community.general.credstash lookup plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_DEFAULT_PROFILE
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_DEFAULT_REGION
The region the EC2 instance is located.
- AWS_PROFILE
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.aws.aws_ssm connection plugin, community.general.credstash lookup plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_REGION
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.aws.aws_ssm connection plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_SECRET_ACCESS_KEY
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.aws.aws_ssm connection plugin, community.general.credstash lookup plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_SECRET_KEY
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_SECURITY_TOKEN
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_SESSION_TOKEN
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.aws.aws_ssm connection plugin, community.general.credstash lookup plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- AWS_URL
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS.
The endpoint alias has been deprecated and will be removed in a release after 2024-12-01.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin
- BWS_ACCESS_TOKEN
The BWS access token to use for this lookup.
Used by: community.general.bitwarden_secrets_manager lookup plugin
- CGROUP_CONTROL_GROUP
Name of cgroups control group
- CGROUP_CPU_POLL_INTERVAL
Interval between CPU polling for determining CPU usage. A lower value may produce inaccurate results, a higher value may not be short enough to collect results for short tasks.
- CGROUP_CUR_MEM_FILE
Path to
memory.usage_in_bytes
file. Example/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes
.Used by: community.general.cgroup_memory_recap callback plugin
- CGROUP_DISPLAY_RECAP
Controls whether the recap is printed at the end, useful if you will automatically process the output files
- CGROUP_FILE_NAME_FORMAT
Format of filename. Accepts
%(counter
s),%(task_uuid
s),%(feature
s),%(ext
s). Defaults to%(feature
s.%(ext)s) whenfile_per_task
isFalse
and%(counter
s-%(task_uuid)s-%(feature)s.%(ext)s) whenTrue
- CGROUP_FILE_PER_TASK
When set as
True
along withwrite_files
, this callback will write 1 file per task instead of 1 file for the entire playbook run
- CGROUP_MAX_MEM_FILE
Path to cgroups
memory.max_usage_in_bytes
file. Example/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes
.Used by: community.general.cgroup_memory_recap callback plugin
- CGROUP_MEMORY_POLL_INTERVAL
Interval between memory polling for determining memory usage. A lower value may produce inaccurate results, a higher value may not be short enough to collect results for short tasks.
- CGROUP_OUTPUT_DIR
Output directory for files containing recorded performance readings. If the value contains a single %s, the start time of the playbook run will be inserted in that space. Only the deepest level directory will be created if it does not exist, parent directories will not be created.
- CGROUP_OUTPUT_FORMAT
Output format, either CSV or JSON-seq
- CGROUP_PID_POLL_INTERVAL
Interval between PID polling for determining PID count. A lower value may produce inaccurate results, a higher value may not be short enough to collect results for short tasks.
- CGROUP_WRITE_FILES
Dictates whether files will be written containing performance readings
- CLOUDSTACK_ENDPOINT
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the
CLOUDSTACK_ENDPOINT
env variable is considered.
- CLOUDSTACK_KEY
API key of the CloudStack API.
If not given, the
CLOUDSTACK_KEY
env variable is considered.
- CLOUDSTACK_METHOD
HTTP method used to query the API endpoint.
If not given, the
CLOUDSTACK_METHOD
env variable is considered.
- CLOUDSTACK_SECRET
Secret key of the CloudStack API.
If not set, the
CLOUDSTACK_SECRET
env variable is considered.
- CLOUDSTACK_TIMEOUT
HTTP timeout in seconds.
If not given, the
CLOUDSTACK_TIMEOUT
env variable is considered.
- CLOUDSTACK_VERIFY
Verify CA authority cert file.
If not given, the
CLOUDSTACK_VERIFY
env variable is considered.
- COBBLER_PASSWORD
Cobbler authentication password.
- COBBLER_SERVER
URL to cobbler.
- COBBLER_USER
Cobbler authentication user.
- CONJUR_ACCOUNT
Conjur account
- CONJUR_APPLIANCE_URL
Conjur appliance url
- CONJUR_AUTHN_API_KEY
Conjur authn api key
- CONJUR_AUTHN_LOGIN
Conjur authn login
- CONJUR_AUTHN_TOKEN_FILE
Path to the access token file
- CONJUR_CERT_FILE
Path to the Conjur cert file
- CONJUR_CONFIG_FILE
Path to the Conjur configuration file. The configuration file is a YAML file.
- CONJUR_IDENTITY_FILE
Path to the Conjur identity file. The identity file follows the netrc file format convention.
