DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workkloads.

Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Streamlining Event Data in Event-Driven Ansible
  • Clean Up Event Data in Ansible Event-Driven Automation
  • Monitoring journald Logs With Event-Driven Ansible
  • Simulating Events in Ansible EDA: A Practical Use Case of ansible.eda.generic

Trending

  • Mastering Fluent Bit: Installing and Configuring Fluent Bit on Kubernetes (Part 3)
  • A Modern Stack for Building Scalable Systems
  • Apache Doris vs Elasticsearch: An In-Depth Comparative Analysis
  • A Complete Guide to Modern AI Developer Tools
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Deployment
  4. An Introduction to Ansible Inventory

An Introduction to Ansible Inventory

By 
Gunter Rotsaert user avatar
Gunter Rotsaert
DZone Core CORE ·
Sep. 27, 22 · Tutorial
Likes (1)
Comment
Save
Tweet
Share
4.0K Views

Join the DZone community and get the full member experience.

Join For Free

In this post, you will learn how to set up a basic Ansible Inventory. Besides that, you will learn how to encrypt sensitive information by means of Ansible Vault. Enjoy!

1. Introduction

In a previous post, you learned how to set up an Ansible test environment. In this post, you will start using the test environment. Just as a reminder, the environment consists of one Controller and two Target machines. The Controller and Target machines run in a VirtualBox VM. Development of the Ansible scripts is done with IntelliJ on the host machine. The files are synchronized from the host machine to the Controller by means of a script.

In this blog, you will create an inventory file. The inventory file contains information about the Target machines in order for the Controller to locate and access the machines for executing tasks. The inventory file will also contain sensitive information such as the password being used for accessing the Target machines. In a second part of this blog you will solve this security problem by means of Ansible Vault.

The files being used in this blog are available in the corresponding git repository at GitHub.

2. Prerequisites

The following prerequisites apply to this blog:

  • You need an Ansible test environment, see a previous blog how to set up a test environment;
  • If you use your own environment, you should know that Ubuntu 22.04 LTS is used for the Controller and Target machines and Ansible version 2.13.3;
  • Basic Linux knowledge.

3. Create an Inventory File

The Ansible Controller will need to know some information about the Targets in order to be able to execute tasks. This information can be easily provided by means of an inventory file. Within an inventory, you will specify the name of the Target, its IP address, how to connect to the Target, etc. Take a look at the Ansible documentation for all the details. In this section, you will experiment with some of the inventory features.

By default, Ansible will search for the inventory in /etc/ansible/hosts but you can also provide a custom location for the inventory when executing Ansible. That is what you will do in this section.

Create in the root of the repository a directory inventory and create an inventory.ini file. Add the following content to the file:

Plain Text
 
target1
target2
 
[targets]
target1
target2
 
[target1_group]
target1
 
[target2_group]
target2
 
[target_groups:children]
target1_group
target2_group

The first two lines contain the names for the Target machines. You can give this any name you would like, but in this case, you just call them target1 and target2.

When you want to address several machines at once, you can create groups. A group is defined between square brackets followed by the list of machines belonging to this group. In the inventory above, you can recognize group targets which contains target1 and target2. This group is not really necessary, because by default a group all exists which is equal to the group targets in this case. The groups target1_group and target2_group are for illustrative purposes and do not make much sense because they contain only one machine. However, in real life, you can imagine to have groups for application machines, database machines, etc. or you might want to group machines by region for example.

You can also define a group of groups like target_groups. You need to add :children to the definition and then you can combine several groups into a new group. The group target_groups consists of the group target1_group and target2_group. This actually means that group target_groups consists of machines target1 and target2.

4. Define Variables

The inventory file you created just contains names of machines and groups. But this information is not enough for Ansible to be able to locate and connect to the machines. One approach is to add variables in the inventory file containing this information. A better approach is to define a directory host_vars containing subdirectories for each machine containing the variables. Ansible will scan these directories in order to find the variables for each machine. You can also define variables for the groups. In this case, you create a directory group_vars.

Create in directory inventory a directory host_vars containing the directories target1 and target2. The directory tree of directory inventory looks as follows:

Plain Text
 
├── host_vars
│   ├── target1
│   └── target2
└── inventory.ini

Create in directory target1 a file vars with the following contents:

YAML
 
ansible_host: 192.168.2.12
ansible_connection: ssh
ansible_user: osboxes
ansible_ssh_pass: osboxes.org

The variables defined here are some special variables for Ansible to be able to locate and connect to the machine:

  • ansible_host: the IP address of the target1 machine;
  • ansible_connection: the way you want to connect to target1;
  • ansible_user: the system user Ansible can use to execute tasks onto the machine;
  • ansible_ssh_pass: the password of the ansible_user. Do not store passwords in plain text in real life! This is only done for testing purposes and a proper solution is provided later on this post.

