<ahref="http://github.com/ansible/ansible"><imgstyle="position: absolute; right: 0; border: 0;"src="http://ansible.github.com/github.png"alt="Fork me on GitHub"></a>
<p>Advanced programmers may also wish to read the source to ansible itself, for
it uses the Runner() API (with all available options) to implement the
command line tools <ttclass="docutils literal"><spanclass="pre">ansible</span></tt> and <ttclass="docutils literal"><spanclass="pre">ansible-playbook</span></tt>.</p>
<p>If you have a data store system where an Ansible external inventory script doesn’t already exist, this may require a little coding, but we have a <aclass="reference external"href="https://github.com/ansible/ansible/blob/master/examples/scripts/cobbler_external_inventory.py">Cobbler example</a> in the main source tree – but it’s pretty simple, as we’ll explain below – that would provide a good starting point. Like with modules, it’s possible to build an external inventory script in any language, as long as it returns JSON.</p>
<p>If you are familiar with Puppet terminology, this concept is basically the same as ‘external nodes’, with the slight difference that it also defines which hosts are managed.</p>
<p>When the external node script is called with the single argument ‘–list’, the script must return a JSON hash/dictionary of all the groups to be managed, with a list of each host/IP as the value for each hash/dictionary element, like so:</p>
<p>When called with the arguments ‘–host <hostname>’ (where <hostname> is a host from above), the script must return either an empty JSON
hash/dictionary, or a list of key/value variables to make available to templates or playbooks. Returning variables is optional,
<h3>Example: The Cobbler External Inventory Script<aclass="headerlink"href="#example-the-cobbler-external-inventory-script"title="Permalink to this headline">¶</a></h3>
<p>It is expected that many Ansible users will also be <aclass="reference external"href="http://cobbler.github.com">Cobbler</a> users. Cobbler has a generic
layer that allows it to represent data for multiple configuration management systems (even at the same time), and has
been referred to as a ‘lightweight CMDB’ by some admins. This particular script will communicate with Cobbler
using Cobbler’s XMLRPC API.</p>
<p>To tie Ansible’s inventory to Cobbler (optional), copy <cite>this script <https://github.com/ansible/ansible/blob/master/examples/scripts/cobbler_external_inventory.py></cite> to /etc/ansible/hosts and <cite>chmod +x</cite> the file. cobblerd will now need
to be running when you are using Ansible.</p>
<p>Test the file by running <cite>./etc/ansible/hosts</cite> directly. You should see some JSON data output, but it may not have
anything in it just yet.</p>
<p>Let’s explore what this does. In cobbler, assume a scenario somewhat like the following:</p>
cobbler system edit --name=foo --dns-name="foo.example.com" --mgmt-classes="atlanta" --ksmeta="c=4"
cobbler system edit --name=bar --dns-name="bar.example.com" --mgmt-classes="atlanta" --ksmeta="c=5"</pre>
</div>
<p>In the example above, the system ‘foo.example.com’ will be addressable by ansible directly, but will also be addressable when using the group names ‘webserver’ or ‘atlanta’. Since Ansible uses SSH, we’ll try to contract system foo over ‘foo.example.com’, only, never just ‘foo’. Similarly, if you try “ansible foo” it wouldn’t find the system... but “ansible ‘foo*’” would, because the system DNS name starts with ‘foo’.</p>
<p>The script doesn’t just provide host and group info. In addition, as a bonus, when the ‘setup’ module is run (which happens automatically when using playbooks), the variables ‘a’, ‘b’, and ‘c’ will all be auto-populated in the templates:</p>
<p>So that’s the Cobbler integration support – using the cobbler script as an example, it should be trivial to adapt Ansible to pull inventory, as well as variable information, from any data source. If you create anything interesting, please share with the mailing list, and we can keep it in the source code tree for others to use.</p>
<h3>Example: AWS EC2 External Inventory Script<aclass="headerlink"href="#example-aws-ec2-external-inventory-script"title="Permalink to this headline">¶</a></h3>
<p>If you use Amazon Web Services EC2, maintaining an inventory file might not be the best approach. For this reason, you can use the <aclass="reference external"href="https://github.com/ansible/ansible/blob/devel/examples/scripts/ec2_external_inventory.py">EC2 external inventory</a> script.</p>
<p>You can use this script in one of two ways. The easiest is to use Ansible’s <ttclass="docutils literal"><spanclass="pre">-i</span></tt> command line option and specify the path to the script.</p>