- CONTROLLER_HOST
The network address of your Automation Platform Controller host.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- CONTROLLER_INVENTORY
The ID of the inventory that you wish to import.
This is allowed to be either the inventory primary key or its named URL slug.
Primary key values will be accepted as strings or integers, and URL slugs must be strings.
Named URL slugs follow the syntax of “inventory_name++organization_name”.
Used by: awx.awx.controller inventory plugin
- CONTROLLER_OAUTH_TOKEN
The OAuth token to use.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- CONTROLLER_PASSWORD
The password for your controller user.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- CONTROLLER_REQUEST_TIMEOUT
Specify the timeout Ansible should use in requests to the controller host.
Defaults to 10 seconds
This will not work with the export or import modules.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- CONTROLLER_USERNAME
The user that you plan to use to access inventories on the controller.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- CONTROLLER_VERIFY_SSL
Specify whether Ansible should verify the SSL certificate of the controller host.
Defaults to True, but this is handled by the shared module_utils code
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- DSV_CLIENT_ID
The client_id with which to request the Access Grant.
Used by: community.general.dsv lookup plugin
- DSV_CLIENT_SECRET
The client secret associated with the specific
client_id
.Used by: community.general.dsv lookup plugin
- DSV_TENANT
The first format parameter in the default
url_template
.Used by: community.general.dsv lookup plugin
- DSV_TLD
The top-level domain of the tenant; the second format parameter in the default
url_template
.Used by: community.general.dsv lookup plugin
- DSV_URL_TEMPLATE
The path to prepend to the base URL to form a valid REST API request.
Used by: community.general.dsv lookup plugin
- EC2_ACCESS_KEY
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- EC2_REGION
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- EC2_SECRET_KEY
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- EC2_SECURITY_TOKEN
See the documentations for the options where this environment variable is used.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin, community.hashi_vault.hashi_vault lookup plugin, community.hashi_vault.vault_kv1_get lookup plugin, community.hashi_vault.vault_kv2_get lookup plugin, community.hashi_vault.vault_list lookup plugin, community.hashi_vault.vault_login lookup plugin, community.hashi_vault.vault_read lookup plugin, community.hashi_vault.vault_token_create lookup plugin, community.hashi_vault.vault_write lookup plugin
- EC2_URL
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS.
The endpoint alias has been deprecated and will be removed in a release after 2024-12-01.
Used by: amazon.aws.aws_account_attribute lookup plugin, amazon.aws.aws_ec2 inventory plugin, amazon.aws.aws_rds inventory plugin, amazon.aws.secretsmanager_secret lookup plugin, amazon.aws.ssm_parameter lookup plugin, community.aws.aws_mq inventory plugin
- ELASTIC_APM_API_KEY
Use the APM API key
- ELASTIC_APM_SECRET_TOKEN
Use the APM server token
- ELASTIC_APM_SERVER_URL
Use the APM server and its environment variables.
- ELASTIC_APM_SERVICE_NAME
The service name resource attribute.
- ELASTIC_APM_VERIFY_SERVER_CERT
Verifies the SSL certificate if an HTTPS connection.
- ETCDCTL_CACERT
etcd3 CA authority.
- ETCDCTL_CERT
etcd3 client certificate.
- ETCDCTL_DIAL_TIMEOUT
Client timeout.
- ETCDCTL_ENDPOINTS
Counterpart of
ETCDCTL_ENDPOINTS
environment variable. Specify the etcd3 connection with and URL form, for examplehttps://hostname:2379
, or<host>:<port>
form.The
host
part is overwritten byhost
option, if defined.The
port
part is overwritten byport
option, if defined.
- ETCDCTL_KEY
etcd3 client private key.
- ETCDCTL_PASSWORD
Authenticated user password.
- ETCDCTL_USER
Authenticated user name.
- FOREMAN_CALLBACK_DISABLE
Toggle to make the callback plugin disable itself even if it is loaded.
It can be set to ‘1’ to prevent the plugin from being used even if it gets loaded.
- FOREMAN_DIR_STORE
When set, callback does not perform HTTP calls but stores results in a given directory.
For each report, new file in the form of SEQ_NO-hostname.json is created.
For each facts, new file in the form of SEQ_NO-hostname.json is created.
The value must be a valid directory.
This is meant for debugging and testing purposes.
When set to blank (default) this functionality is turned off.
- FOREMAN_PASSWORD
Password of the user accessing the Foreman server.
