Commentate and reorganize ansible.cfg, adding one or two quality-of-life options along the hway

This commit is contained in:
Salt 2022-04-29 16:46:45 -05:00
parent cef2d1a092
commit 71e1371619

View File

@ -1,18 +1,49 @@
[defaults] [defaults]
# I have a large number of machines, which warrants a large forks setting
# here.
forks = 16 forks = 16
# We set gathering to smart here as I'm often executing the site-wide playbook,
# which means a ton of redundant time gathering facts that haven't changed
# otherwise.
gathering = smart
# host_key_checking is disabled because nearly 90% of my Ansible plays are in
# ephemeral environments and I'm constantly spinning machines up and down.
# In theory this is an attack vector that I need to work on a solution for.
host_key_checking = false host_key_checking = false
# Explicitly set the python3 interpreter for legacy hosts.
interpreter_python = python3 interpreter_python = python3
# Default inventory is labeled "production", but this entire environment is a
# homelab so whatever.
inventory = inventories/production inventory = inventories/production
# I hate fun
nocows = true
# Pipelining is a fantastic speedup
pipelining = true
private_key_file = ~/.ssh/desu private_key_file = ~/.ssh/desu
# Set explicitly here, but this should be the default.
remote_tmp = $HOME/.ansible/tmp remote_tmp = $HOME/.ansible/tmp
remote_user = ansible remote_user = ansible
# This extra roles directory is used for Galaxy roles.
roles_path = .roles:roles roles_path = .roles:roles
system_warnings = true system_warnings = true
[diff]
always = true
[inventory]
# I have no clue why this isn't the default
unparsed_is_failed = true
[privilege_escalation] [privilege_escalation]
# We force an always-become condition because of the myriad of things we need
# to do as root.
become = true become = true
[ssh_connection] [ssh_connection]
pipelining = true # The number of retries here is insane because of the volatility of my home
# network, where a number of my machines live.
retries = 15 retries = 15
# These extra args are used for bastioning, where the ephemeral Ansible
# controller remotes into a bastion machine to access the rest of the
# environment.
ssh_extra_args = -o ForwardAgent=yes -o StrictHostKeyChecking=no ssh_extra_args = -o ForwardAgent=yes -o StrictHostKeyChecking=no