Replace dynamic hcloud inventory with host entries

We make almost no use of the dynamic properties of the hcloud inventory,
so we can simplify this by declaring all cloud servers in the main hosts
inventory.

The main benefit of this change is that temporary and experimental cloud
servers are not automatically included in the Ansible playbooks. In such
cases it is usually incorrect to deploy changes to these unknown servers.

A smaller side benefit is that Ansible will now use hostnames to connect
to cloud servers, whereas the dynamic inventory provided IPv4 addresses.
This results in more meaningful ~/.ssh/known_hosts entries.

.gitlab-ci.yml

@@ -8,7 +8,6 @@ ansible-lint:
     # This probably happens due to gitlab-runner mounting the git repo into the container
     - chmod o-w .
     # Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
-    - sed "s/,hcloud_inventory.py//" -i ansible.cfg
     - sed "/^vault_identity_list/d" -i ansible.cfg
     - sed "/misc\/vaults\/vault_/d" -i playbooks/*.yml
     # Fix load-failure: Failed to load or parse file

README.md

@@ -40,13 +40,6 @@ locally signed with `--lsign-key`. This is necessary for running any of the
 `reencrypt-vault-default-key`, `reencrypt-vault-super-key `or `fetch-borg-keys`
 tasks.
 
-#### Note about Ansible dynamic inventories
-
-We use a dynamic inventory script in order to automatically get information for
-all servers directly from hcloud. You don't really have to do anything to make
-this work but you should keep in mind to NOT add hcloud servers to `hosts`!
-They'll be available automatically.
-
 #### Note about packer
 
 We use packer to build snapshots on hcloud to use as server base images.

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = hosts,hcloud_inventory.py
+inventory = hosts
 library = library
 remote_tmp = $HOME/.ansible/tmp
 remote_user = root

hcloud_inventory.py

@@ -1,43 +0,0 @@
-#!/usr/bin/env python
-#
-# Dynamic inventory script for getting infrastructure information from hcloud
-
-import argparse
-import json
-import sys
-
-from hcloud import Client
-
-from misc.get_key import load_vault
-
-
-def parse_args():
-    parser = argparse.ArgumentParser(description="Hcloud dynamic inventory script")
-    group = parser.add_mutually_exclusive_group(required=True)
-    group.add_argument('--list', action='store_true')
-    group.add_argument('--host')
-    return parser.parse_args()
-
-
-def get_host_details(server):
-    return {'ansible_host': server.public_net.ipv4.ip,
-            'ansible_port': 22,
-            'ansible_user': "root"}
-
-
-def main():
-    args = parse_args()
-    loaded = load_vault('misc/vaults/vault_hcloud.yml')
-    client = Client(token=loaded["hcloud_api_key_readonly"])
-    servers = client.servers.get_all()
-
-    hostvars = {server.name: get_host_details(server) for server in servers}
-    if args.list:
-        hosts = [server.name for server in servers]
-        json.dump({'hcloud': hosts, '_meta': {'hostvars': hostvars}}, sys.stdout)
-    else:
-        json.dump(hostvars[args.host], sys.stdout)
-
-
-if __name__ == '__main__':
-    main()

hosts

@@ -113,3 +113,30 @@ build.archlinux.org
 runner1.archlinux.org
 runner2.archlinux.org
 secure-runner1.archlinux.org
+
+[hcloud]
+accounts.archlinux.org
+archlinux.org
+aur.archlinux.org
+bbs.archlinux.org
+bugs.archlinux.org
+dashboards.archlinux.org
+debuginfod.archlinux.org
+gitlab.archlinux.org
+gluebuddy.archlinux.org
+homedir.archlinux.org
+lists.archlinux.org
+mail.archlinux.org
+man.archlinux.org
+matrix.archlinux.org
+md.archlinux.org
+mirror.pkgbuild.com
+monitoring.archlinux.org
+patchwork.archlinux.org
+phrik.archlinux.org
+quassel.archlinux.org
+redirect.archlinux.org
+reproducible.archlinux.org
+security.archlinux.org
+state.archlinux.org
+wiki.archlinux.org