Managing Enterprise Automation with Red Hat Ansible Automation Platform

Bookmark this page
P123456789101112
PreviousNext

Chapter 3.  Managing Inventories and Machine Credentials

Section Creating a Static Inventory
SectionObjectives
SectionRed Hat Ansible Inventory
SectionCreating an Inventory Using the Automation Controller Web UI
SectionInventory Roles
SectionInventory Variables
Guided Exercise: Creating a Static Inventory
Creating Machine Credentials for Access to Inventory Hosts
Objectives
Storing Secrets in Credentials
Credential Types
Creating Machine Credentials
Editing Machine Credentials
Credential Roles
Managing Credential Access
Common Credential Scenarios
Guided Exercise: Creating Machine Credentials for Access to Inventory Hosts
Lab: Managing Inventories and Machine Credentials
Summary

Abstract

Goal

Create inventories of machines to manage, and configure credentials necessary for automation controller's execution nodes to log in and run Ansible jobs on those systems.

Objectives

  • Create a static inventory of managed hosts, using the web UI.

  • Create a machine credential for inventory hosts to allow automation controller to run jobs on those inventory hosts.

Sections

  • Creating a Static Inventory (and Guided Exercise)

  • Creating Machine Credentials for Access to Inventory Hosts (and Guided Exercise)

Lab

  • Managing Inventories and Machine Credentials

Creating a Static Inventory

Objectives

  • Create a static inventory of managed hosts, using the web UI.

Red Hat Ansible Inventory

An Ansible inventory is a list of managed hosts in your infrastructure on which you run your automation tasks. Those managed hosts can be organized into groups that can be used to specify subsets of managed hosts on which you run particular plays. The inventory can also be used to define host and group variables that apply to those hosts and are used by your plays.

With ansible-navigator, you might have defined your inventory in a text file, in either INI or YAML format, and then specified which inventory file to use on the command line or with an ansible.cfg file. The following is an example of an inventory file in INI format.

[production_servers]
prod1.example.com
prod2.example.com

[database_servers]
db_server01.example.com

[production_servers:vars]
apache_listen_port=8080
apache_root_path=/var/www/mywebdocs/

[all:vars]
ansible_user=student
ansible_ssh_private_key_file=/home/student/.ssh/id_rsa

In order to run automation jobs with automation controller, you must specify an inventory for the job. There are several ways to do this, including:

  • By configuring the inventory through the web UI.

  • By managing the inventory as a static file in a Git repository.

  • By dynamically generating the inventory from an external source.

This section covers how to configure, inspect, and edit a static inventory using the automation controller web UI.

Creating an Inventory Using the Automation Controller Web UI

Automation controller manages inventories as objects. Each organization might have many inventories available. Users can create job templates and configure those job templates to use a specific inventory belonging to the organization. Access to an inventory object on the automation controller depends on the roles a user has been assigned for the inventory.

Important

Your automation controller license determines the maximum number of hosts you can define in your inventory. If you exceed that number in your inventory, automation controller will not launch jobs. If a dynamic inventory sync causes automation controller to exceed the managed node count specified in its license, the dynamic inventory sync fail.

If you have multiple hosts in your inventory that have the same name, such as webserver1, they count for licensing purposes as a single node. Note that this differs from the Hosts count on the Dashboard, which counts hosts in separate inventories separately. Note that this behavior is case-sensitive; webserver1 and WebServer1 are treated as different nodes.

In the automation controller web UI, click Settings in the left pane and select Subscription settings from the Settings page to verify how many hosts your license supports and how many are remaining.

Creating a New Inventory

Use the following procedure to create inventories within each organization:

  1. Log in to the automation controller web UI as the admin user, or as a user assigned the Admin or Inventory Admin role for the organization under which you intend to create the new inventory.

  2. Click ResourcesInventories and then click Add.

  3. Select Add inventory.

  4. Enter a name and a description for the new inventory in the Name and Description fields, respectively.

  5. Use the Default organization, or click the search icon to select a different organization for the inventory.

  6. Similarly, click the search icon under Instance Groups to select instance groups.

  7. Click Save.

Creating a Host Group in an Inventory

  1. On the inventory Details page, click Groups and then click Add.

  2. Enter a name and description for the new group in the Name and Description fields, respectively.

  3. Click Save.

Creating Hosts in an Inventory

  1. On the Group Details page, click Hosts and then click Add.

  2. Select Add new host.

  3. Enter a name and description for the new host in the Name and Description fields, respectively.

  4. Click Save.

Figure 3.1: Inventory details

Inventory Roles

You can assign appropriate RBAC roles to users and teams for an inventory, in order to grant users the ability to read, use, or manage it.

Figure 3.2: User Roles

The following is a list of available roles for an inventory:

RolesDescription
Admin

Grants users full permissions over an inventory.

These permissions include deleting and modifying an inventory.

In addition, this role also grants permissions associated with the inventory roles Use, Ad Hoc, and Update.

Update Grants users the ability to update a dynamic inventory from its external data source.
Ad Hoc

Grants users the ability to use the inventory to execute ad hoc commands.

Using Ansible automation controller for ad hoc command execution is discussed in detail in the Ansible automation controller User Guide.

Use

Grants users the ability to use an inventory in a job template resource.

This controls which inventory is used to start jobs using the job template’s playbook.

Read Grants users the ability to view the contents of an inventory.

When you create an inventory, it is only accessible by users who have the Admin, Inventory Admin, or Auditor roles for the organization to which the inventory belongs. You have to configure access to all other users.

First, you need to create the inventory and save it, and after that, you can assign users and teams appropriate roles as discussed previously.

Assigning Roles

Use the following procedure to assign users and teams roles on an inventory:

  1. Log in to the automation controller web UI as the admin user or as a user assigned the Admin or Inventory Admin role for the organization in which you intend to modify the permissions of an inventory.

  2. Click ResourcesInventories.

  3. Click the inventory.

  4. Click Access and then click Add.

  5. Click either Users or Teams and then click Next.

  6. Select the users or teams from the list and then click Next.

  7. Select one or more roles by clicking on them.

  8. Click Save to complete the new roles.

Inventory Variables

Ansible supports inventory variables that apply values to variables on particular hosts or host groups.

When you manage a static inventory in the Ansible automation controller web UI, you can define inventory variables directly in the inventory object.

On the Inventories page, set the variables by clicking the Edit inventory(pencil) icon next to the inventory name. On the Details page for the inventory, you can set variables that affect all hosts in the inventory:

Figure 3.3: Variables for all hosts

When creating a host group within an inventory, you can define the group variables using YAML or JSON in the Variables field on the Create new group page.

You can also set the group variables by clicking on the Edit group (pencil) icon next to the host group’s name in the inventory. These variables apply to all hosts that are part of the group:

Figure 3.4: Variables for a host group

Likewise, you can define the host variables using either YAML or JSON in the Variables field on the Create new host page when an individual host is created within an inventory. Alternatively, click the Edit host (pencil) icon next to the host name in the inventory to define the host variables. Variables defined in this manner only apply to the specific host.

Figure 3.5: Variables for an individual host

Important

Other variables with higher precedence override inventory variables. Extra variables defined in a job template and playbook variables have higher precedence than inventory variables.

References

How to build your inventory https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#intro-inventory

A discussion of how node counting works for licenses is available at https://docs.ansible.com/ansible-tower/latest/html/administration/license-support.html#node-counting-in-licenses

PreviousNext
Revision: do467-2.2-08877c1