debops.core default variables

Custom local facts


Dictionary of custom facts that are set globally on all hosts.

core__facts: {}

Dictionary of custom facts that are set in a group of hosts.

core__group_facts: {}

Dictionary of custom facts that are set on specific hosts.

core__host_facts: {}

List of custom fact keys which will be removed if found.

core__remove_facts: []

If True, Ansible will not add facts that are already present on a host to the dictionary, and only store those specified in inventory.

core__reset_facts: False

Tags stored as local facts


Global list of tags to set on all hosts.

core__tags: []

List of tags to set for a group of hosts.

core__group_tags: []

List of tags to set on a given host.

core__host_tags: []

Override any combination of global, group or host tags with a static set.

core__static_tags: []

Specify a list of tags to remove from a tag list, if they're present.

core__remove_tags: []

If True, Ansible will not merge current set of tags on a host and will create a new list of tags from inventory variables.

core__reset_tags: False

Core facts


List of IP addresses or CIDR subnets which contain hosts that are used to execute Ansible playbooks. Other roles that maintain host security can source the ansible_local.core.ansible_controllers list and add the entries found there to IP address whitelist.

core__ansible_controllers: []

IP address from which the SSH connection to a given host originates. It usually is the external IP address of Ansible Controller host, but it might be an internal IP address of a gateway or SSH jumphost through which the connection is proxied. This IP address will be added to list of Ansible Controllers defined above.

core__active_controller: '{{ ((ansible_env.SSH_CLIENT.split(" ") | first)
                              if (ansible_env | d() and ansible_env.SSH_CLIENT | d())
                              else "") }}'

List of the system groups which contain the system administrator accounts. If you don't want this functionality, make this list empty.

core__admin_groups: [ 'admins' ]

List of system administrator accounts. Ansible will check what accounts are in the groups specified above and include them in this list automatically. These accounts are used in different roles to automatically create administrative accounts in different services.

To override the admin accounts autodetected by Ansible, specify them in this list.

core__admin_users: '{{ ((ansible_local.core.admin_users
                         if (ansible_local.core.admin_users | d())
                         else [])
                        + [ (ansible_user
                              if (ansible_user is defined and
                                  ansible_user not in
                                   + core__admin_blacklist_users))
                              else lookup("env", "USER")) ])
                        | unique }}'

List of user accounts which will not be included by Ansible in the system administrator account list. This is used to avoid creating common, static admin account names in various services.

  - 'admin'
  - 'ansible'
  - 'debian'
  - 'pi'
  - 'root'
  - 'ubuntu'
  - 'user'

Additional list of user accounts to not include in the system administrator account list.

core__admin_blacklist_users: []

List of public system administrator e-mail addresses. The addresses specified here will be used as publicly visible admin contact information by the Ansible roles that use them.

This variable can be used as a final destination by the system MTA.

core__admin_public_email: [ '{{ ("root@" + ansible_domain)
                                if ansible_domain | d()
                                else "root" }}' ]

List of private system administrator e-mail addresses. They will be used by other Ansible roles to sent important system messages to the administrator. These e-mail addresses are visible to all users on a given host, but should not be visible from outside of a host.

If none are specified, list of admin user accounts will be used instead. The mail delivery to these accounts is left to the system MTA.

This variable shouldn't be used as a final destination by the system MTA, otherwise it might result in an undeliverable error. It can be used as an alias.

core__admin_private_email: []

Time in seconds which specifies how long APT cache should be considered valid between updates.

core__cache_valid_time: '{{ (60 * 60 * 24) }}'

Some of the OS distributions are not detected by Ansible correctly. This variable can be used to fix that issue across all roles that use it.

core__distribution: '{{
                        if ( | d())
                        else ansible_distribution }}'

Some of the OS releases are not detected by Ansible correctly. This variable can be used to fix that issue across all roles that use it.

core__distribution_release: '{{ ansible_lsb.codename
                                if (ansible_lsb.codename | d())
                                else ansible_distribution_release }}'

Default umask for home directories.

core__homedir_umask: '0027'

Enable or disable use of the unsafe_writes parameter in Ansible tasks that deal with files. See Global unsafe writes for more details.

core__unsafe_writes: False

Core packages


List of packages required by Ansible local fact scripts.

core__base_packages: [ 'bash', 'libcap2-bin', 'lsb-release', 'dbus', 'dirmngr' ]

List of additional packages to install.

core__packages: []

List of additional packages to install for a group.

core__group_packages: []

List of additional packages to install for a host.

core__host_packages: []