Note that you can also define these variables in the inventory file on the same line as where you define the name of the machine. In this case, the variables need to be defined as key=value (with an equal sign and not with a colon).

Add a vars file to directory target2 with similar contents but with the connection values for target2.

5. Test Inventory Settings

Now it is time to do some testing in order to verify whether it works. Start the Controller and the two Target machines. Synchronize the files you created to the Controller machine and navigate in a terminal window to the MyAnsiblePlanet directory. Connect once manually to both Target machines so that the SSH fingerprint is available onto the Controller machine, otherwise you will get an error message when Ansible tries to connect to the Target machines.

Shell
 
$ ssh osboxes@192.168.2.12
$ ssh osboxes@192.168.2.13

With the following command, you will ping the target1 machine. The command consists of the following items:

  • ansible: The Ansible executable;
  • target1: The name of the machine where you want to execute the task. This corresponds to the name in the inventory;
  • -m ping: Execute the ping command;
  • -i inventory/inventory.ini: The path of the inventory file.

The command to execute:

Shell
 
$ ansible target1 -m ping -i inventory/inventory.ini
target1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    }, 
    "changed": false, 
    "ping": "pong"
}

The response indicates a success. Execute the same command but for the target2 machine. The result should also be a success response.

Just like you can execute a task on a single machine, you can also execute a task on a group. Execute the command for the targets group:

Shell
 
$ ansible targets -m ping -i inventory/inventory.ini
target2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    }, 
    "changed": false, 
    "ping": "pong"
}
target1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    }, 
    "changed": false, 
    "ping": "pong"
}

As you can see, the command is executed on both Target machines, as expected.

Execute the command for the other groups as well.

6. Encrypt Password

Now that you know that the inventory configuration is working as expected, it is time to get back to the password in plain text problem. This can be solved by using Ansible Vault. Ansible Vault probably deserves its own blog, but in this section you just going to apply one way of encrypting sensitive information. The encryption will be done for the target1 machine.

Create in directory inventory/target1 a file vault and copy the ansible_ssh_pass variable to this vault file. Change the variable name from ansible_ssh_pass into vault_ansible_ssh_pass.

YAML
 
vault_ansible_ssh_pass: osboxes.org

In the vars file, you replace the plain text password with a reference to this new vault_ansible_ssh_pass variable using Jinja2 syntax. Note that it is also required to add double quotes around the reference.

YAML
 
ansible_host: 192.168.2.12
ansible_connection: ssh
ansible_user: osboxes
ansible_ssh_pass: "{{ vault_ansible_ssh_pass }}"

Encrypt the vault file with password itisniceweather (or whatever password you would like).

Shell
 
$ ansible-vault encrypt inventory/host_vars/target1/vault
New Vault password: 
Confirm New Vault password: 
Encryption successful

The vault file contents is now encrypted.

Plain Text
 
$ANSIBLE_VAULT;1.1;AES256
34353662643861663663363161366239343633636561663564653030663134623266323363353433
6233383939396335343639623165306330393031383836320a616430336132643638333862363965
36303837313239386566633332326165663336363464623437383638333936613038663366343833
3737316665323230620a343163356138656535363837646566643962393366353266613462616437
32346531613637396666623864333330643261366139306162373038633636633934326165616438
6565363034333137623539643539666234386339393965663362

The password you have used for encrypting the file should be saved in a password manager. Ansible will need it to decrypt the password.

Try to execute the ping command for target1 like you did before.

Shell
 
$ ansible target1 -m ping -i inventory/inventory.ini 
ERROR! Attempting to decrypt but no vault secrets found

This fails because Ansible cannot decrypt the password field.

Add the parameter --ask-vault-pass to the command in order that Ansible asks you for the vault password.

Shell
 
$ ansible target1 -m ping -i inventory/inventory.ini --ask-vault-pass 
Vault password: 
target1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

And now it works again! This is a better way for handling sensitive information in your Ansible files. There are several more ways of handling sensitive information. As said before, Ansible Vault deserves its own blog. In the meanwhile, more information can be found in the Ansible documentation.

7. Conclusion

In this post, you learned the basics of an Ansible Inventory file and you learned how to encrypt sensitive information in the inventory file. You have gained the basic skills to start setting up an inventory file yourself for your environment.

Ansible (software) Inventory (library)

Published at DZone with permission of Gunter Rotsaert, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Streamlining Event Data in Event-Driven Ansible
  • Clean Up Event Data in Ansible Event-Driven Automation
  • Monitoring journald Logs With Event-Driven Ansible
  • Simulating Events in Ansible EDA: A Practical Use Case of ansible.eda.generic

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!