mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-04-26 05:15:01 +02:00
Replace dynamic hcloud inventory with host entries
We make almost no use of the dynamic properties of the hcloud inventory, so we can simplify this by declaring all cloud servers in the main hosts inventory. The main benefit of this change is that temporary and experimental cloud servers are not automatically included in the Ansible playbooks. In such cases it is usually incorrect to deploy changes to these unknown servers. A smaller side benefit is that Ansible will now use hostnames to connect to cloud servers, whereas the dynamic inventory provided IPv4 addresses. This results in more meaningful ~/.ssh/known_hosts entries.
This commit is contained in:
parent
248e57b3c5
commit
62f93478dc
|
@ -8,7 +8,6 @@ ansible-lint:
|
|||
# This probably happens due to gitlab-runner mounting the git repo into the container
|
||||
- chmod o-w .
|
||||
# Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
|
||||
- sed "s/,hcloud_inventory.py//" -i ansible.cfg
|
||||
- sed "/^vault_identity_list/d" -i ansible.cfg
|
||||
- sed "/misc\/vaults\/vault_/d" -i playbooks/*.yml
|
||||
# Fix load-failure: Failed to load or parse file
|
||||
|
|
|
@ -40,13 +40,6 @@ locally signed with `--lsign-key`. This is necessary for running any of the
|
|||
`reencrypt-vault-default-key`, `reencrypt-vault-super-key `or `fetch-borg-keys`
|
||||
tasks.
|
||||
|
||||
#### Note about Ansible dynamic inventories
|
||||
|
||||
We use a dynamic inventory script in order to automatically get information for
|
||||
all servers directly from hcloud. You don't really have to do anything to make
|
||||
this work but you should keep in mind to NOT add hcloud servers to `hosts`!
|
||||
They'll be available automatically.
|
||||
|
||||
#### Note about packer
|
||||
|
||||
We use packer to build snapshots on hcloud to use as server base images.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[defaults]
|
||||
inventory = hosts,hcloud_inventory.py
|
||||
inventory = hosts
|
||||
library = library
|
||||
remote_tmp = $HOME/.ansible/tmp
|
||||
remote_user = root
|
||||
|
|
|
@ -1,43 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
#
|
||||
# Dynamic inventory script for getting infrastructure information from hcloud
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import sys
|
||||
|
||||
from hcloud import Client
|
||||
|
||||
from misc.get_key import load_vault
|
||||
|
||||
|
||||
def parse_args():
|
||||
parser = argparse.ArgumentParser(description="Hcloud dynamic inventory script")
|
||||
group = parser.add_mutually_exclusive_group(required=True)
|
||||
group.add_argument('--list', action='store_true')
|
||||
group.add_argument('--host')
|
||||
return parser.parse_args()
|
||||
|
||||
|
||||
def get_host_details(server):
|
||||
return {'ansible_host': server.public_net.ipv4.ip,
|
||||
'ansible_port': 22,
|
||||
'ansible_user': "root"}
|
||||
|
||||
|
||||
def main():
|
||||
args = parse_args()
|
||||
loaded = load_vault('misc/vaults/vault_hcloud.yml')
|
||||
client = Client(token=loaded["hcloud_api_key_readonly"])
|
||||
servers = client.servers.get_all()
|
||||
|
||||
hostvars = {server.name: get_host_details(server) for server in servers}
|
||||
if args.list:
|
||||
hosts = [server.name for server in servers]
|
||||
json.dump({'hcloud': hosts, '_meta': {'hostvars': hostvars}}, sys.stdout)
|
||||
else:
|
||||
json.dump(hostvars[args.host], sys.stdout)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
27
hosts
27
hosts
|
@ -113,3 +113,30 @@ build.archlinux.org
|
|||
runner1.archlinux.org
|
||||
runner2.archlinux.org
|
||||
secure-runner1.archlinux.org
|
||||
|
||||
[hcloud]
|
||||
accounts.archlinux.org
|
||||
archlinux.org
|
||||
aur.archlinux.org
|
||||
bbs.archlinux.org
|
||||
bugs.archlinux.org
|
||||
dashboards.archlinux.org
|
||||
debuginfod.archlinux.org
|
||||
gitlab.archlinux.org
|
||||
gluebuddy.archlinux.org
|
||||
homedir.archlinux.org
|
||||
lists.archlinux.org
|
||||
mail.archlinux.org
|
||||
man.archlinux.org
|
||||
matrix.archlinux.org
|
||||
md.archlinux.org
|
||||
mirror.pkgbuild.com
|
||||
monitoring.archlinux.org
|
||||
patchwork.archlinux.org
|
||||
phrik.archlinux.org
|
||||
quassel.archlinux.org
|
||||
redirect.archlinux.org
|
||||
reproducible.archlinux.org
|
||||
security.archlinux.org
|
||||
state.archlinux.org
|
||||
wiki.archlinux.org
|
||||
|
|
Loading…
Reference in New Issue