AWX Dealing with inventories generated out of band

Get Help
,
1

Taking my first steps in an environment with AWX and we have some workflows where network switch inventories are generated automatically by extracting from a custom CMDB. Historically, these inventories were stored in the filesystem of a centralized Ansible server and standard playbooks would be run against the various inventory files manually. I’m a little fuzzy on how to best integrate them with AWX workflows and templates which require that I pre-define the inventories.

Given that the files are auto-generated from an in-house system, it’s a little awkward to integrate them with git since also need to add (with authentication) the git commit and git push stages, and from there create the templates that point to them. From what I’ve read about dynamic inventories in AWX, plugging in a custom script is not really what it’s designed for.

Are there any best practices or methods for dealing with this kind of workflow?

2

Hi @infraerik

Firstly, welcome to the Ansible Forum! :slightly_smiling_face: :ansible_pool_mark: - I think you have a couple of options.

Option 1

The most “Ansible native” approach would be to build an Ansible Inventory plugin for your custom CMDB which would query your CMDB at runtime for network switches to run the Job(s) against.

Option 2

Develop an Inventory script which would be present in your AWX Execution Environment (EE). Your Job Templates would use this EE. Assuming your CMDB has a REST API, the inventory script could query the network switches and parse the response into the needed JSON inventory structure for Ansible. If you’re not massively familiar with Option 1, I’d say this approach might be more familiar.

Option 3

Use the AWX REST API to create and update inventories used by your Job Templates. There has been discussion on the forum very recently around this topic.

If you have your AWX instance already deployed, you can take a look at the Swagger API docs: 2. Browsable API — Ansible AWX community documentation

Hope this helps you :slightly_smiling_face:

3

Thanks for the feedback. This is a clearer explanation of the different options that is explained in the documentation.

At the moment, the script I have generates a number of different inventory files (.ini for simplicity), broken out by site (which I realize could be combined, but the internal responsibility model makes the site/file approach “easier”, especially for human review of the contents (yes, these are my switches). Due to the internal structure of the script, adapting it for this method looks a little complicated.

On the Option 2 front, the CMDB’s API is, ummm, very enterprisy and requires a lot of recombining of information to get anything useful out it. I have to cross reference and recombine about 5 different datasources in the system to get the unified data I need.

Option 3 is looking like the closest thing to ideal at the moment, since I can just run the existing script as-is and then use the REST API to push the resulting files into AWX. In this case, is there a consensus on the best methods for authentication/authorization for script? I’m currently using machine creds to push the auth information for the account to request data from the CMDB, but I’d need to push in an additional set for talking to the AWX API since I’ll need to run this all in one go before the Execution Environment goes away

4

In this case, is there a consensus on the best methods for authentication/authorization for script? I’m currently using machine creds to push the auth information for the account to request data from the CMDB, but I’d need to push in an additional set for talking to the AWX API since I’ll need to run this all in one go before the Execution Environment goes away

Your scenario is not totally clear to me, but it sounds like you’re already running a playbook in AWX to generate these existing inventory files as you mention having machine creds associated with it to pull details from your CMDB. Is that correct?

If so, then you could look at using the following Ansible modules:

  1. Create an Inventory in AWX using awx.awx.inventory module – create, update, or destroy Automation Platform Controller inventory. — Ansible Community Documentation

  2. Create hosts by parsing your inventory files and add them to the previously created inventory in step 1: awx.awx.host module – create, update, or destroy Automation Platform Controller host. — Ansible Community Documentation

5

OK - after reading and re-reading the documentation, I think I’m starting to better understand how the various pieces can fit together. So currently I have my playbook launched by AWX that just calls the python script that generates the files, passing in machine creds to authenticate to the CMDB:

tasks:
  - name: Call python script
    lib_extract_switches:
      cmdb_user: "{{ ansible_user }}"
      cmdb_pw: "{{ ansible_password }}"

At this point the fork in the road is do I:

  • add the awx.awx.inventory module to the existing script or
  • add a separate script to do the inventory import in the playbook

Which assumes that I can import the files using this module which doesn’t seem to be the case. I was being led astray by the [Dynamic inventories] (Developing dynamic inventory — Ansible Community Documentation) documentation which doesn’t seem to apply to AWX.

And in either case, I’ll need to authenticate to the AWX API so I need to pass in additional credentials to the playbook/template.

Noting that I’m walking into an existing environment where I don’t have system access to the underlying AWX OS so things like awx-manage are off the table.