Ansible Local Provisioner

Provisioner name: ansible_local

The Vagrant Ansible Local provisioner allows you to provision the guest using Ansible playbooks by executing ansible-playbook directly on the guest machine.

Warning: If you are not familiar with Ansible and Vagrant already, I recommend starting with the shell provisioner. However, if you are comfortable with Vagrant already, Vagrant is a great way to learn Ansible.

Setup Requirements

The main advantage of the Ansible Local provisioner in comparison to the Ansible (remote) provisioner is that it does not require any additional software on your Vagrant host.

On the other hand, Ansible must obviously be installed on your guest machine(s).

Note: By default, Vagrant will try to automatically install Ansible if it is not yet present on the guest machine (see the install option below for more details).


This page only documents the specific parts of the ansible_local provisioner. General Ansible concepts like Playbook or Inventory are shortly explained in the introduction to Ansible and Vagrant.

The Ansible Local provisioner requires that all the Ansible Playbook files are available on the guest machine, at the location referred by the provisioning_path option. Usually these files are initially present on the host machine (as part of your Vagrant project), and it is quite easy to share them with a Vagrant Synced Folder.

Simplest Configuration

To run Ansible from your Vagrant guest, the basic Vagrantfile configuration looks like:

Vagrant.configure("2") do |config|
  # Run Ansible from the Vagrant VM
  config.vm.provision "ansible_local" do |ansible|
    ansible.playbook = "playbook.yml"


  • The playbook.yml file is stored in your Vagrant's project home directory.

  • The default shared directory is enabled (./vagrant).


This section lists the specific options for the Ansible Local provisioner. In addition to the options listed below, this provisioner supports the common options for both Ansible provisioners.

  • install (boolean) - Try to automatically install Ansible on the guest system.

    This option is enabled by default.

    Vagrant will try to install (or upgrade) Ansible when one of these conditions are met:

    • Ansible is not installed (or cannot be found).
    • The version option is set to "latest".
    • The current Ansible version does not correspond to the version option.

    Attention: There is no guarantee that this automated installation will replace a custom Ansible setup, that might be already present on the Vagrant box.

  • install_mode (:default or :pip) - Select the way to automatically install Ansible on the guest system.

    • :default: Ansible is installed from the operating system package manager. This mode doesn't support version selection. For many platforms (e.g Debian, FreeBSD, OpenSUSE) the official package repository is used, except for the following Linux distributions:
      • On Ubuntu-like systems, the latest Ansible release is installed from the ppa:ansible/ansible repository.
      • On RedHat-like systems, the latest Ansible release is installed from the EPEL repository.
    • :pip: Ansible is installed from PyPI with pip package installer. With this mode, Vagrant will systematically try to install the latest pip version. The :pip mode can install a specific version of Ansible if such information is specified with the version option described below.

    The default value is :default, and any invalid value for this option will silently fall back to the default value.

  • provisioning_path (string) - An absolute path on the guest machine where the Ansible files are stored. The ansible-galaxy and ansible-playbook commands are executed from this directory. This is the location to place an ansible.cfg file, in case you need it.

    The default value is /vagrant.

  • tmp_path (string) - An absolute path on the guest machine where temporary files are stored by the Ansible Local provisioner.

    The default value is /tmp/vagrant-ansible

  • version (string) - The expected Ansible version.

    This option is disabled by default.

    When an Ansible version is defined (e.g. "1.8.2"), the Ansible local provisioner will be executed only if Ansible is installed at the requested version.

    When this option is set to "latest", no version check is applied.

    Warning: It is currently possible to use this option to specify which version of Ansible must be automatically installed, but only in combination with the install_mode set to :pip.

Tips and Tricks

Ansible Parallel Execution from a Guest

With the following configuration pattern, you can install and execute Ansible only on a single guest machine (the "controller") to provision all your machines.

Vagrant.configure("2") do |config|

  config.vm.box = "ubuntu/trusty64"

  config.vm.define "node1" do |machine|
    machine.vm.network "private_network", ip: ""

  config.vm.define "node2" do |machine|
    machine.vm.network "private_network", ip: ""

  config.vm.define 'controller' do |machine|
    machine.vm.network "private_network", ip: ""

    machine.vm.provision :ansible_local do |ansible|
      ansible.playbook       = "example.yml"
      ansible.verbose        = true
      ansible.install        = true
      ansible.limit          = "all" # or only "nodes" group, etc.
      ansible.inventory_path = "inventory"


You need to create a static inventory file that corresponds to your Vagrantfile machine definitions:

controller ansible_connection=local
node1      ansible_ssh_host= ansible_ssh_private_key_file=/vagrant/.vagrant/machines/node1/virtualbox/private_key
node2      ansible_ssh_host= ansible_ssh_private_key_file=/vagrant/.vagrant/machines/node2/virtualbox/private_key


And finally, you also have to create an ansible.cfg file to fully disable SSH host key checking. More SSH configurations can be added to the ssh_args parameter (e.g. agent forwarding, etc.)

host_key_checking = no

ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes

© 2010–2017 Mitchell Hashimoto
Licensed under the MPL 2.0 License.