Hello,
I would just like some help to be able to make my inventory.
I have ansible [core 2.15.9].
In my inventory, I’d like to be able to add all the computers that start with “DESKTOP-” to retrieve all the new computers installed and connected to the network.
For example, if the computers are called :
DESKTOP-1
DESKTOP-2
DESKTOP-3
I can retrieve them from my inventory with this formula: DESKTOP-[1:3].
Except that the default computer names are more like :
DESKTOP-LMG6LP4 or
DESKTOP-XF465A4
How can I specify a multi-character range from A to Z and from 1 to 9 in my inventory?
Thanks for your help.
Unfortunately, Ansible doesn’t quite work like that, and even if you could do that, I have experience with having an inventory of xyz-[000000:999999] and the performance is abysmal. Ansible-inventory will create a host entry for every possible host combination in that list; that’s a million hosts! (And 98.5% of them didn’t even exist for me at the time!) Now factor in how many hosts you would have from DESKTOP-[0000000:ZZZZZZZ], and you’re asking for over 78 billion hosts. Ansible has no way of knowing which hosts are real, and you would have to wait for ansible to attempt to connect to each one and fail before it would complete any task you give it.
You need some kind of dynamic inventory source that Ansible can use to search for existing hosts. If you can provide more information on how you’re deploying these computers, we can help you find an ideal dynamic inventory source for your situation. If nothing else, you could use the community.general.nmap inventory plugin to scan your network for online hosts.
Hello Denney-Tech!
Thank you for this very clear and detailed answer and indeed I had completely forgotten the fact that Ansible was going to test all the possibilities one by one and therefore that it was wasted effort. ^^’
Sorry for this stupid question.
However, if you know of a solution that would allow me to detect only “new machines”, I’d be interested. Let me explain.
I use Ansible to update the new computers I receive, rename them by their serial number, add them to the domain, install basic applications that we use, etc…
I don’t have a large fleet of computers to change at once, but several small ones as I go along. And I’d like to be able to retrieve these computers fairly easily from my inventory rather than retrieving their name (DESKTOP-… which won’t work after I’ve changed their name, and therefore causes me to lose the SSH connection) each time, or their IP address, which can change quite quickly and therefore no longer work. So I have several computers connected by cable to the company network. I have a single screen that I plug into each computer one by one to do the OOBE step (a very tedious step, if there was a way to get past it and what’s more with Ansible it would be magic, I confess I haven’t researched it yet). Once the OOBE is complete, I install Open-SSH Server one by one and get the IP back, only then can I run my playbook (which is still under development).
I’ve seen this dynamic inventory system on the Internet, but I haven’t really understood how to set it up, or at least not in my situation.
Thanks for your help and have a nice day !
I would recommend Microsoft Deployment Toolkit to you, but MDT hasn’t been updated in several years now so it may not suit your needs unfortunately. We use SCCM for deploying Windows to bare metal machines where I work, but that’s no easy thing to start from scratch. If you can get MDT to work, that would probably solve your main problem. (Basically, make an unattended Windows 10/11 installer, it worked for me on the first release of 11, but I have changed jobs since then so can’t speak to latest versions of 10/11)
If you want to stick to the Ansible approach, you might have a bad time if your hosts are consistently changing IP’s on you, especially since you can’t rely on hostnames when changing the hostname is part of your procedure. That said, as long as the IP’s don’t change mid-play, you can probably get away with using the nmap inventory plugin.
Using the nmap plugin, you’ll use the IP addresses as your inventory names (we don’t care about the DESKTOP-* hostnames). You’ll want to design your playbook to be as generic as possible, so that every host gets all the same treatment. This way, it won’t matter which host has what IP. The only exception will be setting hostnames, but since you’re basing them on the mac, we can set that dynamically as "xyz-{{ (ansible_default_ipv4.macaddress | ansible.builtin.regex_replace(':' '') | upper)[6:] }}"
or similar (Active Directory has maximum hostname limit of 15 characters, and standard MAC addresses are 12 characters, my example grabs the last 6 characters of the MAC for using in the hostname). Then do w/e configuration you need, install programs, etc, join to domain, and reboot. You’ll want to save restarting a computer for the very last step, just in case it changes IP. You’ll also want to do your best to make sure the playbook is idempotent, since you don’t want to re-run a playbook and try to join a machine to the domain if it is already joined, for example.
Check the examples in the nmap plugin documentation to see how to make an inventory for yourself. community.general.nmap inventory – Uses nmap to find hosts to target — Ansible Documentation
You might also consider installing redis on your control node and enabling inventory caching with a short time to live. That way you’re only scanning the subnet once an hour or so instead of everytime you want to run your playbooks.
I knew about these tools, but I didn’t know if they would fully meet my needs, and they seemed more complicated to set up than Ansible.
I’m currently setting up MDT and with Windows 11 there are some annoying bugs, I’m trying to fix them but it’s not easy.
Once it’s set up, it’ll be more efficient than Ansible.
For the name change with Ansible, I was talking about the computer’s serial number, not the MAC address. I can easily retrieve this serial number using the Setup module .
In any case, I’ll keep your link to the nmap plugin, it might help me one day.
In any case, thank you very much for your help and your very explanatory answers, which guide me in choosing a solution more suited to my needs.
Yep, I totally misread that, but at least the principle is the same. Good luck, and the only thing I can remember that was an important step for me was to export the install.esd image I wanted to an install.wim file because MDT doesn’t recognize esd files.
Feel free to DM me if you run into other issues with MDT and I will try to help if I can remember anything. It’s been a few years now since I touched that stuff, but I also have a private archive of my work too so I at least have some reference material I can lookup.
P.S. I also used Ansible to automate my regular maintenance tasks for MDT, since it has powershell modules, lol…
I finally succeeded after I don’t know how much trouble. MDT is up and running, and I’ve even managed to install a few applications automatically. Using Ansible was much simpler and more intuitive, but MDT is better suited to my deployment needs.
Thanks again for your help!
Have a great weekend!
1 Like