- FOREMAN_PROXY_URL
URL of the Foreman Smart Proxy server.
- FOREMAN_REPORT_TYPE
endpoint type for reports: foreman or proxy
- FOREMAN_SERVER
URL of the Foreman server.
Used by: theforeman.foreman.foreman callback plugin, theforeman.foreman.foreman inventory plugin
- FOREMAN_SERVER_URL
URL of the Foreman server.
Used by: theforeman.foreman.foreman callback plugin, theforeman.foreman.foreman inventory plugin
- FOREMAN_SSL_CERT
X509 certificate to authenticate to Foreman if https is used
- FOREMAN_SSL_KEY
the corresponding private key
- FOREMAN_SSL_VERIFY
Toggle to decide whether to verify the Foreman certificate.
It can be set to ‘1’ to verify SSL certificates using the installed CAs or to a path pointing to a CA bundle.
Set to ‘0’ to disable certificate checking.
- FOREMAN_URL
URL of the Foreman server.
Used by: theforeman.foreman.foreman callback plugin, theforeman.foreman.foreman inventory plugin
- FOREMAN_USER
Username accessing the Foreman server.
- FOREMAN_USERNAME
Username accessing the Foreman server.
- FOREMAN_VALIDATE_CERTS
Whether or not to verify the TLS certificates of the Foreman server.
- GCE_CREDENTIALS_FILE_PATH
The path of a Service Account JSON file if serviceaccount is selected as type.
- GCP_ACCESS_TOKEN
An OAuth2 access token if credential type is accesstoken.
- GCP_AUTH_KIND
The type of credential used.
- GCP_SCOPES
list of authentication scopes
- GCP_SERVICE_ACCOUNT_CONTENTS
A string representing the contents of a Service Account JSON file. This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON).
- GCP_SERVICE_ACCOUNT_EMAIL
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
- GCP_SERVICE_ACCOUNT_FILE
The path of a Service Account JSON file if serviceaccount is selected as type.
- GITLAB_API_TOKEN
GitLab token for logging in.
- GITLAB_FILTER
filter runners from GitLab API
- GITLAB_SERVER_URL
The URL of the GitLab server, with protocol (i.e. http or https).
- GRAFANA_API_KEY
See the documentations for the options where this environment variable is used.
Used by: community.grafana.grafana_annotations callback plugin, community.grafana.grafana_dashboard lookup plugin
- GRAFANA_DASHBOARD_ID
The grafana dashboard id where the annotation shall be created.
Used by: community.grafana.grafana_annotations callback plugin
- GRAFANA_DASHBOARD_SEARCH
optional filter for dashboard search.
- GRAFANA_ORG_ID
grafana organisation id.
- GRAFANA_PANEL_IDS
The grafana panel ids where the annotation shall be created. Give a single integer or a comma-separated list of integers.
Used by: community.grafana.grafana_annotations callback plugin
- GRAFANA_PASSWORD
See the documentations for the options where this environment variable is used.
Used by: community.grafana.grafana_annotations callback plugin, community.grafana.grafana_dashboard lookup plugin
- GRAFANA_URL
See the documentations for the options where this environment variable is used.
Used by: community.grafana.grafana_annotations callback plugin, community.grafana.grafana_dashboard lookup plugin
- GRAFANA_USER
See the documentations for the options where this environment variable is used.
Used by: community.grafana.grafana_annotations callback plugin, community.grafana.grafana_dashboard lookup plugin
- GRAFANA_VALIDATE_CERT
validate the SSL certificate of the Grafana server. (For HTTPS url)
Used by: community.grafana.grafana_annotations callback plugin
- HCLOUD_ENDPOINT
The API Endpoint for the Hetzner Cloud.
- HCLOUD_TOKEN
The API Token for the Hetzner Cloud.
- HETZNER_DNS_TOKEN
The token for the Hetzner API.
If not provided, will be read from the environment variable
HETZNER_DNS_TOKEN
.
- HIPCHAT_API_VERSION
HipChat API version, v1 or v2.
- HIPCHAT_FROM
Name to post as
- HIPCHAT_NOTIFY
Add notify flag to important messages
- HIPCHAT_ROOM
HipChat room to post in.
- HIPCHAT_TOKEN
HipChat API token for v1 or v2 API.
- HROBOT_API_PASSWORD
The password for the Robot webservice user.
- HROBOT_API_USER
The username for the Robot webservice user.
