The inventory is your source of truth in Ansible. It contains all your hosts along with data about your hosts. The data from the inventory represents the desired state you want to reach with Ansible and is used to overwrite arguments (defaults) in roles and playbooks.
You can build your inventory statically, using dynamic inventory sources, or combining both. I tend to rely on a static inventory hosted in Git, as it lets me clearly and safely define the desired state of the automation.
When I add a new host, group, or data to the inventory, I want to make sure that Ansible can parse the inventory and that it follows the Ansible Lint recommendations before a pull request is merged. Once the pull request has been merged, the CI/CD pipeline updates the inventory in Ansible Automation Platform. Here is the complete Gitlab CI/CD pipeline:
---
# GitLab Continuous Integration and Delivery pipeline
# for Ansible inventory.
# Parse inventory.
inventory-parse:
stage: test
tags:
- ansible
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
script: |-
source $PYTHON_VENV
ansible --version
if [[ -n $(ansible-inventory --graph 2>&1 >/dev/null) ]]; then
ansible-inventory --graph
exit 1
fi
# Lint inventory.
ansible-lint:
stage: test
tags:
- ansible
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
script:
- source $PYTHON_VENV
- git fetch origin main
- ansible-lint --version
- ansible-lint $(git diff --diff-filter=ACM --name-only origin/main -- '*.yml')
# Update inventory in Ansible Automation Platform Controller.
aap-inventory-update:
stage: deploy
tags:
- ansible
rules:
- if: $CI_COMMIT_BRANCH == "main"
script: |-
curl --request POST \
--fail \
--silent \
--header "Authorization: Bearer ${AAP_TOKEN}" \
--url "${AAP_API}/projects/123/update/"
curl --request POST \
--fail \
--silent \
--header "Authorization: Bearer ${AAP_TOKEN}" \
--url "${AAP__API}/inventory_sources/321/update/"
Leave a Reply