如何将Foreman主机参数传递给Ansible变量,使用Foreman清单插件?

huangapple go评论67阅读模式
英文:

How can I pass foreman host parameters to ansible vars with foreman inventory plugin?

问题

以下是翻译好的部分:

"我正在尝试在不从Foreman/Satellite启动执行的情况下运行Ansible playbooks,原因有很多(调度不美观是其中之一)。相反,我想使用GitLab CI。

为此,我正在使用Foreman清单插件(theforeman.foreman.foreman),允许Ansible从Foreman/Satellite获取清单。

现在,我的角色正在使用在Foreman/Satellite中定义的主机参数作为变量,但我找不到如何在我的playbook中使用Foreman清单来访问这些参数。

我在清单插件的YAML配置中有以下设置:

plugin: theforeman.foreman.foreman
url: https://whatever.url...
user: rhs_inventory_reader
password: **********
host_filters: 'last_checkin > "12 hours ago" and hypervisor = false'
want_facts: true
want_hostcollections: true
want_params: true
legacy_hostvars: true

根据文档,参数legacy_hostvars执行以下操作:

将主机变量放在一个带有键foremanforeman_factsforeman_params的字典中

我尝试打印这些变量,但它们甚至在Ansible中都没有定义:

  tasks:
    - debug:
        var: foreman

这种方法有什么问题,如何在不从Foreman内部触发运行的情况下,使用Foreman清单从Ansible中收集Foreman主机参数?"

英文:

I'm trying to run Ansible playbooks without starting the execution from foreman/satellite, for many reasons (ugly scheduling is one). Instead, I want to use GitLab CI.

For this, I'm using the foreman inventory plugin, (theforeman.foreman.foreman) which allow Ansible to get inventory from foreman/satellite.

Now, my roles are using variables defined in foreman/satellite as host parameters and I don't find the way to access those from my playbook using the foreman inventory.

I have these settings in my inventory plugin yaml config:

plugin: theforeman.foreman.foreman
url: https://whatever.url...
user: rhs_inventory_reader
password: **********
host_filters: 'last_checkin > "12 hours ago" and hypervisor = false'
want_facts: true
want_hostcollections: true
want_params: true
legacy_hostvars: true

According to the documentation, parameter legacy_hostvars does this:
> Places hostvars in a dictionary with keys foreman, foreman_facts, and foreman_params

I've tried to print the vars but they're not even defined in Ansible:

  tasks:
    - debug:
        var: foreman

What is wrong with this approach and how can I gather foreman host parameters from Ansible with foreman inventory, without triggering the run from within foreman?

答案1

得分: 1

根据我的理解,使用 theforeman.foreman 插件库,您需要使用 ansible-inventory 工具来检索所需的数据。

我们的 foreman.yml 配置如下:

plugin: theforeman.foreman.foreman
url: https://satserver.this.org
user: inventory
password: XXXX
validate_certs: yes
use_reports_api: yes
legacy_hostvars: yes
want_params: yes
group: { Project_Number }

您可以通过以下方式调用特定主机的 foreman 数据:

/usr/bin/ansible-inventory -i /usr/share/ansible/plugins/inventory/theforeman.yml --host "<hostprofile>"

然后您将获得类似以下的信息:

{
  "foreman": {
    "architecture_id": 1,
    "architecture_name": "x86_64",
    "build": false,
    "capabilities": ["build"],
    "certname": "<hostprofile>",
    "comment": null,
    ...
  },
  "foreman_params": {
    "Company": "yourcompany",
    "DNS1": "xx.xx.xx.xx",
    "DNS2": "xx.xx.xx.xy",
    "disable-firewall": "true"
  }
}

使用这个插件的限制是,目前我还无法找到将其集成到 ansible.cfg 的方法,而且该插件似乎不能基于 foreman_params 构建特定的组。

优点是,每次运行命令时,json 数据直接从 foreman 数据库中提取。

然而,还有另一种可能有帮助的方法。

我们不使用插件作为动态清单,而是使用一个特定的 Python 脚本,它会创建 foreman json 数据的副本:

ansible.cfg 如下所示:

gathering = smart
gather_facts = yes
fact_caching = jsonfile
inventory = /project/automati0/playbooks/this_company/customers/customerX/playbooks/dynamic_inventory
fact_caching_connection = /var/tmp/ansible/fact_cache
...

/project/automati0/playbooks/dxc_lux/customers/Caceis/playbooks/dynamic_inventory 文件夹中,您会有两个文件:

  • foreman_ansible_inventory.py(可执行脚本)
  • foreman.ini(类似 foreman.yml 插件的配置文件)

foreman.ini 文件看起来像这样:

[foreman]
url = https://satserver.this.org
user = inventory
password = F7Ja2KKgUzWY6QDy9aJu
ssl_verify = True
# 从组织 "Web Engineering" 中检索主机。
# host_filters = organization="Web Engineering"
# 从组织 "Web Engineering" 中检索主机,并且这些主机还属于 "Apache Servers" 主机集合。
# host_filters = name !~ "virt-who"

[ansible]
group_patterns = [
    "{Company}",
    "{customer}",
    "{Project_Number}",
    "{Business_App}",
    "{Project_Number}_{Server_App}",
    "{Project_Number}_{env}",
    "{Cmdb_Core}_{Cmdb_Env}",
    "{Business_App}_{Business_Use}",
    "{Server_App}_{Server_Function}",
    "{Server_App}_{Server_Function}"
]
group_prefix = sat_
want_facts = True
want_hostcollections = True
rich_params = True

[cache]
path = /var/tmp/
filename = youcompany_satellite_ansible_inventory
max_age = 7200
scan_new_hosts = True

因此,Python 脚本将根据 foreman.ini 的设置创建一个从 foreman 检索的 JSON 清单。

这种方法的优点是,您可以根据 Foreman 参数创建 Ansible 组,从而为基于组的变量提供极大的灵活性。

缺点是,如果您想要查看 foreman 中的最新更改,您需要定期(或手动)运行该脚本。

英文:

As far as I understood using theforeman.foreman plugin inventory you need to use ansible-inventory to retrieve the data you want.

