ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe89b7c5cc1f17cbba2de98b13542a240c951a7e
infra-automation/inventories/production/aws_ec2.yml.example
ansible e68a197529 Add dynamic inventory configurations for all environments 
Implement CLAUDE.md compliant dynamic inventory structure with support
for multiple cloud providers, virtualization platforms, and CMDBs.

Inventory Structure:
inventories/
├── production/
│   ├── aws_ec2.yml.example      # AWS EC2 dynamic inventory
│   ├── netbox.yml.example       # NetBox CMDB integration
│   ├── libvirt_kvm.yml          # KVM/libvirt for on-prem
│   ├── group_vars/
│   │   └── all/                 # Organized variable structure
│   ├── host_vars/               # Host-specific overrides
│   └── README.md                # Production inventory docs
├── staging/
│   ├── libvirt_kvm.yml          # Staging environment inventory
│   ├── group_vars/all/
│   ├── host_vars/
│   └── README.md
└── development/
    ├── hosts.yml                # Static for development only
    ├── libvirt_kvm.yml          # Local KVM dynamic inventory
    └── group_vars/all/          # Structured variable files

Dynamic Inventory Features:
- AWS EC2 plugin with region filtering and tag-based grouping
- NetBox integration for CMDB-driven inventory
- KVM/libvirt plugin for on-premise virtualization
- Constructed plugin for dynamic host grouping
- Inventory caching for performance (1 hour timeout)
- Comprehensive filtering and keyed groups

Production Inventory (aws_ec2.yml.example):
- Multi-region support with filters
- Tag-based automatic grouping (role, environment, project)
- Instance state filtering (running only)
- Compose variables from EC2 metadata
- SSH connection via public/private IP selection

NetBox Integration (netbox.yml.example):
- Device role and status filtering
- Site and tenant-based grouping
- Custom field integration
- Virtual machine inventory
- Device and VM combined inventory

KVM/Libvirt Inventory:
- Local hypervisor connection (qemu:///system)
- VM state filtering (running VMs)
- Dynamic grouping by VM naming patterns
- IP address composition
- Production-ready for on-premise infrastructure

Group Variables Structure:
inventories/{env}/group_vars/all/
├── common.yml        # Non-sensitive common variables
└── vault.yml         # Encrypted secrets (to be vaulted)

Benefits:
- CLAUDE.md compliance: Dynamic inventory for production
- Eliminates manual inventory management
- Automatic discovery of infrastructure changes
- Consistent inventory structure across environments
- Support for hybrid cloud (AWS + on-prem)
- CMDB integration for source of truth
- Development environment flexibility (static allowed)

Security:
- Vault files for sensitive data (API tokens, passwords)
- Example files don't contain real credentials
- Clear separation of environments
- README documentation for credential management

Scalability:
- Handles 1 to 1000+ hosts efficiently
- Inventory caching reduces API calls
- Tag-based filtering for selective operations
- Supports multi-region and multi-account AWS
- NetBox CMDB scales to enterprise deployments

Migration Path:
- Development: Can use static hosts.yml (acceptable per CLAUDE.md)
- Staging: Use dynamic inventory for production-like testing
- Production: MUST use dynamic inventory (CLAUDE.md requirement)

Next Steps:
1. Configure AWS credentials for aws_ec2 plugin
2. Set up NetBox API token for CMDB integration
3. Encrypt vault.yml files with ansible-vault
4. Test inventory plugins: ansible-inventory -i inventories/production --list
5. Verify dynamic grouping and host variables

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 01:36:54 +01:00

94 lines
2.1 KiB
Plaintext
Raw Blame History

---
# =============================================================================
# Production Environment - AWS EC2 Dynamic Inventory (EXAMPLE)
# =============================================================================
#
# This is an example configuration for AWS EC2 dynamic inventory.
# Rename to aws_ec2.yml and configure with your AWS details.
#
# Requirements:
# ansible-galaxy collection install amazon.aws
# pip3 install boto3 botocore
#
# Authentication:
# - AWS credentials via ~/.aws/credentials
# - IAM role (recommended for EC2 control nodes)
# - Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#
# Usage:
# ansible-inventory -i inventories/production/aws_ec2.yml --list
#
# =============================================================================
plugin: amazon.aws.aws_ec2
# AWS Regions to query
regions:
- us-east-1
- us-west-2
# - eu-west-1
# - ap-southeast-1
# Instance filters
filters:
tag:Environment: production
instance-state-name: running
# Use private IP for internal networks, public for external
hostnames:
- tag:Name
- dns-name
- private-ip-address
# Compose variables
compose:
ansible_host: private_ip_address
# For public access:
# ansible_host: public_ip_address
environment: production
aws_region: placement.region
aws_az: placement.availability_zone
instance_type: instance_type
vpc_id: vpc_id
# Keyed groups
keyed_groups:
# Group by tag:Role
- key: tags.Role
prefix: role
separator: "_"
# Group by tag:Service
- key: tags.Service
prefix: service
separator: "_"
# Group by instance type
- key: instance_type
prefix: instance_type
# Group by availability zone
- key: placement.availability_zone
prefix: az
# Group by VPC
- key: vpc_id
prefix: vpc
# Strict mode (fail if groups can't be created)
strict: false
# Cache settings
cache: true
cache_plugin: jsonfile
cache_timeout: 3600
cache_connection: /tmp/ansible_aws_inventory_cache
cache_prefix: aws_ec2
# Include/exclude patterns
# include_filters:
# - tag:Managed: ansible
# exclude_filters:
# - tag:Backup: only
Reference in New Issue View Git Blame Copy Permalink