- HTTP_AGENT
The HTTP ‘User-agent’ value to set in HTTP requets.
Used by: community.grafana.grafana_annotations callback plugin
- INFOBLOX_HOST
Specifies the DNS host name or address for connecting to the remote instance of NIOS WAPI over REST.
Value can also be specified using
INFOBLOX_HOST
environment variable.Used by: infoblox.nios_modules.nios_inventory inventory plugin
- INFOBLOX_PASSWORD
Specifies the password to use to authenticate the connection to the remote instance of NIOS.
Value can also be specified using
INFOBLOX_PASSWORD
environment variable.Used by: infoblox.nios_modules.nios_inventory inventory plugin
- INFOBLOX_USERNAME
Configures the username to use to authenticate the connection to the remote instance of NIOS.
Value can also be specified using
INFOBLOX_USERNAME
environment variable.Used by: infoblox.nios_modules.nios_inventory inventory plugin
- JABBER_PASS
Password for the user to the jabber server
- JABBER_SERV
connection info to jabber server
- JABBER_TO
chat identifier that will receive the message
- JABBER_USER
Jabber user to authenticate as
- JUNIT_FAIL_ON_CHANGE
Consider any tasks reporting “changed” as a junit test failure
- JUNIT_FAIL_ON_IGNORE
Consider failed tasks as a junit test failure even if ignore_on_error is set
- JUNIT_HIDE_TASK_ARGUMENTS
Hide the arguments for a task
- JUNIT_INCLUDE_SETUP_TASKS_IN_REPORT
Should the setup tasks be included in the final report
- JUNIT_OUTPUT_DIR
Directory to write XML files to.
- JUNIT_REPLACE_OUT_OF_TREE_PATH
Replace the directory portion of an out-of-tree relative task path with the given placeholder
- JUNIT_TASK_CLASS
Configure the output to be one class per yaml file
- JUNIT_TASK_RELATIVE_PATH
Configure the output to use relative paths to given directory
- JUNIT_TEST_CASE_PREFIX
Consider a task only as test case if it has this value as prefix. Additionally failing tasks are recorded as failed test cases.
- K8S_AUTH_API_KEY
See the documentations for the options where this environment variable is used.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_CERT_FILE
Path to a certificate used to authenticate with the API.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_CONTAINER
See the documentations for the options where this environment variable is used.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_CONTEXT
The name of a context found in the K8s config file.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_EXTRA_ARGS
See the documentations for the options where this environment variable is used.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_HOST
URL for accessing the API.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_KEY_FILE
Path to a key file used to authenticate with the API.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_KUBECONFIG
See the documentations for the options where this environment variable is used.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_NAMESPACE
The namespace of the pod
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_PASSWORD
Provide a password for authenticating with the API.
Please be aware that this passes information directly on the command line and it could expose sensitive data. We recommend using the file based authentication options instead.
- K8S_AUTH_POD
See the documentations for the options where this environment variable is used.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_SERVER
URL for accessing the API.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_SSL_CA_CERT
Path to a CA certificate used to authenticate with the API.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_TOKEN
See the documentations for the options where this environment variable is used.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- K8S_AUTH_USERNAME
Provide a username for authenticating with the API.
- K8S_AUTH_VERIFY_SSL
Whether or not to verify the API server’s SSL certificate. Defaults to true.
Used by: community.okd.oc connection plugin, kubernetes.core.kubectl connection plugin
- LINODE_ACCESS_TOKEN
The Linode account personal access token.
- LOGDNA_HOSTNAME
Alternative Host Name; the current host name by default.
- LOGDNA_INGESTION_KEY
LogDNA Ingestion Key.
- LOGDNA_TAGS
Tags.
- LOGENTRIES_ANSIBLE_TOKEN
The logentries
TCP token
.
- LOGENTRIES_API
URI to the Logentries API.
- LOGENTRIES_FLATTEN
Flatten complex data structures into a single dictionary with complex keys.
- LOGENTRIES_PORT
HTTP port to use when connecting to the API.
- LOGENTRIES_TLS_PORT
Port to use when connecting to the API when TLS is enabled.
- LOGENTRIES_USE_TLS
Toggle to decide whether to use TLS to encrypt the communications with the API server.
- LOGSTASH_FORMAT_VERSION
Logging format.
- LOGSTASH_PORT
Port on which logstash is listening.
- LOGSTASH_PRE_COMMAND
Executes command before run and its result is added to the
ansible_pre_command_output
logstash field.
- LOGSTASH_SERVER
Address of the Logstash server.
- LOGSTASH_TYPE
Message type.
- MANIFOLD_API_TOKEN
manifold API token
- MICROSOFT_AD_LDAP_AUTH_PROTOCOL
The authentication protocol to use when connecting to the LDAP host.
Defaults to
certificate
if LDAPS/StartTLS is used and certificate has been specified. Otherwise it defaults tonegotiate
.simple
is simple authentication where the user and password are sent in plaintext. It does not support any encryption so either must be used with LDAPS, or StartTLS. If using over a plaintext LDAP connection without TLS,encrypt=False
must be specified to explicitly opt into no encryption.certificate
is TLS client certificate authentication. It can only be used with LDAPS or StartTLS. See certificate for more information on how to specify the client certificate used for authentication.negotiate
will attempt to negotiate Kerberos authentication with a fallback to NTLM. If Kerberos is available the Kerberos credential cache can be used if no username or password is specified.kerberos
will use Kerberos authentication with no NTLM fallback.ntlm
will use NTLM authentication with no Kerberos attempt.negotiate
,kerberos
, andntlm
support encryption over LDAP.Kerberos support requires the
pyspnego[kerberos]
extras to be installed.See LDAP authentication for more information.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CA_CERT
Can be the path to a CA certificate PEM or DER file, directory of PEM certificates, or the CA certificate PEM string that is used for certificate validation.
If omitted, the default CA store used for validation is dependent on the current Python settings.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERT_VALIDATION
The certificate validation behaviour when using a TLS connection.
This can be set to
always
,ignore
,ignore_hostname
.always
will perform certificate hostname and CA validation.ignore
will ignore any certificate errors.ignore_hostname
will validate the CA trust chain but will ignore any hostname checks performed by TLS.See Certificate validation for more information.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERTIFICATE
The certificate or certificate with key bundle that is used for certificate authentication.
The value can either be a path to a file containing the certificate or string of the PEM encoded certificate.
If using a path to a certificate file, the file can be a PEM encoded certificate, a PEM encoded certificate and key bundle, a DER encoded certificate, or a PFX/PKCS12 encoded certificate and key bundle.
Use certificate_key if the certificate specified does not contain the key.
Use certificate_password if the key is encrypted with a password.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERTIFICATE_KEY
The certificate key that is used for certificate authentication.
The value can either be a path to a file containing the key in the PEM or DER encoded form, or it can be the string of a PEM encoded key.
Use certificate_password if the key is encrypted with a password.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CERTIFICATE_PASSWORD
The password used to decrypt the certificate key specified by certificate or certificate_key.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_CONNECTION_TIMEOUT
The timeout in seconds to wait until the connection is established before failing.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_ENCRYPT
Whether encryption is required for the connection.
Encryption can either be performed using the authentication protocol or through TLS.
The auth_protocol
negotiate
,kerberos
, andntlm
all support encryption over LDAP whereassimple
does not.If using
auth_protocol=simple
over LDAP without TLS then this must be set toFalse
. As no encryption is used, all traffic will be in plaintext and should be avoided.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_PASSWORD
The password to authenticate with.
If auth_protocol is
simple
and no password is specified, the bind will be performed as an unauthenticated bind.If auth_protocol is
negotiate
,kerberos
, orntlm
and no password is specified, it will attempt to use the local cached credential specified by username if available.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_PORT
The LDAP port to use for the connection.
Port 389 is used for LDAP and port 686 is used for LDAPS.
Defaults to port
636
iftls_mode=ldaps
otherwise389
.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_SERVER
The domain controller/server to connect to.
If not specified the server will be derived from the current krb5.conf
default_realm
setting and with an SRV DNS lookup.See Server lookup for more information.
This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_TLS_MODE
The TLS operation to use.
If an explicit port is set to
636
then this defaults toldaps
.ldaps
will connect over LDAPS (port 636).start_tls
will connect over LDAP (port 389) and perform the StartTLS operation before the authentication bind.It is recommended to use
ldaps
overstart_tls
if TLS is going to be used.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- MICROSOFT_AD_LDAP_USERNAME
The username to authenticate with.
If auth_protocol is
simple
and no username is specified, anonymous authentication is used.If auth_protocol is
negotiate
,kerberos
, orntlm
and no username is specified, it will attempt to use the local cached credential if available, for example one retrieved bykinit
.This option can be set using a Jinja2 template value.