We have our foreman.yml config like below:

plugin: theforeman.foreman.foreman
url: https://satserver.this.org
user: inventory
password: XXXX
validate_certs: yes
use_reports_api: yes
legacy_hostvars: yes
want_params: yes
group: { Project_Number }

You can call to get foreman data from a specific host by:

/usr/bin/ansible-inventory -i /usr/share/ansible/plugins/inventory/theforeman.yml --host &quot;&lt;hostprofile&gt;&quot;

and you will get info like below:

{
&quot;foreman&quot;: {
    &quot;architecture_id&quot;: 1,
    &quot;architecture_name&quot;: &quot;x86_64&quot;,
    &quot;build&quot;: false,
    &quot;capabilities&quot;: [
        &quot;build&quot;
    ],
    &quot;certname&quot;: &quot;&lt;hostprofile&gt;&quot;,
    &quot;comment&quot;: null,
...
&quot;foreman_params&quot;: {
    &quot;Company&quot;: &quot;yourcompany&quot;,
    &quot;DNS1&quot;: xx.xx.xx.xx
    &quot;DNS2&quot;: xx.xx.xx.xy,
    &quot;disable-firewall&quot;: &quot;true&quot;,

The limitation using this plugin I cannot find yet the way to integrate in ansible.cfg and it seems the plugin cannot build specific Groups based on foreman_params.

The advantage is that the json data is taken directly from foreman database whenever you run the command.

However, there's another method which might help.

We don't use a plugin method as dynamic inventory, we use a adhoc python script who create a copy of foreman json data:

ansible.cfg looks like below:

gathering = smart
gather_facts = yes
fact_caching = jsonfile
inventory = /project/automati0/playbooks/this_company/customers/customerX/playbooks/dynamic_inventory
fact_caching_connection = /var/tmp/ansible/fact_cache
...

Inside /project/automati0/playbooks/dxc_lux/customers/Caceis/playbooks/dynamic_inventory you will have two files:

-rwxr-xr-- 1 root root 14653 Jun  5  2017 dynamic_inventory/foreman_ansible_inventory.py
-rw-r--r-- 1 root root  1720 Dec  2  2021 dynamic_inventory/foreman.ini

The foreman.ini file would look as foreman.yml plugin:

[foreman]
url = https://satserver.this.org
user = inventory
 
password = F7Ja2KKgUzWY6QDy9aJu
 
ssl_verify = True


# Retrieve only hosts from the organization &quot;Web Engineering&quot;.
 # host_filters = organization=&quot;Web Engineering&quot;

# Retrieve only hosts from the organization &quot;Web Engineering&quot; that are
# also in the host collection &quot;Apache Servers&quot;.
#host_filters = name !~ &quot;virt-who&quot;

[ansible]
#group_patterns = [&quot;{app}-{tier}-{color}&quot;,
#                 &quot;{app}-{color}&quot;,
#                 &quot;{app}&quot;,
#                 &quot;{tier}&quot;]

group_patterns = [
                &quot;{Company}&quot;,
                &quot;{customer}&quot;,
                &quot;{Project_Number}&quot;,
                &quot;{Business_App}&quot;,
                &quot;{Project_Number}_{Server_App}&quot;,
                &quot;{Project_Number}_{env}&quot;,
                &quot;{Cmdb_Core}_{Cmdb_Env}&quot;,
                &quot;{Business_App}_{Business_Use}&quot;,
              &quot;{Server_App}_{Server_Function}&quot;,
              &quot;{Server_App}_{Server_Function}&quot;
               ]

group_prefix = sat_

# Whether to fetch facts from Foreman and store them on the host

want_facts = True



# Whether to create Ansible groups for host collections. Only tested

# with Katello (Red Hat Satellite). Disabled by default to not break

# the script for stand-alone Foreman.

want_hostcollections = True

# Whether to interpret global parameters value as JSON (if possible, else
# take as is). Only tested with Katello (Red Hat Satellite).
# This allows to define lists and dictionaries (and more complicated structures)

# variables by entering them as JSON string in Foreman parameters.
# Disabled by default as the change would else not be backward compatible.
rich_params = True

[cache]
path = /var/tmp/
filename = youcompany_satellite_ansible_inventory   
max_age = 7200
# Whether to scan foreman to add recently created hosts in inventory cache
scan_new_hosts = True

So, the python script will create an json inventory retrieved from foreman based on foreman.ini settings.

The advantage this method is that you can create Ansible Groups based on Foreman Params, which will give you an incredible flexibility for fulfilling vars based on Groups....

The disadvantage is that you need to run periodically ( or manually ) if you want to see latest change within foreman.

huangapple
  • 本文由 发表于 2023年3月3日 17:52:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/75625529.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定