Marcus Summers
daa771760b
Two new troubleshooting articles from today's MajorRig/MajorMac Ansible setup: - Windows OpenSSH WSL default shell breaks remote SSH commands - Ansible silently ignores ansible.cfg on WSL2 world-writable mounts Article count: 76 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2.8 KiB
| title | domain | category | tags | status | created | updated | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ansible Ignores ansible.cfg on WSL2 Windows Mounts | troubleshooting | ansible |
|
published | 2026-04-03 | 2026-04-03 |
Ansible Ignores ansible.cfg on WSL2 Windows Mounts
Problem
Running Ansible from a repo on a Windows drive (/mnt/c/, /mnt/d/, etc.) in WSL2 silently ignores the local ansible.cfg. You'll see:
[WARNING]: Ansible is being run in a world writable directory
(/mnt/d/MajorAnsible), ignoring it as an ansible.cfg source.
This causes vault decryption to fail (Attempting to decrypt but no vault secrets found), inventory to fall back to /etc/ansible/hosts, and remote_user to reset to defaults — even though ansible.cfg is right there in the project directory.
Cause
WSL2 mounts Windows NTFS drives with broad permissions (typically 0777). Ansible refuses to load ansible.cfg from any world-writable directory as a security measure — a malicious user on a shared system could inject a rogue config.
This is hardcoded behavior in Ansible and cannot be overridden with a flag.
Solutions
Option 1: Environment Variables (Recommended)
Export the settings that ansible.cfg would normally provide. Add to ~/.bashrc:
export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass
Other common settings you may need:
export ANSIBLE_REMOTE_USER=root
export ANSIBLE_INVENTORY=/mnt/d/MajorAnsible/inventory/inventory.yml
Option 2: Pass Flags Explicitly
ansible-playbook -i inventory/ playbook.yml --vault-password-file ~/.ansible/vault_pass
This works but is tedious for daily use.
Option 3: Clone to a Native Linux Path
Clone the repo inside the WSL2 filesystem instead of on the Windows mount:
git clone https://git.example.com/repo.git ~/MajorAnsible
Native WSL2 paths (/home/user/...) have proper Linux permissions, so ansible.cfg loads normally. The tradeoff is that Windows tools can't easily access the repo.
Option 4: Fix Mount Permissions (Not Recommended)
You can change WSL2 mount permissions via /etc/wsl.conf:
[automount]
options = "metadata,umask=022"
This requires a wsl --shutdown and remount. It may break other Windows-Linux interop workflows and affects all mounted drives.
Diagnosis
To confirm whether Ansible is loading your config:
ansible --version
Look for the config file line. If it shows None instead of your project's ansible.cfg, the config is being ignored.
Related
- Ansible: Vault Password File Not Found — general vault password troubleshooting
- Ansible Docs: Avoiding Security Risks with ansible.cfg