Ansible and Ansible Tower provide a powerful variable system. At the same time, there are some variables reserved to one or the other, which cannot be used by others, but can be helpful. This post lists all reserved and magic variables and also important keywords.
Variables in Ansible are a powerful tool to influence and control your automation execution. In fact, I’ve dedicated a fare share of posts to the topic over the years:
- Introduction to Ansible variables
- Reference Ansible variables between plays
- Provide dictionaries as default in Ansible variables
- Insights into Ansible: environments of executed playbooks
- Show all variables of a host
- Combine Python methods with Jinja filters in Ansible
The official documentation of Ansible variables is also quite comprehensive.
The variable system is in fact so powerful that Ansible uses it itself. There are certain variables which are reserved, the so called magic variables.
The given documentation lists many of them – but is missing the Tower ones. For that reason this post list all magic variables in Ansible and Ansible Tower with references to more information.
Note that the variables and keywords might be different for different Ansible versions. The lists provided here are for Ansible 2.8 which is the current release and als shipped in Fedora – and Tower 3.4/3.5.
Reserved & Magic Variables
The following list shows true magic variables. They are reserved internally and are overwritten by Ansible if needed. A “(D)” highlights that the variable is deprecated.
ansible_check_mode ansible_dependent_role_names ansible_diff_mode ansible_forks ansible_inventory_sources ansible_limit ansible_loop ansible_loop_var ansible_play_batch (D) ansible_play_hosts (D) ansible_play_hosts_all ansible_play_role_names ansible_playbook_python ansible_role_names ansible_run_tags ansible_search_path ansible_skip_tags ansible_verbosity ansible_version group_names groups hostvars inventory_hostname inventory_hostname_short inventory_dir inventory_file omit play_hosts (D) ansible_play_name playbook_dir role_name role_names role_path
Facts are not magic variables because they are not internal. But they are collected during facts gathering or execution of the setup module, so it helps to keep them in mind. There are two “main” variables related to facts, and a lot of other variables depending on what the managed node has to offer. Since those are different from system to system, it is tricky to list them all. But they can be easily identified by the leading
ansible_facts ansible_local ansible_*
Connection variables control the way Ansible connects to target machines: what connection plugin to use, etc.
ansible_become_user ansible_connection ansible_host ansible_python_interpreter ansible_user
Tower has its own set of magic variables which are used internally to control the execution of the automation. Note that those variables can optionally start with
awx_ instead of
tower_job_id tower_job_launch_type tower_job_template_id tower_job_template_name tower_user_id tower_user_name tower_schedule_id tower_schedule_name tower_workflow_job_id tower_workflow_job_name
Keywords are strictly speaking not variables. In fact, you can even set a variable named as a key word. Instead, they are the parts of a playbook that make a playbook work: think of the keys hosts, tasks, name or even the parameters of a module.
It is just important to keep those keywords in mind – and it certainly helps when you name your variables in a way that they are not mixed up with keywords by chance.
The following lists shows all keywords by where they can appear. Note that some keywords are listed multiple times because they can be used at different places.
any_errors_fatal become become_flags become_method become_user check_mode collections connection debugger diff environment fact_path force_handlers gather_facts gather_subset gather_timeout handlers hosts ignore_errors ignore_unreachable max_fail_percentage module_defaults name no_log order port post_tasks pre_tasks remote_user roles run_once serial strategy tags tasks vars vars_files vars_prompt
any_errors_fatal become become_flags become_method become_user check_mode collections connection debugger delegate_facts delegate_to diff environment ignore_errors ignore_unreachable module_defaults name no_log port remote_user run_once tags vars when
always any_errors_fatal become become_flags become_method become_user block check_mode collections connection debugger delegate_facts delegate_to diff environment ignore_errors ignore_unreachable module_defaults name no_log port remote_user rescue run_once tags vars when
action any_errors_fatal args async become become_flags become_method become_user changed_when check_mode collections connection debugger delay delegate_facts delegate_to diff environment failed_when ignore_errors ignore_unreachable local_action loop loop_control module_defaults name no_log notify poll port register remote_user retries run_once tags until vars when with_<lookup_plugin>