By He Guimin, nicknamed Xiaozhu at Alibaba.
In this blog we will introduce how you can manage Alibaba Cloud resources in Ansible using Dynamic Inventory. But, before we get ahead of ourselves, first, we'll need to introduce what is Ansible and what you can use it for.
Ansible is a mainstream automated O&M tool that can operate one or more hosts at the same time. When the number of hosts increases and machine roles become more complex and diverse in the cloud, a system of grouping management becomes essential to effectively managing your resources.
Ansible is one of the most powerful tools for this means. It can operate multiple hosts in a group at the same time. With Ansible, the relationship between groups and hosts is configured by inventory files. In Ansible, there are two types of inventory: the static inventory and dynamic inventory types.
Static inventory refers to default inventory that includes the host name, host address, connection information, and connection method in a static file. For example:
[targets]
localhost ansible_connection=local
other1.example.com ansible_connection=ssh ansible_user=mpdehaan
other2.example.com ansible_connection=ssh ansible_user=mdehaan
10.0.2.23 ansible_connection=ssh ansible_user=mdehaanip
In a playbook, you can directly specify the group name or the name of a specific host.
Dynamic inventory refers to the process where you can automatically obtain a list of hosts through an external script, automatically group the list of hosts according to the configured grouping method, and return the host information to the corresponding Ansible command in the format required by Ansible. The following is part of the host information obtained from the dynamic inventory of Alibaba Cloud in Ansible:
{
"_meta": {
"hostvars": {
"i_bp171m264ryt9*******": {
"ansible_ssh_host": "47.98.xx.xx",
"availability_zone": "cn-hangzhou-g",
"block_device_mapping": [
...
],
...
"host_name": "iZbp171m264ryt9******Z",
"id": "i-bp171m264ryt9*******",
"image_id": "ubuntu_16_0402_64_20G_alibase_20180409.vhd",
"inner_ip_address": "",
...
"tags": {
"env": "dev"
} },
"i_bp1i1aitghkkq*******": {
"ansible_ssh_host": "47.96.xx.xx",
"availability_zone": "cn-hangzhou-g",
"block_device_mapping": [
...
],
"eip": {
...
"ip_address": "47.96.xx.xx"
},
...
"host_name": "terraform",
"id": "i-bp1i1aitghkkq*******",
"image_id": "m-bp1243pi65bw8*****",
"inner_ip_address": "",
...
},
...
}
}
},
"alicloud": {
"children": [
"i_bp1i1aitghkkq*******",
"i_bp171m264ryt9*******"
]
},
"cn-hangzhou": [
"i_bp1i1aitghkkq*******",
"i_bp171m264ryt9*******"
],
"cn-hangzhou-g": [
"i_bp1i1aitghkkq*******",
"i_bp171m264ryt9c******"
],
The dynamic inventory responds to dynamic resource increases and decreases by calling the service API or accessing the database query to automatically query and return a list of hosts and update the host information in the inventory.
Alibaba Cloud has provided a dynamic inventory file to dynamically obtain the host information that meets the specified filtering conditions.
Alibaba Cloud dynamic inventory is currently in the process of official integration. Therefore, before you use this dynamic inventory, you'll need to install the ansible_alicloud_module_utils
component on which this inventory depends. This component is used for the inventory's requests to APIs in OpenAPI:
# 直接使用 Pip 完成对 Ansible Alicloud Module Utils 的安装
$ sudo pip install ansible_alicloud_module_utils
When you install ansible_alicloud_module_utils
, Ansible and component dependencies, such as footmark and Alibaba Cloud Python SDK, are automatically installed. When the installation is completed, run the pip show footmark
command to ensure that the footmark version is later than 1.9.0.
$ pip show footmark
Name: footmark
Version: 1.9.0
Summary: A Python interface to Aliyun Web Services
Home-page: UNKNOWN
Author: xiaozhu
Author-email: heguimin36@163.com
License: MIT
Location: /Library/Python/2.7/site-packages
Requires: aliyun-python-sdk-core, aliyun-python-sdk-ecs, aliyun-python-sdk-slb, aliyun-python-sdk-vpc, aliyun-python-sdk-rds, aliyun-python-sdk-ess, oss2, importlib
Required-by: ansible-alicloud, ansible-alicloud-module-utils
If the version number does not meet this requirement, run the sudo pip install footmark --upgrade
command to upgrade the footmark version.
Like other inventories, an Alibaba Cloud dynamic inventory can be used in two ways: either you can "explicitly specify" and "specify by default". "Explicitly specify" refers to using the -i
parameter to explicitly specify the dynamic inventory file when an Ansible command is run.
Download the latest version of the Alibaba Cloud dynamic inventory file and grant it executable permissions:
$ wget https://raw.githubusercontent.com/alibaba/ansible-provider/master/contrib/inventory/alicloud.py
$ chmod +x alicloud.py
Download and obtain the alicloud.ini
configuration file, and put it in the directory where alicloud.py
is located:
$ wget https://raw.githubusercontent.com/alibaba/ansible-provider/master/contrib/inventory/alicloud.ini
The alicloud.ini
configuration file contains a variety of configuration options, such as the cache control, destination address variable, host attributes, and region where the host is located. You can implement custom filtering of the host information by using this file.
