Automation Examples Using Device42’s Ansible Dynamic Inventory Script

We are very excited to release another new Ansible script that will make automating tasks with Ansible easier than ever, leveraging Device42’s up to date inventory to generate dynamic, real-time inventories to be used in conjunction with the $ ansible command.

 

In this post, we’ll demonstrate Ansible’s ability to utilize our dynamic inventory script to run an action against our Device42 inventory, providing the basic foundation for using the scripts on which more complex, custom automation can be built and tailored to your environment’s needs. Oh, and lest I forget, this is Part 2 of a mini-series. If you haven’t, when you finish up here, do check out Part 1 which briefly demonstrates our [also] new Ansible Static Host File Generation Script.

 

We’ll start by providing the information needed to set up your Ansible environment to utilize the script. Following that, we’ll utilize the dynamic inventoryscript to push an RSA SSH key out to all the machines in your inventory.

 

Setting up the auto-inventory Ansible script:

  1. Create a working directory. Copy the file lib.py into it, as well as the inventory scripts. The scripts rely on lib.py as an external dependency. In the case of this example, the dynamic script has been named autoInv_d42.py
  2. Create a conf file (or copy the example file) called conf & populate with your Device42 Instance Information [URL, username, password]. Enable or Disable logging (your choice), and set your output grouping choice [by tag, building, customer, or service_level] – this setting will affect how the output list of hosts is organized
  3. Mark the script executable: $ chmod +x autoInv_d42.py
  4. Configure authentication. Ensure your Ansible server can log on to your target hosts via certificate or password. You can get a list of the hosts the script will provide to Ansible by running $ ansible all -i autoInv_d42.py –list-hosts ; furthermore, you can even use Ansible to place your RSA public cert on all target machines!

 

Using the dynamic inventory script

Ansible is rather flexible about what you provide it following the -i option, which specifies its source for inventory (as you’ve probably figured out). Besides static, pre-populated hosts files as we used prior, Ansible will happily execute and accept the output of any program that outputs a valid JSON dictionary of hosts to stdout, written in any imaginable programming language. When Ansible is provided with an executable instead of a list, it executes using the –list flag, so your program / script needs to accept this flag.

 

Here is example output from Device42’s dynamic inventory script outside of Ansible:

These hostnames were pulled from the Device42 API in realtime, as the command was executed, and as such are always up to date thanks to Device42’s continuous auto discovery. We’ll utilize this to distribute an SSH key to all the hosts in our inventory as a demonstration, but the possibilities of this command are endless – reference the Ansible documentation for more examples and ideas!

 

To distribute our SSH key to all the hosts on our list, we’ll utilize the authorized_key module via the -m flag. Ansible ships with a number of modules, all of which perform different, handy functions — a list of the core modules that are included can be found in the Ansible documentation; further modules that do just about anything else you might desire can easily be added or custom written. This same basic command structure could just as easily be utilized to push out new or updated configuration files (using the lineinfile module), or to automatically drop and execute updates software packages on a group of machines.

 

This module requires a username to be specified as a target for the public key installation, and the public key itself. Format the command as such:

 

$ ansible all -i autoInv_d42.py -m authorized_key -a “user=USER key=’ssh-rsa PASTE_KEY_BLOB_HERE … == [email protected]’”

 

Before pushing the key out to the test environment, the majority of the hosts would deny incoming connection attempts:

The key was then pushed out, utilizing -k to force one more PW prompt:

And going forward, connections without a password all succeed!

We sincerely hope you’ve enjoyed this demonstration of the power and potential available with Device42’s new dynamic inventory script. As always, we’re rather certain your real world use cases are going to be a LOT more exciting than our lab examples… So please do share! [And if you don’t have Device42, download it now!] We would love to hear how you are using, or plan to use these new scripts to leverage the real-time information pulled from Device42 to power your Ansible automations. Leave a comment or drop us an email with any questions, comments, observations, or even just to say hello! We do love hearing from our readers, customers, and the curious alike!

 

Revolutionize your IT - Download a Device42 Free Trial Today

 

Happy automating, and Happy Holidays!

 

-The Device42 team