Used by: microsoft.ad.ldap inventory plugin
- NETBOX_API
See the documentations for the options where this environment variable is used.
Used by: netbox.netbox.nb_inventory inventory plugin, netbox.netbox.nb_lookup lookup plugin
- NETBOX_API_KEY
NetBox API token to be able to read against NetBox.
This may not be required depending on the NetBox setup.
You can provide a “type” and “value” for a token if your NetBox deployment is using a more advanced authentication like OAUTH.
If you do not provide a “type” and “value” parameter, the HTTP authorization header will be set to “Token”, which is the NetBox default
- NETBOX_API_TOKEN
The API token created through NetBox
This may not be required depending on the NetBox setup.
- NETBOX_TOKEN
See the documentations for the options where this environment variable is used.
Used by: netbox.netbox.nb_inventory inventory plugin, netbox.netbox.nb_lookup lookup plugin
- NETBOX_URL
The URL to the NetBox instance to query
- NRDP_HOSTNAME
Hostname where the passive check is linked to.
- NRDP_SERVICENAME
Service where the passive check is linked to.
- NRDP_TOKEN
Token to be allowed to push nrdp events.
- NRDP_URL
URL of the nrdp server.
- NRDP_VALIDATE_CERTS
Validate the SSL certificate of the nrdp server. (Used for HTTPS URLs.)
- OME_HOSTNAME
OpenManage Enterprise or OpenManage Enterprise Modular IP address or hostname.
If the value is not specified in the task, the value of environment variable
OME_HOSTNAME
will be used instead.
- OME_PASSWORD
OpenManage Enterprise or OpenManage Enterprise Modular password.
If the value is not specified in the task, the value of environment variable
OME_PASSWORD
will be used instead.
- OME_USERNAME
OpenManage Enterprise or OpenManage Enterprise Modular username.
If the value is not specified in the task, the value of environment variable
OME_USERNAME
will be used instead.
- ONE_AUTH
If both
api_username
orapi_password
are not set, then it will try authenticate with ONE auth file. Default path is~/.one/one_auth
.Set environment variable
ONE_AUTH
to override this path.
- ONE_PASSWORD
Password or a token of the user to login into OpenNebula RPC server.
If not set, the value of the
ONE_PASSWORD
environment variable is used.
- ONE_URL
URL of the OpenNebula RPC server.
It is recommended to use HTTPS so that the username/password are not transferred over the network unencrypted.
If not set then the value of the
ONE_URL
environment variable is used.
- ONE_USERNAME
Name of the user to login into the OpenNebula RPC server. If not set then the value of the
ONE_USERNAME
environment variable is used.
- ONLINE_API_KEY
Online OAuth token.
- ONLINE_OAUTH_TOKEN
Online OAuth token.
- ONLINE_TOKEN
Online OAuth token.
- OP_CONNECT_HOST
The host for 1Password Connect. Must be used in combination with
connect_token
.Used by: community.general.onepassword lookup plugin, community.general.onepassword_doc lookup plugin, community.general.onepassword_raw lookup plugin
- OP_CONNECT_TOKEN
The token for 1Password Connect. Must be used in combination with
connect_host
.Used by: community.general.onepassword lookup plugin, community.general.onepassword_doc lookup plugin, community.general.onepassword_raw lookup plugin
- OP_SERVICE_ACCOUNT_TOKEN
The access key for a service account.
Only works with 1Password CLI version 2 or later.
Used by: community.general.onepassword lookup plugin, community.general.onepassword_doc lookup plugin, community.general.onepassword_raw lookup plugin
- OS_CLIENT_CONFIG_FILE
Override path to
clouds.yaml
file.If this value is given it will be searched first.
Search paths for cloud credentials are complemented with files
/etc/ansible/openstack.{yaml,yml}
.Default search paths are documented in https://docs.openstack.org/os-client-config/latest/user/configuration.html#config-files.
- OTEL_SERVICE_NAME
The service name resource attribute.
- OVIRT_PASSWORD
ovirt authentication password.
Used by: ovirt.ovirt.ovirt inventory plugin
- OVIRT_URL
URL to ovirt-engine API.
Used by: ovirt.ovirt.ovirt inventory plugin
- OVIRT_USERNAME
ovirt authentication user.
Used by: ovirt.ovirt.ovirt inventory plugin
- PASSWORD_STORE_DIR
The directory of the password store.
If
backend=pass
, the default is~/.password-store
is used.If
backend=gopass
, then the default is thepath
field in~/.config/gopass/config.yml
, falling back to~/.local/share/gopass/stores/root
ifpath
is not defined in the gopass config.