Before you call the inventory file, specify the AccessKey ID and the AccessKey secret to be used, which can be directly defined in the alicloud.ini
configuration file:
alicloud_access_key = Abcd1234
alicloud_secret_key = Abcd2345
You can also directly specify the AccessKey ID and AccessKey secret through environment variables:
$ export ALICLOUD_ACCESS_KEY = Abcd1234
$ export ALICLOUD_SECRET_KEY = Abcd2345
To test whether the configuration is correct, run the inventory file:
$ ./alicloud.py --list
You can see the inventory information of all regions in JSON format, as shown above.
If you want to obtain only the information about some regions, edit alicloud.ini
and enter the desired regions. In addition, you can filter all host information by using instance_filters
in alicloud.ini
.
The Alibaba Cloud dynamic inventory provides mapping from multiple groups to instances:
alicloud
group. For example: "alicloud": {
"children": [
"i_bp1i1aitghkkq*******",
"i_bp171m264ryt9*******"
]
},
"i-bp171m264ryt9******": [
"i_bp171m264ryt9******"
],
"i-bp1i1aitghkkq******": [
"i_bp1i1aitghkkq*****"
],
"cn-hangzhou": [
"i_bp1i1aitghkkq*******",
"i_bp171m264ryt9*******"
],
"cn-hangzhou-g": [
"i_bp1i1aitghkkq*******",
"i_bp171m264ryt9c******"
],
security_group
. For example:"security_group_sg_bp1cp0behw74aa******": [
"i_bp1i1aitghkkqp******"
],
"security_group_sg_bp1dtemf7bv5******": [
"i_bp171m264ryt9******"
],
tag_KEY_VALUE
. For example:"tag_acsversion_1_0": [
"i_t4nd1ehd9umu5******",
"i_t4n6v8wv6jue5******"
],
"tag_env_dev": [
"i_bp171m264ryt9******"
],
In addition, many other similar attributes, such as VPC ID, VSwitch ID, and image ID, which are used to divide host groups.
When confirming the Alibaba Cloud inventory to be executable, you can use alicloud.py
as an inventory application in the specific use case of Ansible, as follows:
$ ansible -i alicloud.py alicloud -m ping
47.93.xx.xx | SUCCESS => {
"changed": false,
"ping": "pong"
}
47.93.xx.xx | SUCCESS => {
"changed": false,
"ping": "pong"
}
If the following problems (shown below) occur during the running process:
47.93.xx.xx| UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
47.93.xx.xx | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
Then, you must specify the host instance username and password (shown below) during execution:
$ ansible -i alicloud.py alicloud -m ping -u root -k
SSH password:
47.93.xx.xx | SUCCESS => {
"changed": false,
"ping": "pong"
}
47.93.xx.xx | SUCCESS => {
"changed": false,
"ping": "pong"
}
Noticeably, the Alibaba Cloud dynamic inventory file caches the result of each execution to avoid repeated API calls. You can configure the cache settings by editing cache_path
in the alicloud.ini
file. To explicitly clear cache, add --refresh-cache
when executing the inventory:
$ ./alicloud.py --refresh-cache
In addition to explicitly specifying an Alibaba Cloud dynamic inventory file, you can also set a dynamic inventory to be the default inventory. After Ansible is installed, the default Ansible inventory file is /etc/ansible/hosts
.
Download the latest version of the Alibaba Cloud dynamic inventory file, grant it executable permissions, and then use it to replace the default inventory file:
$ wget https://raw.githubusercontent.com/alibaba/ansible-provider/master/contrib/inventory/alicloud.py
$ chmod +x alicloud.py
$ sudo cp alicloud.py /etc/ansible/hosts
Download the configuration file of the Alibaba Cloud dynamic inventory and move it to /etc/ansible
, where the default inventory file is located:
$ wget https://raw.githubusercontent.com/alibaba/ansible-provider/master/contrib/inventory/alicloud.ini
$ sudo cp alicloud.ini /etc/ansible
Run the following command to verify:
ansible alicloud -m ping
Currently, Alibaba Cloud is further integrating with Ansible, a mainstream open-source tool. Specifically, Alibaba Cloud is developing its resource modules and provisioning dynamic inventory to further improve the developer experience and the O&M efficiency for enterprises.
Alibaba Cloud has already contributed more than 20 modules that involve multiple Alibaba Cloud products and resources. We welcome you to use them.
If you have a problem while using Alibaba Cloud modules, submit it on ansible-provider on GitHub at any time. We will solve it as soon as possible.
The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.
Getting Started with Terraform with Alibaba Cloud: What is Terraform?
2,599 posts | 764 followers
FollowAlibaba Clouder - April 22, 2019
Alibaba Clouder - July 30, 2018
Alibaba Clouder - October 12, 2019
Alibaba Clouder - August 31, 2020
Alibaba Clouder - July 5, 2019
Alibaba Clouder - April 2, 2019
2,599 posts | 764 followers
FollowAn all-in-one service for log-type data
Learn MoreAccelerate software development and delivery by integrating DevOps with the cloud
Learn MoreAn enterprise-level continuous delivery tool.
Learn MoreElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreMore Posts by Alibaba Clouder