Verified Commit 62f93478 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

Replace dynamic hcloud inventory with host entries

We make almost no use of the dynamic properties of the hcloud inventory,
so we can simplify this by declaring all cloud servers in the main hosts
inventory.

The main benefit of this change is that temporary and experimental cloud
servers are not automatically included in the Ansible playbooks. In such
cases it is usually incorrect to deploy changes to these unknown servers.

A smaller side benefit is that Ansible will now use hostnames to connect
to cloud servers, whereas the dynamic inventory provided IPv4 addresses.
This results in more meaningful ~/.ssh/known_hosts entries.
parent 248e57b3
......@@ -8,7 +8,6 @@ ansible-lint:
# This probably happens due to gitlab-runner mounting the git repo into the container
- chmod o-w .
# Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
- sed "s/,hcloud_inventory.py//" -i ansible.cfg
- sed "/^vault_identity_list/d" -i ansible.cfg
- sed "/misc\/vaults\/vault_/d" -i playbooks/*.yml
# Fix load-failure: Failed to load or parse file
......
......@@ -40,13 +40,6 @@ locally signed with `--lsign-key`. This is necessary for running any of the
`reencrypt-vault-default-key`, `reencrypt-vault-super-key `or `fetch-borg-keys`
tasks.
#### Note about Ansible dynamic inventories
We use a dynamic inventory script in order to automatically get information for
all servers directly from hcloud. You don't really have to do anything to make
this work but you should keep in mind to NOT add hcloud servers to `hosts`!
They'll be available automatically.
#### Note about packer
We use packer to build snapshots on hcloud to use as server base images.
......
[defaults]
inventory = hosts,hcloud_inventory.py
inventory = hosts
library = library
remote_tmp = $HOME/.ansible/tmp
remote_user = root
......
#!/usr/bin/env python
#
# Dynamic inventory script for getting infrastructure information from hcloud
import argparse
import json
import sys
from hcloud import Client
from misc.get_key import load_vault
def parse_args():
parser = argparse.ArgumentParser(description="Hcloud dynamic inventory script")
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('--list', action='store_true')
group.add_argument('--host')
return parser.parse_args()
def get_host_details(server):
return {'ansible_host': server.public_net.ipv4.ip,
'ansible_port': 22,
'ansible_user': "root"}
def main():
args = parse_args()
loaded = load_vault('misc/vaults/vault_hcloud.yml')
client = Client(token=loaded["hcloud_api_key_readonly"])
servers = client.servers.get_all()
hostvars = {server.name: get_host_details(server) for server in servers}
if args.list:
hosts = [server.name for server in servers]
json.dump({'hcloud': hosts, '_meta': {'hostvars': hostvars}}, sys.stdout)
else:
json.dump(hostvars[args.host], sys.stdout)
if __name__ == '__main__':
main()
......@@ -113,3 +113,30 @@ build.archlinux.org
runner1.archlinux.org
runner2.archlinux.org
secure-runner1.archlinux.org
[hcloud]
accounts.archlinux.org
archlinux.org
aur.archlinux.org
bbs.archlinux.org
bugs.archlinux.org
dashboards.archlinux.org
debuginfod.archlinux.org
gitlab.archlinux.org
gluebuddy.archlinux.org
homedir.archlinux.org
lists.archlinux.org
mail.archlinux.org
man.archlinux.org
matrix.archlinux.org
md.archlinux.org
mirror.pkgbuild.com
monitoring.archlinux.org
patchwork.archlinux.org
phrik.archlinux.org
quassel.archlinux.org
redirect.archlinux.org
reproducible.archlinux.org
security.archlinux.org
state.archlinux.org
wiki.archlinux.org
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment