This project is a PuppetDB-based dynamic inventory script for use with Ansible. It allows you to use the "not deactivated" nodes known by PuppetDB as your inventory for plays and playbooks.
- Ruby (only tested with 3.0.0)
- 'bundler' Ruby gem
- Accessable PuppetDB Server
- Bash (optional - for wrapper script)
Clone the repo into the target destination, and from that directory, deploy the required gems. E.g.:
bundle install --path=vendor/
The inventory script will look in the same directory as its self for a file named 'config.yml'. This file accepts the options below in YAML format.
A hash with one entry per puppetdb server. Each entry can contain the following attributes:
The hostname of the PuppetDB server to use.
The port of the PuppetDB server to use.
Whether to use SSL for connecting to the PuppetDB server or not. If enabled, you must also specify the cacert, cert, and key options.
The CA certificate to use for SSL connections.
The certificate on the node to use for authentication.
The key file for the certificate used in authentication.
The SSL connection is designed around the idea that the Puppet certificates will be used for authentication. It may work with other certificate-based authentication, but that is currently untested/unplanned.
There is an example file included that covers each option, and the input that they accept.
Simply point Ansible to the puppetdb.rb script as its inventory file:
ansible -i puppetdb.rb -m setup your.node
Depending on your setup, you may need to use a wrapper to ensure that the included gems are loaded. There is a basic wrapper included that can be used. When using a wrapper, make sure to point to it, instead of the script its self:
ansible -i wrapper.sh -m setup your.node
If you have a lot of active nodes in your PuppetDB instance, this can take a while to return a list. The inventory can be stored in Redis to cache the output. The following are valid options to use in the config.yml file.
The hostname/address of the Redis instance to use.
The port number for the Redis instance to use.
The db/index number to use inside the Redis instance.
The TTL for the cached inventory inside the Redis instance.
If Redis is used, there are a couple additional options the script can use:
puppetdb.rb --build- This will build the cache, and store it in Redis. Mainly intended for cron/triggers to keep the inventory updated.puppetdb.rb --clear- This will clear the cache manually. Mainly used for debugging.
The script currently only returns one variable, ansible_host, which is set to the IP address provided by the Puppet ipaddress core fact. This is mainly to allow connection to hosts that do not have resolvable hostnames. Other facts are not returned, and are not planned to be implemented.
Copyright 2023 Nexcess.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.