Ansible Inventory Project
Categories:
An inventory project, also known as an Ansible inventory project, is a structured collection of files used in Ansible for managing hosts and configurations. It typically includes inventory files, playbooks, host variables, group variables, and secret variables ( Ansible vault files). This type of project is sometimes referred to as a playbook project or configuration project.
These projects are structured to be used and consumed by Ansible Automation Platform ( AAP) or AWX.
The inventory strategy of C2 Platform projects can be described as group-based environments with dictionary merging. This approach helps manage multiple environments efficiently, promotes a GitOps workflow, and enables flexible variable handling. The sections below explore the key components, examples, and core concepts of this strategy in detail.
Structure of an Inventory Project
Examples of such projects include
c2platform/ansible
,
c2platform/rws/ansible-gis
,
c2platform/phx/ansible
.
Within
c2platform/rws/ansible-gis
you can find:
hosts.ini
: The inventory file containing host configurations. It defines Ansible groups including the environment groups and supports allowing organization of hosts by roles, environments (e.g., development, test, staging, production), or attributes.group_vars
: A directory that stores group variables for the Ansible groups defined in the inventory file.plays
: directory that contains Ansible playbooks, for example the play that manages the Geoweb sub-system of the GIS Platform which is based on Vertigis Studio:--- - name: Geoweb hosts: geoweb roles: - { role: c2platform.wincore.win, tags: ["windows"]} - { role: c2platform.gis.vertigis_studio, tags: ["geoweb", "vertigis", "studio", "reporting"]}
secret_vars
: A dedicated location for storing secrets. For further details see Managing Secrets with Ansible Vault in AAP / AWX .collections/requirements.yml
: File used by Ansible Automation Platform AAP (or AWX) to install Ansible collections from Ansible Galaxy.--- collections: - name: community.postgresql version: 2.4.3 - name: ansible.windows version: 1.14.0 - name: community.windows version: 2.0.0 - name: c2platform.gis version: 1.0.21 - name: c2platform.mgmt version: 1.0.4 - name: https://gitlab.com/c2platform/ansible-collection-mw.git type: git version: master # - name: c2platform.mw # version: 1.0.4 # TODO 1.0.5 - name: c2platform.dev version: 1.0.4
roles/requirements.yml
: Similar tocollections/requirements.yml
, also used by AAP (or AWX) to install Ansible roles, from Galaxy.ansible.cfg
: This file contains configuration settings for Ansible, including defaults for module behavior, inventory paths, and roles. You can also configure a private Galaxy Server here.[defaults] hash_behaviour = merge collections_path=../ansible-dev-collections:./ roles_path=./roles/external:./roles/internal ansible_managed = This file is managed by Ansible, all changes will be lost. display_skipped_hosts = no stdout_callback = yaml # callbacks_enabled=ansible.posix.profile_tasks, ansible.posix.timer # callbacks_enabled=ansible.posix.profile_roles, ansible.posix.timer
Group-based Environments
As part of the group-based environments approach, for each environment
(development, test, staging, production) there is a corresponding
Ansible group, also known as an
Ansible environment group. For
example, in hosts.ini
on lines 32 to 37 an
Ansible group test
(for the
test
environment) is defined with 5 nodes in it. The group-based
environments approach makes it possible to manage environment differences much
more effectively. For more information about group-based environments:
- Group-based Environments: Use a group-based approach to organize your Ansible inventory and variables for different environments.
32[test]
33gst-rproxy1 ansible_host=1.1.5.209
34gst-awx1 ansible_host=1.1.5.164
35gst-db1 ansible_host=1.1.5.210
36gst-fme-core ansible_host=1.1.8.118
37gst-ad ansible_host=1.1.8.119
GitOps
The term GitOps is typically used in the context of cloud-native applications but also applies to Ansible automation projects. The setup enables a pure GitOps approach by treating Ansible playbooks, inventories, and variables as declarative code stored in Git, providing a complete definition and single source of truth. For each environment a branch is created, an environment branch, that is the single source of truth for a specific environment.
Key principles of GitOps include:
- Declarative Configuration: Configurations describe the desired state of the system, rather than imperative steps to achieve it.
- Single Source of Truth: The Git repository serves as the canonical source for all configurations and desired states.
- Automation / Reconciliation: Tools continuously observe changes in the Git repository and automatically apply them, reconciling the current state with the desired state.
Pure GitOps
In a pure GitOps approach, avoid storing desired state anywhere outside the Git repository, as this can lead to inconsistencies and deviations from the single source of truth. Instead, maintain the complete definition of all environments—including nodes, roles, and configurations—solely within the inventory project in Git. For example, do not pass desired state via Azure DevOps or GitLab CI/CD pipeline variables, and avoid defining inventories or variables directly in AAP/ AWX; these should reference the Git repository to ensure all state is managed declaratively through Git.
GitOps Pipeline
A key concept in GitOps with Ansible (with environment branches) is the GitOps pipeline, which leverages group-based environments (with Ansible environment groups) and environment branches to promote changes safely. For example, changes can be promoted across environments (e.g., from development to production) using merge requests (MRs) in tools like GitLab and Azure DevOps with approval processes. This process ensures that updates are reviewed, tested, and reconciled automatically, maintaining consistency and reducing manual intervention.
The GitOps pipeline is not a GitLab CI/CD pipeline, but it can be part of one. The GitOps pipeline consists of MRs and a tool that takes care of the automation/reconciliation part. Typically projects use Ansible Automation Platform ( AAP) but if that is not available a GitLab Runner for example can be used as is the case in the PHX project.
For more information on using a GitLab Runner as a control node see:
For more information on branching and merging see:
Dictionary Merging
The term dictionary merging refers to a well-known but very powerful feature
of Ansible to merge dictionaries. Note that we are not referring to explicit
merging using the Ansible Jinja filter ansible.builtin.combine
. We are
referring to the global feature to merge dictionaries always. It is turned off
by default and can be enabled by configuring hash_behaviour
as merge
in
ansible.cfg
as shown in the example below:
hash_behaviour = merge
For more information:
- Managing Dictionary Merging in C2 Platform Ansible Projects: Best practices for utilizing dictionary merging in C2 Ansible inventory projects.
Additional Information
For further reference, explore the following guidelines:
- Group-based Environments: Use a group-based approach to organize your Ansible inventory and variables for different environments.
- Distinguish Between Ansible Engineering and Operations: Distinguish between Ansible engineering and operations as separate disciplines to ensure high-quality, maintainable automation.
- Branching and Merging Strategy: Guidelines for implementing branching and merging policies in GitOps pipelines for Ansible inventory projects to promote changes across environments.
- GitOps Pipeline for an Execution Environment (EE) with Ansible Collections: Learn how to realize a GitOps Pipeline when using an EE that includes Ansible Collections.
- Variable prefix: Prefix variable names with role or project prefix.
- Clone script: Automate setup of the development environment with multiple Git repositories.
- Managing Dictionary Merging in C2 Platform Ansible Projects: Best practices for utilizing dictionary merging in C2 Ansible inventory projects.
- Ansible Community Documentation
- What is GitOps | GitLab.com
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.