From 62f93478dc72d47df7ff2f2c51a3a2bfe644f701 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Thu, 12 May 2022 20:16:47 +0300
Subject: [PATCH] Replace dynamic hcloud inventory with host entries

We make almost no use of the dynamic properties of the hcloud inventory,
so we can simplify this by declaring all cloud servers in the main hosts
inventory.

The main benefit of this change is that temporary and experimental cloud
servers are not automatically included in the Ansible playbooks. In such
cases it is usually incorrect to deploy changes to these unknown servers.

A smaller side benefit is that Ansible will now use hostnames to connect
to cloud servers, whereas the dynamic inventory provided IPv4 addresses.
This results in more meaningful ~/.ssh/known_hosts entries.
---
 .gitlab-ci.yml      |  1 -
 README.md           |  7 -------
 ansible.cfg         |  2 +-
 hcloud_inventory.py | 43 -------------------------------------------
 hosts               | 27 +++++++++++++++++++++++++++
 5 files changed, 28 insertions(+), 52 deletions(-)
 delete mode 100755 hcloud_inventory.py

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bafe0fc3c..7812d6846 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,7 +8,6 @@ ansible-lint:
     # This probably happens due to gitlab-runner mounting the git repo into the container
     - chmod o-w .
     # Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
-    - sed "s/,hcloud_inventory.py//" -i ansible.cfg
     - sed "/^vault_identity_list/d" -i ansible.cfg
     - sed "/misc\/vaults\/vault_/d" -i playbooks/*.yml
     # Fix load-failure: Failed to load or parse file
diff --git a/README.md b/README.md
index 15712809a..e8337d16f 100644
--- a/README.md
+++ b/README.md
@@ -40,13 +40,6 @@ locally signed with `--lsign-key`. This is necessary for running any of the
 `reencrypt-vault-default-key`, `reencrypt-vault-super-key `or `fetch-borg-keys`
 tasks.
 
-#### Note about Ansible dynamic inventories
-
-We use a dynamic inventory script in order to automatically get information for
-all servers directly from hcloud. You don't really have to do anything to make
-this work but you should keep in mind to NOT add hcloud servers to `hosts`!
-They'll be available automatically.
-
 #### Note about packer
 
 We use packer to build snapshots on hcloud to use as server base images.
diff --git a/ansible.cfg b/ansible.cfg
index 0a2431a60..36c2fffdc 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-inventory = hosts,hcloud_inventory.py
+inventory = hosts
 library = library
 remote_tmp = $HOME/.ansible/tmp
 remote_user = root
diff --git a/hcloud_inventory.py b/hcloud_inventory.py
deleted file mode 100755
index bb25705ed..000000000
--- a/hcloud_inventory.py
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env python
-#
-# Dynamic inventory script for getting infrastructure information from hcloud
-
-import argparse
-import json
-import sys
-
-from hcloud import Client
-
-from misc.get_key import load_vault
-
-
-def parse_args():
-    parser = argparse.ArgumentParser(description="Hcloud dynamic inventory script")
-    group = parser.add_mutually_exclusive_group(required=True)
-    group.add_argument('--list', action='store_true')
-    group.add_argument('--host')
-    return parser.parse_args()
-
-
-def get_host_details(server):
-    return {'ansible_host': server.public_net.ipv4.ip,
-            'ansible_port': 22,
-            'ansible_user': "root"}
-
-
-def main():
-    args = parse_args()
-    loaded = load_vault('misc/vaults/vault_hcloud.yml')
-    client = Client(token=loaded["hcloud_api_key_readonly"])
-    servers = client.servers.get_all()
-
-    hostvars = {server.name: get_host_details(server) for server in servers}
-    if args.list:
-        hosts = [server.name for server in servers]
-        json.dump({'hcloud': hosts, '_meta': {'hostvars': hostvars}}, sys.stdout)
-    else:
-        json.dump(hostvars[args.host], sys.stdout)
-
-
-if __name__ == '__main__':
-    main()
diff --git a/hosts b/hosts
index 94a8845e0..e68a9a7ff 100644
--- a/hosts
+++ b/hosts
@@ -113,3 +113,30 @@ build.archlinux.org
 runner1.archlinux.org
 runner2.archlinux.org
 secure-runner1.archlinux.org
+
+[hcloud]
+accounts.archlinux.org
+archlinux.org
+aur.archlinux.org
+bbs.archlinux.org
+bugs.archlinux.org
+dashboards.archlinux.org
+debuginfod.archlinux.org
+gitlab.archlinux.org
+gluebuddy.archlinux.org
+homedir.archlinux.org
+lists.archlinux.org
+mail.archlinux.org
+man.archlinux.org
+matrix.archlinux.org
+md.archlinux.org
+mirror.pkgbuild.com
+monitoring.archlinux.org
+patchwork.archlinux.org
+phrik.archlinux.org
+quassel.archlinux.org
+redirect.archlinux.org
+reproducible.archlinux.org
+security.archlinux.org
+state.archlinux.org
+wiki.archlinux.org
-- 
GitLab