Ansible Hostgroups from FreeIPA

Ansible provides management for a large array of servers using ssh as the access mechanism. This is a good match for  FreeIPA.  However, by default Ansible uses a flat file to store groups of hosts.  How can we get that info from FreeIPA?

 

If you want to run the `uptime` command on all web servers, you would define a fragment of /etc/ansible/hosts  like this:

[webservers]

alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
web1.example.com

And then run

ansible webservers -a uptime

In order to get ansible to use a different scheme, use a dynamic inventory.  I wrote a proof of concept one  that uses the hostgroup definitions from my IPA server to populate a json file.  The format of the file is specified in this tutorial:

My Sample ignores the command line parameters, and just returns the whole set of hostgroups.

#Apache License...

#!/usr/bin/python

import json
from ipalib import api
api.bootstrap(context='cli')
api.finalize()
api.Backend.xmlclient.connect()
inventory = {}
hostvars={}
meta={}
result =api.Command.hostgroup_find()['result']
for hostgroup in result:
    inventory[hostgroup['cn'][0]] = { 'hosts': [host for host in hostgroup['member_host']]}
    for host in hostgroup['member_host']:
        hostvars[host] = {}
inventory['_meta'] = {'hostvars': hostvars}
inv_string = json.dumps( inventory)
print inv_string

I copied it to /etc/ansible/freeipa.py and ran:

 


$ ansible -i /etc/ansible/freeipa.py packstacked -a uptime
ayoungf20packstack.cloudlab.freeipa.org | success | rc=0 >>
20:42:33 up 141 days, 20:43, 2 users, load average: 0.22, 0.15, 0.14

multidom.cloudlab.freeipa.org | success | rc=0 >>
20:42:34 up 52 days, 3:17, 1 user, load average: 0.01, 0.03, 0.05

horizon.cloudlab.freeipa.org | success | rc=0 >>
20:42:35 up 51 days, 6:07, 2 users, load average: 0.00, 0.03, 0.05

As I said, this was a proof of concept. It does not do everything that you might want to have an inventory do. I plan on fleshing it out and submitting to the Ansible plugin repo. Meanwhile, you can look at the other examples.

If you are curious, here is the output from when I run my plugin:

$ python freeipa.py | python -mjson.tool
{
    "_meta": {
        "hostvars": {
            "ayoungf20packstack.cloudlab.freeipa.org": {},
            "horizon.cloudlab.freeipa.org": {},
            "ipa.cloudlab.freeipa.org": {},
            "jboss.cloudlab.freeipa.org": {},
            "multidom.cloudlab.freeipa.org": {}
        }
    },
    "keystone-ha-cluster": {
        "hosts": [
            "horizon.cloudlab.freeipa.org",
            "ipa.cloudlab.freeipa.org",
            "jboss.cloudlab.freeipa.org"
        ]
    },
    "packstacked": {
        "hosts": [
            "ayoungf20packstack.cloudlab.freeipa.org",
            "horizon.cloudlab.freeipa.org",
            "multidom.cloudlab.freeipa.org"
        ]
    }
}

Leave a Reply

Your email address will not be published. Required fields are marked *