I spent some time today figuring out how the new mechanism for inventory plugins for Ansible 2.5 works, and also spent quite a bit of time scratching my head at an error I encountered when executing a test playbook against Rackspace Public Cloud.

Inventory Plugin for OpenStack

The inventory plugin system was introduced into Ansible 2.4. The old dynamic inventory mechanism still works, so until now I’ve never tried to use the new system. The documentation is a little confusing and I found the inventory samples by Alan Rominger very useful to get me on the right track.

The minimal requirement to make the OpenStack inventory plugin work is to put a file named openstack.yml or openstack.yaml in your inventory folder.

For example, I have the following in ansible.cfg:

[defaults]
inventory = inventory

And the contents of inventory/openstack.yml is:

plugin: openstack
fail_on_errors: yes

This assumes that you already have a clouds.yaml file in your ~/.config folder, and have the shade library installed into the same python environment as Ansible.

That’s it! Thanks to the default auto inventory plugin being enabled, it will find the openstack.yml file and enable the OpenStack inventory plugin.

Using the Ansible os_server module against Rackspace Public Cloud

When trying to use the os_server module against Rackspace Public Cloud I got this error:

TASK [Create/delete OpenStack Instance] ************************************************************************************************************************
fatal: [localhost]: FAILED! => changed=false
  extra_data: null
  msg: 'Unavailable feature: security groups'

This is odd, because the same playbook works just fine in Ansible 2.3. I spent quite a bit of time trying to hunt down what changed to precipitate this problem but was unsuccessful. I did manage to find a way to make it work though - just provide an empty list for the security_groups argument.

- name: Create/delete OpenStack Instance
  os_server:
    name: "setup-instance-test1"
    flavor: "general1-1"
    state: "present"
    cloud: "rackspace"
    region_name: "IAD"
    image: "Ubuntu 18.04 LTS (Bionic Beaver) (PVHVM)"
    key_name: superduper
    security_groups: []
    config_drive: yes
    meta:
      build_config: core
    wait: yes
    timeout: 900

The default value the module has is [ 'default' ] and the module therefore tries to implement this when building the instance. However it seems that this capability is not available for Rackspace Public Cloud, and it fails the task.

I hope that figuring this out will help someone else save some time.