- PASSWORD_STORE_UMASK
Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
Note pass’ default value is
'077'
.
- PROFILE_ROLES_SUMMARY_ONLY
Only show summary, not individual task profiles. Especially usefull in combination with
DISPLAY_SKIPPED_HOSTS=false
and/orANSIBLE_DISPLAY_OK_HOSTS=false
.
- PROFILE_TASKS_SORT_ORDER
Adjust the sorting output of summary tasks
- PROFILE_TASKS_SUMMARY_ONLY
Only show summary, not individual task profiles. Especially usefull in combination with
DISPLAY_SKIPPED_HOSTS=false
and/orANSIBLE_DISPLAY_OK_HOSTS=false
.
- PROFILE_TASKS_TASK_OUTPUT_LIMIT
Number of tasks to display in the summary
- PROXMOX_PASSWORD
Proxmox authentication password.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_PASSWORD
will be used instead.Since community.general 4.7.0 you can also use templating to specify the value of the
password
.If you do not specify a password, you must set
token_id
andtoken_secret
instead.
- PROXMOX_TOKEN_ID
Proxmox authentication token ID.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_TOKEN_ID
will be used instead.To use token authentication, you must also specify
token_secret
. If you do not specifytoken_id
andtoken_secret
, you must set a password instead.Make sure to grant explicit pve permissions to the token or disable ‘privilege separation’ to use the users’ privileges instead.
- PROXMOX_TOKEN_SECRET
Proxmox authentication token secret.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_TOKEN_SECRET
will be used instead.To use token authentication, you must also specify
token_id
. If you do not specifytoken_id
andtoken_secret
, you must set a password instead.
- PROXMOX_URL
URL to Proxmox cluster.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_URL
will be used instead.Since community.general 4.7.0 you can also use templating to specify the value of the
url
.
- PROXMOX_USER
Proxmox authentication user.
If the value is not specified in the inventory configuration, the value of environment variable
PROXMOX_USER
will be used instead.Since community.general 4.7.0 you can also use templating to specify the value of the
user
.
- SCW_API_KEY
Scaleway OAuth token.
If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (
$SCW_CONFIG_PATH
,$XDG_CONFIG_HOME/scw/config.yaml
, or~/.config/scw/config.yaml
).More details on how to generate token.
- SCW_OAUTH_TOKEN
Scaleway OAuth token.
If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (
$SCW_CONFIG_PATH
,$XDG_CONFIG_HOME/scw/config.yaml
, or~/.config/scw/config.yaml
).More details on how to generate token.
- SCW_TOKEN
Scaleway OAuth token.
If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (
$SCW_CONFIG_PATH
,$XDG_CONFIG_HOME/scw/config.yaml
, or~/.config/scw/config.yaml
).More details on how to generate token.
- SLACK_CHANNEL
Slack room to post in.
- SLACK_USERNAME
Username to post as.
- SLACK_VALIDATE_CERTS
Validate the SSL certificate of the Slack server for HTTPS URLs.
- SLACK_WEBHOOK_URL
Slack Webhook URL.
- SMTPHOST
Mail Transfer Agent, server that accepts SMTP.
- SOPS_ANSIBLE_AWX_DISABLE_VARS_PLUGIN_TEMPORARILY
Temporarily disable this plugin.
Useful if ansible-inventory is supposed to be run without decrypting secrets (in AWX for instance).
Used by: community.sops.sops vars plugin
- SPLUNK_AUTHTOKEN
Token to authenticate the connection to the Splunk HTTP collector.
- SPLUNK_BATCH
Correlation ID which can be set across multiple playbook executions.
- SPLUNK_INCLUDE_MILLISECONDS
Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk HTTP collector.
- SPLUNK_URL
URL to the Splunk HTTP collector source.
- SPLUNK_VALIDATE_CERTS
Whether to validate certificates for connections to HEC. It is not recommended to set to
false
except when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it tofalse
allows man-in-the-middle attacks!
- SUMOLOGIC_URL
URL to the Sumologic HTTP collector source.
- SYSLOG_FACILITY
Syslog facility to log as.
- SYSLOG_PORT
Port on which the syslog server is listening.
- SYSLOG_SERVER
Syslog server that will receive the event.
- TOWER_HOST
The network address of your Automation Platform Controller host.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- TOWER_OAUTH_TOKEN
The OAuth token to use.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- TOWER_PASSWORD
The password for your controller user.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- TOWER_USERNAME
The user that you plan to use to access inventories on the controller.
