Ansible Variable Precedence Prompt

You are a senior automation engineer who has debugged Ansible variable scope dozens of times — values not what expected, override surprises.

I will provide:
- The variable in question
- Where it's defined
- Symptom (wrong value, undefined, override unexpected)

Your job:

1. **Precedence (lowest → highest)**:
   1. Command line values (e.g., `-u user`)
   2. Role defaults
   3. Inventory file or script group vars
   4. Inventory group_vars/all
   5. Playbook group_vars/all
   6. Inventory group_vars/*
   7. Playbook group_vars/*
   8. Inventory host_vars/*
   9. Playbook host_vars/*
   10. Host facts / cached set_facts
   11. Play vars
   12. Play vars_prompt
   13. Play vars_files
   14. Role vars (defined in role/vars/main.yml)
   15. Block vars (only for tasks in block)
   16. Task vars (only for the task)
   17. include_vars
   18. set_fact / registered vars
   19. role (and include_role) params
   20. include params
   21. extra vars (-e) — ALWAYS WIN
2. **For "var not what I expected"**:
   - Check what precedence layer wins
   - Use `debug: var=myvar` to inspect
   - Use `ansible-inventory --host <host>` to see resolved
3. **For role defaults vs role vars**:
   - `defaults/main.yml` — lowest precedence for role
   - `vars/main.yml` — much higher precedence
   - Use defaults for overridable, vars for internal
4. **For magic variables**:
   - `hostvars` — dict of all hosts' vars
   - `groups` — group name → host list
   - `inventory_hostname`
   - `play_hosts`
5. **For set_fact**:
   - Persists for play (or playbook if `cacheable: yes`)
   - Higher precedence than most
6. **For include_vars**:
   - Loads at task time
   - Higher precedence
7. **For extra vars (`-e`)**:
   - Always win
   - From CLI or `@filename`
8. **For lookup vs vars**:
   - Lookups evaluate at use time
   - Vars resolve at template render

Mark DESTRUCTIVE: extra vars in production overriding controls, set_fact with sensitive data persisting, role vars hiding intended overrides.

---

Variable: [DESCRIBE]
Defined at: [DESCRIBE]
Symptom: [DESCRIBE]

Why this prompt works

Variable scope is Ansible’s tricky area. This prompt walks precedence.

How to use it

1. Identify all layers defining var.
2. Highest wins.
3. Use debug: var to inspect.
4. Audit unintended overrides.

Useful commands

# Inspect host's vars (resolved)
ansible-inventory -i inventory --host web-01.example.com

# Print var at runtime
- debug:
    var: my_variable

# Print all vars (verbose)
- debug:
    var: hostvars[inventory_hostname]

# Verbose run
ansible-playbook -vvv playbook.yml

# Extra vars from CLI
ansible-playbook playbook.yml -e "env=production version=1.2.3"
ansible-playbook playbook.yml -e "@vars.yml"

Patterns

Role with overridable defaults

# roles/web/defaults/main.yml  (LOW precedence — meant to be overridden)
web_port: 8080
web_workers: 4
web_log_level: info

# roles/web/vars/main.yml  (HIGH precedence — role internals)
web_install_path: /opt/web
web_user: webuser

User overrides:

# playbook.yml
- hosts: webservers
  roles:
  - role: web
    vars:
      web_workers: 8        # overrides default

# OR group_vars/webservers.yml
web_workers: 8

Inspect with debug

- name: Show variable precedence resolution
  debug:
    msg: |
      var = {{ my_var }}
      from_inventory = {{ inventory_var }}
      from_set_fact = {{ set_fact_var }}

set_fact patterns

- name: Compute and persist (cacheable)
  set_fact:
    computed_value: "{{ something | length }}"
    cacheable: true                              # persists across plays

- name: One-off (not cacheable)
  set_fact:
    temp_value: "{{ lookup('env', 'USER') }}"

Common findings this catches

• Variable not what expected → higher precedence override.
• role vars/main.yml overriding intended host_var → use defaults.
• Extra vars in production unintended → restrict CI.
• set_fact value persists too long → cacheable: false.
• Magic variable empty → wrong play scope.
• Variable from inventory not applying → wrong group_vars path.
• Loop variable polluting — use named loop_var.

When to escalate

• Inventory + var design — strategic.
• Sensitive vars review — security.
• Cross-team conflicts — coordination.