Support dynamic inventories

[dhilgarth]

Hey, I'm the guy who posted in the original ansible provider repo before you, that I created my own version of the provider.
Seeing what you have here is way more sophisticated, I would love to switch and retire my fork.

However, I'm actually working with the dynamic inventories, i.e. defining the hosts inside my terraform script and then running ansible playbooks on these hosts.
(see https://registry.terraform.io/providers/Sovarto/ansible/latest/docs/resources/playbook2)

Is this something you plan to add?

One caveat of using cloud.terraform.terraform_provider is the need to have two separate terraform projects, because cloud.terraform.terraform_provider works off of the tfstate file.

[marshallford]

Hey Daniel! First off, thank you for opening this issue as well as creating a fork -- I looked at quite a few different solutions to running Ansible in Terraform (including your fork) before attempting to write an Ansible provider myself.

As for your ask regarding dynamic inventories -- this feature is actually already implemented, in fact this is one of the primary reasons I opted to write another Ansible provider. I need to improve my documentation, but effectively the ansible_navigator_run resource has an inventory attribute that can be set to any valid Ansible inventory format content. For example, you could use yamlencode and generate a YAML document from a Terraform object that loops over your virtual machine resources. Take a look at the resource examples and the complete AWS example for inspiration and let me know if something isn't clear or if you have any questions at all.

Lastly, a couple of misc items:

1. I should make it clear (here and soon in my docs) that this provider doesn't interface with or use the cloud.terraform.terraform_provider inventory plugin at all. This means you can create compute resources and run a playbook against them in the same apply (and within the same Terraform configuration/state).
2. I have in the works some additional data sources to help with building a valid Ansible inventory, however these will be purely syntaxical sugar and are totally optional.

[dhilgarth]

I even saw the documentation but didn't connect the dots.

I'm going to close this issue but will abuse it for discussion ;-)

I feel like the reliance on ansible_navigator_run is a huge cost / burden. Effectively constraining the use of your awesome provider to those environments where containers can be run. So, not most CI/CD systems, because those often spin up containers and execute our code within those.
Do you have plans to make this dependency optional?

[marshallford]

Effectively constraining the use of your awesome provider to those environments where containers can be run

At least initially this is a trade-off that I'm willing to make, containers are great way to manage all of the packages required to run Ansible and EEs appear to be RedHat's recommended approach (see AWX and AAP). That said, like you, I am still concerned about requiring this dependency across the board -- especially as it relates to Terraform Cloud support.

So, not most CI/CD systems, because those often spin up containers and execute our code within those.

Some containerized CI/CD runners do support DinD (running docker in docker) and plenty of CI/CD platforms offer ephemeral VMs that would sidestep this issue altogether. But yeah, not ideal -- especially given the security and permissions issues that come with DinD.

Do you have plans to make this dependency optional?

Behind the scenes I am working on the possibility of offering two resources -- one that uses an EEI (container image) to run Ansible and a second resource which does not. ansible-navigator does appear to support running playbooks without an EE, but I'm not sure what limitations that would bring.

[dhilgarth]

Behind the scenes I am working on the possibility of offering two resources

That sounds great. Looking forward to it!

[marshallford]

Hey @dhilgarth 👋🏼 I just released v0.14.0 of the provider which allows the usage of an execution environment to be disabled. Let me know if that does the trick!

resource "ansible_navigator_run" "example" {
  playbook                 = <<-EOT
  - hosts: localhost
    become: false
  EOT
  inventory                = "# localhost"
  execution_environment = {
    enabled          = false
  }
}

[dhilgarth]

Hey, great. I've since adjusted my own provider greatly - with some code from yours - so I'm not sure when I will be able to test it.