--- title: "Ansible Ignores ansible.cfg on WSL2 Windows Mounts" domain: troubleshooting category: ansible tags: [ansible, wsl, wsl2, windows, vault, configuration] status: published created: 2026-04-03 updated: 2026-04-03 --- # Ansible Ignores ansible.cfg on WSL2 Windows Mounts ## Problem Running Ansible from a repo on a Windows drive (`/mnt/c/`, `/mnt/d/`, etc.) in WSL2 silently ignores the local `ansible.cfg`. You'll see: ``` [WARNING]: Ansible is being run in a world writable directory (/mnt/d/MajorAnsible), ignoring it as an ansible.cfg source. ``` This causes vault decryption to fail (`Attempting to decrypt but no vault secrets found`), inventory to fall back to `/etc/ansible/hosts`, and `remote_user` to reset to defaults — even though `ansible.cfg` is right there in the project directory. ## Cause WSL2 mounts Windows NTFS drives with broad permissions (typically `0777`). Ansible refuses to load `ansible.cfg` from any world-writable directory as a security measure — a malicious user on a shared system could inject a rogue config. This is hardcoded behavior in Ansible and cannot be overridden with a flag. ## Solutions ### Option 1: Environment Variables (Recommended) Export the settings that `ansible.cfg` would normally provide. Add to `~/.bashrc`: ```bash export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass ``` Other common settings you may need: ```bash export ANSIBLE_REMOTE_USER=root export ANSIBLE_INVENTORY=/mnt/d/MajorAnsible/inventory/inventory.yml ``` ### Option 2: Pass Flags Explicitly ```bash ansible-playbook -i inventory/ playbook.yml --vault-password-file ~/.ansible/vault_pass ``` This works but is tedious for daily use. ### Option 3: Clone to a Native Linux Path Clone the repo inside the WSL2 filesystem instead of on the Windows mount: ```bash git clone https://git.example.com/repo.git ~/MajorAnsible ``` Native WSL2 paths (`/home/user/...`) have proper Linux permissions, so `ansible.cfg` loads normally. The tradeoff is that Windows tools can't easily access the repo. ### Option 4: Fix Mount Permissions (Not Recommended) You can change WSL2 mount permissions via `/etc/wsl.conf`: ```ini [automount] options = "metadata,umask=022" ``` This requires a `wsl --shutdown` and remount. It may break other Windows-Linux interop workflows and affects all mounted drives. ## Diagnosis To confirm whether Ansible is loading your config: ```bash ansible --version ``` Look for the `config file` line. If it shows `None` instead of your project's `ansible.cfg`, the config is being ignored. ## Related - [Ansible: Vault Password File Not Found](ansible-vault-password-file-missing.md) — general vault password troubleshooting - [Ansible Docs: Avoiding Security Risks with ansible.cfg](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#cfg-in-world-writable-dir)