Check out the repository on GitHub

Check out the demo at: demo.webui.ansibleguy.net | Login: User demo, Password Ansible1337


DISCLAIMER: This is an unofficial community project! Do not confuse it with the vanilla Ansible product!


This project still in early development! DO NOT USE IN PRODUCTION!

4 - Config


Runtime system configuration can be managed using the WebUI System - Config page.


Jobs can be managed at the Jobs - Manage page.

Tip: The file-browsing also allows you to use your keyboard. Select using Up/Down/Enter keys and auto-complete input using the Tab key!

Permissions, Users, Groups

See: Usage - Privileges


See: Usage - Repositories

Environmental variables

You can find the currently set environmental variables at the System - Config page.

Config File

You are able to provide the following settings by using a YAML config-file.

WARNING: If possible - set your secrets as environmental variables. Users that are allowed to execute/modify jobs are be able to read the content of the config-file

  • Provide it by flag: python3 -m ansibleguy-webui -c /etc/ansible-webui/config.yml

  • Provide it by env-var: AW_CONFIG=/etc/ansible-webui/config.yml

Example config:

# env-vars without the 'AW_' prefix
DB: '/etc/ansible-webui/aw.db'
PORT: 8000
SECRET: 'sflsjklfdsjlfsDlNDIDEÜNfsnfa-ehöajklsfnn,sf,sdfs,i3uo'
HOSTNAMES: ['webui.ansibleguy.net', 'cname.webui.ansibleguy.net']
SSH_KNOWN_HOSTS: '/etc/ansible-webui/known_hosts'

AUTH: 'saml'
    METADATA_AUTO_CONF_URL: 'https://<YOUR-IDP>/metadata'

Docker usage:

# safe config to /etc/ansible-webui/config.yml on your host system
sudo docker run -d ... --env AW_CONFIG=/etc/aw/config.yml --volume /etc/ansible-webui/:/etc/aw/ ansible0guy/webui:latest


Only Env

Some settings are only available as environmental variables.


    Define a secret key to use for cookie and password encryption. By default it will be re-generated at service restart. It has to be set for job-secrets like passwords to be loadable after restart. It has to be at least 30 characters long!

    WARNING: If possible - set this secret as environmental variable. Users that are allowed to execute/modify jobs are be able to read the content of the config-file


    Define the user-name for the initial admin user.


    Define the password for the initial admin user.


    Set if Ansible-WebUI is operated behind a proxy-server.


    Set a comma-separated list of hostnames that are in use and should be trusted. If not set you might encounter ‘CSRF’ errors.

  • AW_DB

    Define the path where the SQLite3 database is placed. Default: ${HOME}/.config/ansible-webui/aw.db


    Port to listen on. Default: 8000


    IP Address to listen on. Default:


    Optionally provide the path to a ssl certificate to use. Use a (full-)chain if not self-signed.

    WARNING: You should use a proxy in front of this application in production setups.


    Optionally provide the path to an unencrypted ssl key to use.

    WARNING: You should use a proxy in front of this application in production setups.


    Choose the authentication mode you want to use.

    One of saml, ldap or local. Default: local

    If the mode is set to saml or ldap - you need to define its config inside the config file.

General System Settings

These settings are also configurable using the WebUI.


    Define the path where full job-logs are saved. Default: ${HOME}/.local/share/ansible-webui/


    Base directory for Ansible-Runner runtime files. Default: /tmp/ansible-webui/


    Path to the Ansible base/playbook directory. Default: current working directory (when executing ansible-webui)


    Timeout for the execution of a playbook in seconds. Default: 3.600 (1h) You might want to lower this value to a sane value for your use-cases.


    Timeout for WebUI sessions in seconds. Default: 43.200 (12h)


    Define the path to the known-hosts file that should be used. You can use ${AW_PATH_PLAY} to reference paths relative to your playbook base-directory!

    Default: None - fallback to user defaults

    Default in docker: ${AW_PATH_PLAY}/known_hosts


    Override the timezone used. Default is the system timezone. Fallback value is UTC if all others are invalid.

Advanced Settings

Normal users will not have to use these.


    If defined - the built-in static-file serving is disabled. Use this if in production and a proxy like nginx is in front of the Ansible-WebUI webservice.

    Path to serve: /static/ => ${PATH_VENV}/lib/python${PY_VERSION}/site-packages/ansible-webui/aw/static/


    Define to disable automatic database schema-upgrades. After upgrading the module you might have to run the upgrade manually:

    # if running non-release version
    python3 -m ansibleguy-webui.manage makemigrations
    python3 -m ansibleguy-webui.manage makemigrations aw
    # all
    python3 -m ansibleguy-webui.manage migrate
  • AW_ENV

    Used in development. If unset or value is neither ‘dev’ nor ‘staging’ the webservice will be in production mode. ‘staging’ mode is close to production behavior.


    Enable debug output.

    This debug mode SHOULD ONLY BE ENABLED TEMPORARILY! It could possibly open attack vectors.


    Used to notify the software that it is running inside a docker container. Needed for listen port.


Environmental variables can be set before/when starting Ansible-WebUI.

With basic setup:

export AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa
export AW_PROXY=1
python3 -m ansibleguy-webui

# OR

AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa python3 -m ansibleguy-webui

When using Docker:

docker run -d --name ansible-webui --env AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa --env AW_PROXY=1 ...

When running as Systemd service:

# add inside the '[Service]' area of the service-config-file

# add variables to the file
echo 'AW_SECRET=aaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaaaa' >> /etc/ansible-webui/env.txt
echo 'AW_PROXY=1' >> /etc/ansible-webui/env.txt

# make sure the access is limited so your secret(s) are safe
chown root /etc/ansible-webui/env.txt
chmod 600 /etc/ansible-webui/env.txt