Beta

Ansible Advanced Course

Variables and Jinja2

Variable Precedence

This article explains how variables work in Ansible and outlines the concept of variable precedence—i.e., which value Ansible uses when the same variable is defined in multiple locations.

Ansible variables store information that might differ between hosts. They serve two main purposes:

• Configuring connectivity for Ansible itself.
• Defining settings for your playbooks (for example, configuring DNS server IPs, NTP server IPs, firewall rules, etc.).

Note

Ansible variables are assigned to host objects during playbook execution. Initially, group variables are associated with each host, and then any host-specific variables override these values.

Below is an example inventory file that defines host variables for each host and includes a group variable for the DNS server:

# /etc/ansible/hosts
web1 ansible_host=172.20.1.100
web2 ansible_host=172.20.1.101
web3 ansible_host=172.20.1.102

[web_servers]
web1
web2
web3

[web_servers:vars]
dns_server=10.5.5.3

Host Versus Group Variables

When the same variable is defined both on the host level and in the group, the host-specific variable takes precedence. Consider modifying the inventory for "web2" as follows:

# /etc/ansible/hosts
web1 ansible_host=172.20.1.100
web2 ansible_host=172.20.1.101  dns_server=10.5.5.4
web3 ansible_host=172.20.1.102

[web_servers]
web1
web2
web3

[web_servers:vars]
dns_server=10.5.5.3

In this scenario, Ansible first associates the group variable (dns_server=10.5.5.3) with all hosts. However, since "web2" is explicitly defined with its own variable (dns_server=10.5.5.4), that value is used during playbook execution.

Variables Defined in Playbooks

Variables can also be declared directly within a playbook. Defining variables at the play level overrides both host and group inventory variables. For example, consider the following playbook that configures the DNS server using a play-level variable:

---
- name: Configure DNS Server
  hosts: all
  vars:
    dns_server: 10.5.5.5
  tasks:
    - name: Update DNS settings
      nsupdate:
        server: '{{ dns_server }}'

Here, the playbook variable (dns_server: 10.5.5.5) overrides the inventory-defined values during playbook runtime.

Extra Variables from the Command Line

Extra variables passed via the command line have the highest precedence in Ansible. For instance, running the following command:

$ ansible-playbook playbook.yml --extra-vars "dns_server=10.5.5.6"

ensures that the value provided (dns_server=10.5.5.6) supersedes any values defined in the inventory or playbook. The command below demonstrates a similar override with a different value:

$ ansible-playbook playbook.yml --extra-vars "dns_server=10.5.6"

In both cases, the extra variable takes precedence over all others.

Overview of Precedence

Ansible applies variables following a defined hierarchical order. The order starts from the lowest precedence (role default variables), then proceeds through inventory and playbook variables, and finally applies extra vars provided directly on the command line (the highest precedence). This structure guarantees that more specific variables override more general ones.

The image shows a list of Ansible variable precedence, detailing the order in which variables are applied, from role defaults to extra vars.

That concludes our discussion on variable precedence in Ansible. In the next article, we will explore additional methods to manage and override variables effectively in your Ansible deployments.

Watch Video

Watch video content

Previous
Project Demo
Next
Variable Scope