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- TOWER_VERIFY_SSL
Specify whether Ansible should verify the SSL certificate of the controller host.
Defaults to True, but this is handled by the shared module_utils code
Used by: awx.awx.controller inventory plugin, awx.awx.controller_api lookup plugin
- TRACEPARENT
The W3C Trace Context header traceparent.
Used by: community.general.elastic callback plugin, community.general.opentelemetry callback plugin
- TSS_API_PATH_URI
The path to append to the base URL to form a valid REST API request.
Used by: community.general.tss lookup plugin
- TSS_BASE_URL
The base URL of the server, for example
https://localhost/SecretServer
.Used by: community.general.tss lookup plugin
- TSS_DOMAIN
The domain with which to request the OAuth2 Access Grant.
Optional when
token
is not provided.Requires
python-tss-sdk
version 1.0.0 or greater.Used by: community.general.tss lookup plugin
- TSS_PASSWORD
The password associated with the supplied username.
Required when
token
is not provided.Used by: community.general.tss lookup plugin
- TSS_TOKEN
Existing token for Thycotic authorizer.
If provided,
username
andpassword
are not needed.Requires
python-tss-sdk
version 1.0.0 or greater.Used by: community.general.tss lookup plugin
- TSS_TOKEN_PATH_URI
The path to append to the base URL to form a valid OAuth2 Access Grant request.
Used by: community.general.tss lookup plugin
- TSS_USERNAME
The username with which to request the OAuth2 Access Grant.
Used by: community.general.tss lookup plugin
- VI_PASSWORD
Password for the connection.
- VI_PORTNUMBER
Port for the connection.
- VI_SERVER
FQDN or IP Address for the connection (vCenter or ESXi Host).
- VI_USERNAME
Username for the connection.
Requires the following permissions on the VM: - VirtualMachine.GuestOperations.Execute - VirtualMachine.GuestOperations.Modify - VirtualMachine.GuestOperations.Query
- VMWARE_HOST
See the documentations for the options where this environment variable is used.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_tools connection plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_PASSWORD
See the documentations for the options where this environment variable is used.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_tools connection plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_PORT
See the documentations for the options where this environment variable is used.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_tools connection plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_PROXY_HOST
Address of a proxy that will receive all HTTPS requests and relay them.
The format is a hostname or a IP.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_PROXY_PORT
Port of the HTTP proxy that will receive all HTTPS requests and relay them.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_SERVER
Name of vCenter or ESXi server.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_USER
See the documentations for the options where this environment variable is used.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_tools connection plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_USERNAME
Name of vSphere user.
Accepts vault encrypted variable.
Accepts Jinja to template the value
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_vm_inventory inventory plugin
- VMWARE_VALIDATE_CERTS
See the documentations for the options where this environment variable is used.
Used by: community.vmware.vmware_host_inventory inventory plugin, community.vmware.vmware_tools connection plugin, community.vmware.vmware_vm_inventory inventory plugin
- VULTR_API_ENDPOINT
URL to API endpint (without trailing slash).
Fallback environment variable
VULTR_API_ENDPOINT
.Used by: vultr.cloud.vultr inventory plugin
- VULTR_API_KEY
API key of the Vultr API.
Fallback environment variable
VULTR_API_KEY
.Used by: vultr.cloud.vultr inventory plugin
- VULTR_API_RESULTS_PER_PAGE
When receiving large numbers of instances, specify how many instances should be returned per call to API.
This does not determine how many results are returned; all instances are returned according to other filters.
Vultr API maximum is 500.
Fallback environment variable
VULTR_API_RESULTS_PER_PAGE
.Used by: vultr.cloud.vultr inventory plugin
- VULTR_API_TIMEOUT
HTTP timeout to Vultr API.
Fallback environment variable
VULTR_API_TIMEOUT
.Used by: vultr.cloud.vultr inventory plugin
- WORKSPACE_ID
Workspace ID of the Azure log analytics workspace.
- WORKSPACE_SHARED_KEY
Shared key to connect to Azure log analytics workspace.
- ZABBIX_PASSWORD
Zabbix user password.
- ZABBIX_SERVER
URL of Zabbix server, with protocol (http or https).
url
is an alias forserver_url
.
- ZABBIX_USERNAME
Zabbix user name.
- ZABBIX_VALIDATE_CERTS
If set to False, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.