<p>The second option is to copy the script to <cite>/etc/ansible/hosts</cite> and <cite>chmod +x</cite> it. You will also need to copy the <ttclass="docutils literal"><spanclass="pre">ec2.ini</span></tt> file to <cite>/etc/ansible/ec2.ini</cite>. Then you can run ansible as you would normally.</p>
<p>To successfully make an API call to AWS, you will need to configure Boto (the Python interface to AWS). There are a <aclass="reference external"href="http://docs.pythonboto.org/en/latest/boto_config_tut.html">variety of methods</a> available, but the simplest is just to export two environment variables:</p>
<p>After a few moments, you should see your entire EC2 inventory across all regions in JSON.</p>
<p>Since each region requires its own API call, if you are only using a small set of regions, feel free to edit <ttclass="docutils literal"><spanclass="pre">ec2.ini</span></tt> and list only the regions you are interested in. There are other config options in <ttclass="docutils literal"><spanclass="pre">ec2.ini</span></tt> including cache control, and destination variables.</p>
<p>At their heart, inventory files are simply a mapping from some name to a destination address. The default <ttclass="docutils literal"><spanclass="pre">ec2.ini</span></tt> settings are configured for running Ansible from outside EC2 (from your laptop for example). If you are running Ansible from within EC2, internal DNS names and IP addresses may make more sense than public DNS names. In this case, you can modify the <ttclass="docutils literal"><spanclass="pre">destination_variable</span></tt> in <ttclass="docutils literal"><spanclass="pre">ec2.ini</span></tt> to be the private DNS name of an instance. This is particularly important when running Ansible within a private subnet inside a VPC, where the only way to access an instance is via its private IP address. For VPC instances, <cite>vpc_destination_variable</cite> in <ttclass="docutils literal"><spanclass="pre">ec2.ini</span></tt> provides a means of using which ever <aclass="reference external"href="http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance">boto.ec2.instance variable</a> makes the most sense for your use case.</p>
<p>The EC2 external inventory provides mappings to instances from several groups:</p>
<dlclass="docutils">
<dt>Instance ID</dt>
<dd>These are groups of one since instance IDs are unique.
<dd>Instances belong to one or more security groups. A group is created for each security group, with all characters except alphanumerics, dashes (-) converted to underscores (_). Each group is prefixed by <ttclass="docutils literal"><spanclass="pre">security_group_</span></tt>
<dd>Each instance can have a variety of key/value pairs associated with it called Tags. The most common tag key is ‘Name’, though anything is possible. Each key/value pair is its own group of instances, again with special characters converted to underscores, in the format <ttclass="docutils literal"><spanclass="pre">tag_KEY_VALUE</span></tt>
<p>When the Ansible is interacting with a specific server, the EC2 inventory script is called again with the <ttclass="docutils literal"><spanclass="pre">--host</span><spanclass="pre">HOST</span></tt> option. This looks up the HOST in the index cache to get the instance ID, and then makes an API call to AWS to get information about that specific instance. It then makes information about that instance available as variables to your playbooks. Each variable is prefixed by <ttclass="docutils literal"><spanclass="pre">ec2_</span></tt>. Here are some of the variables available:</p>
<ulclass="simple">
<li>ec2_architecture</li>
<li>ec2_description</li>
<li>ec2_dns_name</li>
<li>ec2_id</li>
<li>ec2_image_id</li>
<li>ec2_instance_type</li>
<li>ec2_ip_address</li>
<li>ec2_kernel</li>
<li>ec2_key_name</li>
<li>ec2_launch_time</li>
<li>ec2_monitored</li>
<li>ec2_ownerId</li>
<li>ec2_placement</li>
<li>ec2_platform</li>
<li>ec2_previous_state</li>
<li>ec2_private_dns_name</li>
<li>ec2_private_ip_address</li>
<li>ec2_public_dns_name</li>
<li>ec2_ramdisk</li>
<li>ec2_region</li>
<li>ec2_root_device_name</li>
<li>ec2_root_device_type</li>
<li>ec2_security_group_ids</li>
<li>ec2_security_group_names</li>
<li>ec2_spot_instance_request_id</li>
<li>ec2_state</li>
<li>ec2_state_code</li>
<li>ec2_state_reason</li>
<li>ec2_status</li>
<li>ec2_subnet_id</li>
<li>ec2_tag_Name</li>
<li>ec2_tenancy</li>
<li>ec2_virtualization_type</li>
<li>ec2_vpc_id</li>
</ul>
<p>Both <ttclass="docutils literal"><spanclass="pre">ec2_security_group_ids</span></tt> and <ttclass="docutils literal"><spanclass="pre">ec2_security_group_names</span></tt> are comma-separated lists of all security groups. Each EC2 tag is a variable in the format <ttclass="docutils literal"><spanclass="pre">ec2_tag_KEY</span></tt>.</p>
<p>To see the complete list of variables available for an instance, run the script by itself:</p>