Using Ansible Dynamic Inventory with AWS

I assume most of y'all know a bit about ansible about ansible and why it has become so popular (this is mid 2017), it helps (bigtime) automating groups of servers (as well as network and storage devices).

Puppet and Chef are popular alternatives to ansible, that I don't know anything about. I do have considerable experience with ansible so I won't be able to, nor attempt to make comparisons with either of those tools.

why it is so helpful automating systems tasks [TODO: write article about ansible?]. For me it just makes sense, it feels good.

A couple of the things I really like about ansible is it's distinction between roles and inventory. In nutshell:

Roles represent the services provided by every host ansible manages. For example roles might be "webserver", "databaseserver", "saleslaptop". Each of these roles have a set of tasks that will be performed, like install the software required for a specific role onto the server playing that role.

Hosts can belong to more than one role. For example, the same host "megatron" could belong to both the webserver and databaseserver groups.

So roles tell ansible how what to do for every role it manages, however, it does not tell ansible which hosts to manage. That is where, ansible's inventory system comes in...

Inventories in ansible are specific collections of hosts a

An inventory in ansible is basically a collection of hosts and other resources that tell ansible how to access (hostname / ip address, usernames, password, encryption keys, etc.) specified hosts.

Inventories also allow a collection of variables that may differ according to different groups. For example there might be a groups of wordpress servers and a group of flask servers that run the web service (http) on a different ports (e.g. example.com:80 or 0.0.0.0:5000).

This separation allows use to build reusable roles that can be applied to many different networks (inventories).

Static vs. Dynamic Inventory

Ansible handles both static and dynamic inventory. For ansible that really means the inventory system can read from static files in a filesystem, or it can dynamically gather it's inventory by executing a program (or programs).

You can also do both! You can have ansible read static inventory from a filesystem and execute programs to gather inventory. This allows for some very interesting and powerful ways to manage systems.

Traditional Static Inventory

Traditionally ansible has you list out your inventory in specific filesystem layout with specific file names, typically in .yml or .ini format. You can also defined a bunch of different variables, etc. This is great and powerful.

But what if you already have an inventory system? We should use it. We don't want to re-invent anything. Or what if our inventory changes all the time? Like in a cloud. Servers come and go. IP addresses change, name to IP may not exist. etc.?

Dynamic Inventory

Ansible doesn't care! Go ahead and write a program in way you want that tells ansible about the inventory.. Specifically, the program needs to return a json string defining all hosts and how to access the hosts over the network (ip addresses, DNS names, usernames/passwords, encryption keys, etc.)

Once ansible what hosts it needs to manage, and how to access those hosts, it can get to work getting everything where it needs to be.

AWS Inventory and ec2.py

Using AWS Inventory to Build a DIYI

Do It Yourself Inventory (DIYI) ... Ansible cache's it. It's json, let's save that (subset) somewhere and use it elsewhere!

Published