The ansible.cfg file is Ansible’s configuration file that allows you to customize the behavior of Ansible. Current stable version: Ansible-core 2.20.2 (released January 29, 2026). This file can be placed in several locations, with the following precedence:
./ansible.cfg (in the current directory)~/.ansible.cfg (in the user’s home directory)/etc/ansible/ansible.cfg (system-wide)The [defaults] section contains general settings for Ansible:
[defaults]
# Inventory file location
inventory = ./inventory
# Remote user for connections
remote_user = ansible_user
# Path to SSH private key
private_key_file = ~/.ssh/id_rsa
# Disable host key checking (not recommended for production)
host_key_checking = False
# Number of parallel processes to spawn
forks = 20
# Time to wait for connection attempts
timeout = 30
# Path to sudo executable
sudo_exe = sudo
# Default sudo user
sudo_user = root
# Enable or disable gathering facts
gathering = smart
# Fact caching settings
fact_caching = memory
# Callback plugins
stdout_callback = yaml
bin_ansible_callbacks = True
# Vault settings
vault_password_file = ~/.ansible/vault_password
# Module settings
executable = /bin/bash
# Python interpreter
interpreter_python = auto_silent
# Host key checking
host_key_checking = True
# Logging
log_path = /var/log/ansible.log
# Configuration for gathering facts
gathering = smart
fact_caching_timeout = 86400
Configure how Ansible handles privilege escalation:
[privilege_escalation]
# Enable privilege escalation
become = True
# Method to use for privilege escalation
become_method = sudo
# User to become
become_user = root
# Ask for privilege escalation password
become_ask_pass = False
Configure SSH connection parameters:
[ssh_connection]
# SSH arguments
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# Enable SSH pipelining
pipelining = True
# Number of attempts to connect
retries = 3
# TCP timeout for connection
timeout = 30
# Path to SSH executable
ssh_executable = /usr/bin/ssh
# Arguments for sftp
sftp_extra_args = -F ~/.ssh/config
# Arguments for scp
scp_extra_args = -F ~/.ssh/config
# Arguments for ssh
ssh_extra_args = -F ~/.ssh/config
Configure how Ansible handles inventory:
[inventory]
# Enable inventory plugins
enable_plugins = host_list, script, auto, yaml, ini, toml
# Cache inventory
cache = yes
# Inventory cache timeout
cache_timeout = 3600
Here’s a example of an ansible.cfg file optimized for production use:
[defaults]
# Inventory and connection settings
inventory = ./inventory
remote_user = ansible_user
host_key_checking = False
timeout = 30
forks = 20
# Fact gathering
gathering = smart
fact_caching = memory
fact_caching_timeout = 86400
# Output formatting
stdout_callback = yaml
bin_ansible_callbacks = True
callback_whitelist = timer, profile_tasks
# Vault configuration
vault_password_file = ~/.ansible/vault_password
# Module settings
executable = /bin/bash
interpreter_python = auto_silent
# Logging
log_path = /var/log/ansible.log
# Temporary directory
remote_tmp = /tmp/.ansible-${USER}/tmp
# Ansible behavior
gathering = smart
roles_path = ./roles:/usr/share/ansible/roles
library = ./library
module_utils = ./module_utils
filter_plugins = ./filter_plugins
test_plugins = ./test_plugins
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = True
retries = 3
timeout = 30
scp_if_ssh = smart
control_path = %(directory)s/%%h-%%r
[inventory]
enable_plugins = host_list, script, auto, yaml, ini, toml
cache = yes
cache_timeout = 3600
ansible.cfgansible-vault for sensitive informationchmod 600 ansible.cfgYou can also set Ansible configuration options using environment variables:
export ANSIBLE_INVENTORY=./inventory
export ANSIBLE_REMOTE_USER=ansible_user
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_BECOME=True
Verify your configuration is working correctly:
# Check configuration
ansible-config dump --only-changed
# View all configuration
ansible-config view
# Test connection to all hosts
ansible all -m ping
Any questions?
Feel free to contact us. Find all contact information on our contact page.