Default variables

Custom local facts


Dictionary of custom facts that are set globally on all hosts.

core_facts: {}

Dictionary of custom facts that are set in a group of hosts.

core_group_facts: {}

Dictionary of custom facts that are set on specific hosts.

core_host_facts: {}

List of custom fact keys which will be removed if found.

core_remove_facts: []

If True, Ansible will not add facts that are already present on a host to the dictionary, and only store those specified in inventory.

core_reset_facts: False

Tags stored as local facts


Global list of tags to set on all hosts.

core_tags: []

List of tags to set for a group of hosts.

core_group_tags: []

List of tags to set on a given host.

core_host_tags: []

Override any combination of global, group or host tags with a static set.

core_static_tags: []

Specify a list of tags to remove from a tag list, if they’re present.

core_remove_tags: []

If True, Ansible will not merge current set of tags on a host and will create a new list of tags from inventory variables.

core_reset_tags: False

Core facts


List of IP addresses or CIDR subnets which contain hosts that are used to execute Ansible playbooks. Other roles that maintain host security can source the ansible_local.core.ansible_controllers list and add the entries found there to IP address whitelist.

core_ansible_controllers: []

IP address from which the SSH connection to a given host originates. It usually is the external IP address of Ansible Controller host, but it might be an internal IP address of a gateway or SSH jumphost through which the connection is proxied. This IP address will be added to list of Ansible Controllers defined above.

core_active_controller: '{{ ((ansible_env.SSH_CLIENT.split(" ") | first)
                             if (ansible_env|d() and ansible_env.SSH_CLIENT|d())
                             else "") }}'

Time in seconds which specifies how long APT cache should be considered valid between updates.

core_cache_valid_time: '{{ (60 * 60 * 24) }}'

URL for the GnuPG keyserver on which Ansible will search for encryption keys.

core_keyserver: 'hkp://'

Ansible will try and read the UUID value from the host using dmidecode. If it’s not available, this value will be used as the UUID source.

core_uuid_random: '{{ ansible_fqdn | to_uuid }}'

Core packages


List of packages required by Ansible local fact scripts.

core_base_packages: [ 'libcap2-bin' ]

List of additional packages to install.

core_packages: []

Directory paths


Path where Ansible local facts are stored. This shouldn’t really be changed because many Ansible roles use this path explicitly. This variable is set here so that it can be used by the directory creation task to ensure that the facts.d directory is present.

core_root_facts: '/etc/ansible/facts.d'

Directory where user binaries accessible via $PATH should be stored.

core_root_bin: '/usr/local/bin'

Directory where additional configuration files not related to existing services will be stored. Very rarely used.

core_root_etc: '/usr/local/etc'

Directory where various scripts which don’t or shouldn’t be directly accessible from the interactive shell should be stored, so that they don’t pollute Tab-completion. Roles can create subdirectories here in case when more than a handful of scripts are used.

core_root_lib: '/usr/local/lib'

Directory where administrator binaries accessible via $PATH should be stored.

core_root_sbin: '/usr/local/sbin'

Path where static data files should be stored, similar to /usr/share. Rarely used.

core_root_share: '/usr/local/share'

Path where application sources (tarballs, git repositories) can be stored and operated on, usually in a separate subdirectory for each role or user.

core_root_src: '/usr/local/src'

Directory that stores application data, things served by a given host, for example webpages. Web application system accounts may have their home directories there, as well as sftpusers websites and home directories.

core_root_data: '/srv'

Alternative directory for application data.

core_root_srv: '/srv'

Path where local backups generated by automated scripts are stored, usually in separate subdirectories for each user/role.

core_root_backup: '/var/backups'

Path where variable internal data are stored. Examples include databases, spools, transient files. Usually a separate subdirectory is used, especially when the application has its own home directory.

core_root_var: '/var/local'

Path where home directories of local system accounts are stored (/home is reserved for regular users and home directories of users stored in remote databases like LDAP).

core_root_home: '/var/local'

Directory where non-web applications are installed. By default it’s in a subdirectory, usually home directory of an application, but the root path might be different.

core_root_app: '/var/local'

Path where log files are stored, optionally with a separate subdirectory.

core_root_log: '/var/log'

List of directories and their ansible_local.root.* variable names, passed to a task that creates them in the filesystem and the template that generates Ansible local facts.


  - path: '{{ core_root_facts }}'
    fact: 'facts'

  - path: '{{ core_root_bin }}'
    fact: 'bin'

  - path: '{{ core_root_etc }}'
    fact: 'etc'

  - path: '{{ core_root_lib }}'
    fact: 'lib'

  - path: '{{ core_root_sbin }}'
    fact: 'sbin'

  - path: '{{ core_root_share }}'
    fact: 'share'

  - path: '{{ core_root_src }}'
    fact: 'src'

  - path: '{{ core_root_data }}'
    fact: 'data'

  - path: '{{ core_root_srv }}'
    fact: 'srv'

  - path: '{{ core_root_backup }}'
    fact: 'backup'

  - path: '{{ core_root_home }}'
    fact: 'home'

  - path: '{{ core_root_app }}'
    fact: 'app'

  - path: '{{ core_root_var }}'
    fact: 'var'

  - path: '{{ core_root_log }}'
    fact: 'log'