I have two ansible servers, call them ansible-a and ansible-b . ansible-a is my “primary” most-often-used ansible server for most of my hosts including ansible-b. However, there is a segregated network that ansible-a cannot get to, so ansible-b is the ansible server for those hosts on that network.
I would like to set up a dynamic inventory script so that ansible-a can refer to hosts managed by the ansible-b server, without manually duplicating the ansible-b inventory on ansible-a .
I’m hoping somebody has done this already, and has a dynamic inventory script that will properly
- query another ansible server
- specify a group that the remote ansible server knows about
- return the appropriate hosts in the appropriate format
I tried searching ansible-galaxy, but all I can find are roles. Maybe I’m not searching correctly. I have poor google-fu.
Can somebody point me the way?
–EbH
You could use ansible-b as a ssh proxy/bastion and have all the ansible configuration on ansible-a.
Then when ansible-a need to contact host on the segregated network the connection would be proxy-ed through a ansible-b.
To make the dynamic inventory you could do this
#!/bin/bash
ssh <user>@ansible-a "cd /path/to/the/ansible/configuration; ansible-inventory all --list
Make it executable and put it in you inventory on ansible-b.
I have two ansible servers, call them ansible-a and ansible-b .
ansible-a is my “primary” most-often-used ansible server for most of my
hosts including ansible-b. However, there is a segregated network that
ansible-a cannot get to, so ansible-b is the ansible server for those
hosts on that network.
You could use ansible-b as a ssh proxy/bastion and have all the ansible
configuration on ansible-a.
Then when ansible-a need to contact host on the segregated network the
connection would be proxy-ed through a ansible-b.
I had trouble setting up an ssh-proxy the last time I tried, but I don’t remember why exactly. I should look into it again.
That is … a fascinating idea. One I will definitely need to look into (and check with my boss about).
To make the dynamic inventory you could do this
#!/bin/bash
ssh @ansible-a "cd /path/to/the/ansible/configuration;
ansible-inventory all --list
Shortly after I posted my question, i found the ansible-inventory program which I think is exactly what I need in either case.
Thanks.
I don’t know how to take a discussion from the list to a private email… but the problem with setting up ssh bastion hosts is not ansible configuration or ssh configuration, it’s poorly-designed security protocols that interfere with well-configured machines.
… unless you know of a way that I can set up my group_vars file to use
ansible_user: $SUDO_USER
…which I cannot get working.
The variable should be from localhost?
If so this should work
ansible_user: "{{ lookup('pipe', 'echo $SUDO_USER') }}"
There is even an environment lookup plugin
ansible_user: "{{ lookup('env', 'SUDO_USER') }}"