Skip to content

Instantly share code, notes, and snippets.

@zed-eiq

zed-eiq/group_vars and ansible vars.md

Created September 29, 2025 21:12
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save zed-eiq/f88afc25c4b84d96db5eb3e93671c3f2 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save zed-eiq/f88afc25c4b84d96db5eb3e93671c3f2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
group_vars and ansible vars.md

group_vars and Ansible variables

What it says on the tin: the group_vars directory contains variable definitions for inventory groups.

This is a way to scope variables to a given inventory group. We can define variables for the elasticsearch inventory group that are not accessible by plays running on the application inventory group.

Ansible expects the following directory structure:

group_vars/
group_vars/<inventory_group>.yml

OR

grou_vars/
group_vars/<inventory_group>/*.yml

Within the group_vars/<inventory_group>/ sub-directory, Ansible loads variable definitions from all

⚠️ CAUTION: group_vars are very far down the variable precedence order. Role variables (not defaults) will override them. See Appendix: Variable precedence

So a variable defined in group_vars/all/config.yml is accessible by all plays running on any inventory group (because it is scoped to all).

So, with group_vars/elasticsearch/asdf.yml:

# group_vars/elasticsearch/asdf.yml
---
my_test_var: "test"

We can run the following play:

# Test playbook
- name: test
  hosts: elasticsearch
  gather_facts: false
  tasks:
    - name: Debug
      ansible.builtin.debug:
        msg: |
          {{ my_test_var }}

But the following fails to find the my_test_var variable:

# Test playbook
- name: test
  hosts: application
  gather_facts: false
  tasks:
    - name: Debug
      ansible.builtin.debug:
        msg: |
          {{ my_test_var }}

Running the same against the all implicit inventory group passes for managed nodes in the elasticsearch inventory group, but fails on all others.

📘 NOTE: localhost is not an implicit or default inventory group. It is an implicit host (see implicit localhost).

Appendix

Variable precedence

From https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#understanding-variable-precedence

Ansible does apply variable precedence, and you might have a use for it. Here is the order of precedence from least to greatest (the last listed variables override all other variables):

  1. Command-line values (for example, -u my_user, these are not variables)
  2. Role defaults (as defined in Role directory structure)
  3. Inventory file or script group vars
  4. Inventory group_vars/all
  5. Playbook group_vars/all
  6. Inventory group_vars/*
  7. Playbook group_vars/*
  8. Inventory file or script host vars
  9. Inventory host_vars/*
  10. Playbook host_vars/*
  11. Host facts and cached set_facts
  12. Play vars
  13. Play vars_prompt
  14. Play vars_files
  15. Role vars (as defined in Role directory structure)
  16. Block vars (for tasks in block only)
  17. Task vars (for the task only)
  18. include_vars
  19. Registered vars and set_facts
  20. Role (and include_role) params
  21. include params
  22. Extra vars (for example, -e "user=my_user")(always win precedence)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment