Hi,
I’m considering of writing a plugin, but would need some pointers/tips what’s the best way to achieve what I’m after.
Basically I do a lot of firewall rules for host to host connections (based on groups), so I’ve currently done something like:
`
- source: “{{ groups.mygroup | map(‘extract’, hostvars, ‘my_ip_variable’) | list }}”
`
The syntax is quite verbose, but there’s a bigger problem that accessing hostvars like that is extremely slow when working with 1000+ hosts. So I though I could construct a dict that would contain my groups and the required variables, something like this:
`
my_net_vars:
mygroup:
my_ip_variable: [10.0.0.1]
my_other_ip_variable: [192.168.0.1]
`
which would allow me to have simplified usage just with:
`
- source:“{{ my_net_vars.mygroup.my_ip_variable }}”
`
There seems to be a few alternatives I’ve been looking in to:
- lookup plugin
since lookup plugins already have the variable information available, it would be rather simple to construct this type of information from that. Then I could just set
my_net_vars: "{ lookup('my plugin') }}"
in my group_vars/all. The issue here is still the slowness. The lookup seems to happen for every host every time a variable is used which results in a lot of calls. I managed to get it faster by manually generating a json that would be exactly the same for each host, but in practice this would mean I would need to implement my own caching that would live either “for the current ansible run” or then I would need to look for ways to detect if the inventory has changed. Would there be anything in ansible that could be used for this kind of caching?
- vars plugin
This would probably suit, but I’m struggling to get information about hosts and their groups. What would be an easy way to have that information available for a variable plugin, since although it gets groups and hosts as entities, my play might be limited to a specific set?
- inventory plugin
I’m already relying on the ini inventory plugin and host_group_vars plugin, so would it then just to make sense to subclass this one and inject my own variables here instead?
I can expect my variables be available in ansible base dir/host_vars/hostname/host.yml in a non-templated format, so I could even parse these files to make it possibly quicker, unless those are available as cached somehow.
Also constructed plugin sounded nice, but doesn’t seem to work if the variables come from a variable plugin such as the built in host_group_vars, as the variables are not visible at that point. So any suggested approaches? Or other alternatives to these ones? I realize if I wrote an inventory plugin, that could be extended later on to cover multiple inventory sources I might have in the future, but for now I’m using something that’s readily available.