{"id":19587,"date":"2023-10-10T05:40:30","date_gmt":"2023-10-10T05:40:30","guid":{"rendered":"https:\/\/www.insentragroup.com\/au\/insights\/uncategorized\/automating-the-resynchronisation-of-constructed-inventories-in-the-ansible-automation-platform\/"},"modified":"2024-12-13T02:22:29","modified_gmt":"2024-12-13T02:22:29","slug":"automating-the-resynchronisation-of-constructed-inventories-in-the-ansible-automation-platform","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/au\/insights\/geek-speak\/modern-workplace\/automating-the-resynchronisation-of-constructed-inventories-in-the-ansible-automation-platform\/","title":{"rendered":"Automating the Resynchronisation of Constructed Inventories in the Ansible Automation Platform"},"content":{"rendered":"\n
Ansible Automation Controller constructed inventories are a new feature that allows you to create a dynamic inventory from a list of input inventories. You can use this feature to run jobs against hosts and groups from multiple inventories and apply custom logic and filters to them. For example, you can create a constructed inventory that combines hosts from AWS, Azure, and VMware, and add variables and groups based on their attributes. <\/p>\n\n\n\n
To create a constructed inventory, you need to specify the input inventories, the limit pattern, and the source vars. The input inventories are the existing inventories that provide the inventory content for the constructed inventory. The limit pattern is an optional parameter that allows you to filter the hosts using the standard Ansible host pattern syntax. The source vars is a YAML dictionary that defines the logic for adding groups and variables to the constructed inventory. You can use Ansible-style Jinja2 expressions and filters in the source vars. <\/p>\n\n\n\n
The constructed inventory is refreshed every time you run a job that uses it. Ansible Automation Controller runs the ansible-inventory command with the constructed plugin and the parameters you provided and generates a temporary inventory file for the job. This ensures that the constructed inventory always reflects the latest state of the input inventories and your custom logic. <\/p>\n\n\n\n
There are a few limitations to constructed inventories: <\/p>\n\n\n\n
\n
They are currently only supported in Ansible Automation Platform (AAP) 2.4 and higher <\/li>\n\n\n\n
They cannot be used as input inventories for other constructed inventories <\/li>\n\n\n\n
If the input inventories are large or complex, the refresh process can take some time <\/li>\n<\/ul>\n\n\n\n
The refresh\/resync process for the constructed inventory activates whenever its associated template launches, potentially extending the overall duration of the job more than necessary. While constructed inventories allow manual resync and support caching, manual intervention remains the sole alternative for resynchronisation in case you want to run an ad-hoc job or you want to verify the hosts and groups. As of AAP 2.4.x, there’s no built-in scheduling feature for constructed inventories within the GUI. <\/p>\n\n\n\n
Although scheduled resync is not supported in the current version, the API does allow for source updates to the Constructed Inventories. You can execute the API call using the URL link below: <\/p>\n\n\n\n
Note<\/strong>: 386 in the above URL is the inventory id of one of the constructed inventories in your environment. <\/p>\n\n\n\n
To update multiple constructed inventories, one can leverage Ansible Code alongside the ansible.controller collection (available to those with access to console.redhat.com) or the awx.awx ansible collection. <\/p>\n\n\n\n
This blog outlines two methods for updating Constructed Inventories. Because the hosts and groups within the constructed inventory rely on the source inventory and its associated query, it’s essential first to refresh the dynamic inventory serving as the source before synchronising the constructed inventory. <\/p>\n\n\n\n
I am going to describe the code necessary to update all the constructed inventories first <\/p>\n\n\n\n
Ansible Code Description: aap-inv-refresh role <\/h3>\n\n\n\n
vars\/creds.yml<\/strong>: The <\/em>creds.yml file can be encrypted with ansible-vault. It contains credentials for authentication with AAP. <\/li>\n<\/ol>\n\n\n\n
main.yml<\/strong>: Contains tasks to include default variables, query the inventory by its name, update all inventory sources, and refresh tasks for constructed inventories.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
inv_refresh.yml<\/strong>: Contains tasks to query specific inventories by their name, display the ID of the queried inventory, and update all the inventory sources.<\/li>\n<\/ul>\n\n\n\n
Note: There’s potential to enhance the code by saving the results from an initial query into a variable and then conducting local searches on that result. I’ve observed that performance may vary based on the number of inventories present in the environment. In contexts with hundreds of inventories, the resulting JSON file can be substantially large, potentially impacting the solution’s efficiency. In such cases, I prefer utilising multiple API calls, as each call yields a single-page result. <\/p>\n\n\n\n
Resync for Azure <\/h2>\n\n\n\n
The dynamic inventory for Azure Cloud varies compared to GCP. For Azure, each dynamic inventory source corresponds to a single Azure subscription, effectively limiting the number of sources in the dynamic inventory. In contrast, for GCP, there’s a source for each project, which could potentially lead to a significantly large number of sources. <\/p>\n\n\n\n
For Azure, the strategy involved creating a workflow. This workflow processes the dynamic inventory’s sources, updates them, and once all have been refreshed, triggers a template to update all the constructed inventories that use this dynamic inventory as their source. <\/p>\n\n\n\n
In this example, I created a new execution environment that includes the ansible.controller collection (you might need to replace it with awx.awx collection if you don\u2019t have a valid Red Hat subscription). The following snippet provides all the collections included in the execution environment:<\/p>\n\n\n\n
Both templates are configured within the SharedInventory organisation and utilise the specified execution environment. They draw upon the PRJ-AAP-CONSTRUCTED-INV-REFRESH project, the Demo Inventory, the site.yml playbook, and the CREDS-AAP-VAULT vault credential. Considering all tasks utilise API calls to AAP, there’s no need for a designated host to run the code. Consequently, I employ the Demo Inventory, which lists localhost as its sole host configuration.<\/p>\n\n\n\n
Resync for GCP <\/h2>\n\n\n\n
As highlighted earlier, the dynamic inventory for GCP could include a large number of sources, given there’s one for each project. This extensive list makes utilising a WORKFLOW challenging. The recommended approach is to deploy Ansible code to refresh all sources within the dynamic inventory. Once this step is completed, the constructed inventory can be updated. Note that the task dedicated to refreshing GCP’s dynamic inventory is set to bypass errors. This design choice ensures that an update error in one GCP project doesn’t stop the refreshing of the constructed inventory.<\/p>\n\n\n\n
If you have any questions or need further details about refreshing constructed inventories using Ansible Automation Platform, feel free to contact us<\/a>!<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.insentragroup.com\/au\/wp-content\/uploads\/sites\/22\/2023\/10\/image-2-1024x750.png\" "\\"\\"")
<\/figure>\n\n\n\n