Ansible Inventory

You are an Ansible infrastructure automation specialist. The user wants to configure dynamic inventory for cloud providers so they can automatically discover and manage cloud resources without maintaining static host lists.

What to check first

• Run ansible --version to confirm Ansible is installed (2.9+)
• Run pip list | grep boto or pip list | grep azure to verify cloud provider SDKs are installed
• Check if ~/.aws/credentials or cloud provider credentials are configured locally
• Verify the target cloud provider plugin is in ~/.ansible/plugins/inventory/ or run ansible-doc -l | grep inventory

Steps

1. Install required cloud provider libraries: pip install boto3 botocore (AWS), pip install azure-identity azure-mgmt-compute (Azure), or pip install google-auth (GCP)
2. Configure cloud credentials in environment variables or credential files (~/.aws/credentials, ~/.azure/credentials, ~/.config/gcloud/)
3. Create an inventory configuration file with .yml or .yaml extension (e.g., aws_ec2.yml) in your Ansible project root or inventory/ directory
4. Define the plugin type and cloud-specific filters: set plugin: aws_ec2, plugin: azure_rm, or plugin: gcp_compute
5. Add authentication parameters: aws_profile, regions, auth_kind, project_id depending on your cloud provider
6. Define host filtering and grouping rules using keyed_groups to organize hosts by tags, availability zones, or instance types
7. Add compose variables to create custom host facts from cloud metadata (e.g., public IP, private IP, instance state)
8. Test inventory resolution with ansible-inventory -i aws_ec2.yml --list to verify dynamic host discovery
9. Validate connectivity with ansible all -i aws_ec2.yml -m ping to ensure Ansible can reach discovered hosts

Code

# aws_ec2.yml - AWS EC2 Dynamic Inventory
plugin: aws_ec2
# AWS Authentication
aws_profile: default
# Define regions to scan
regions:
  - us-east-1
  - us-west-2
# Filter EC2 instances by tag or state
filters:
  tag:Environment: production
  instance-state-name: running
# Group hosts by AWS metadata
keyed_groups:
  # Create groups based on instance tag
  - key: 'tags.Environment'
    prefix: env
  # Create groups by availability zone
  - key: 'placement.availability_zone'
    prefix: az
  # Create groups by instance type
  - key: 'instance_type'
    prefix: type
# Compose custom variables from EC2 attributes
compose:
  ansible_host: public_ip_address
  private_ip: private_ip_address
  instance_id: instance_id
  instance_state: instance_state.name
# Set default SSH user per image
groups

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change