inventory: Configure for HostVDS openstack

Using the Ansible OpenStack inventory plugin, we can automatically fetch
information about running instances in HostVDS.  We're deriving group
membership from the `groups` metadata tag.

The OpenStack API password must be specified in a `secure.yaml` file.
We're omitting this from the repository because there's no apparent way
to encrypt it.

The inventory plugin tends to prefer IPv6 addresses over IPv4 when
populating `ansible_host`, even if the control machine does not have
IPv6 connectivity.  Thus, we have to compose the relevant variables
ourselves with a Jinja2 expression.

.gitignore

@@ -1,5 +1,7 @@
+/.inventory-cache
 /.vault-secret.gpg
 .fact-cache
+/secure.yaml
 /victoria-metrics-*.tar.gz
 /victoria-metrics-*/
 /tmp/

clouds.yaml

@@ -0,0 +1,9 @@
+clouds:
+  hostvds:
+    region_name: us-east2
+    auth:
+      username: hostvds-b3897be3-8920-4fb0-955d-340a162da6dd
+      project_name: hostvds-b3897be3-8920-4fb0-955d-340a162da6dd
+      auth_url: https://os-api.hostvds.com/identity
+      user_domain_name: Default
+      project_domain_id: default

hostvds.openstack.yml

@@ -0,0 +1,18 @@
+plugin: openstack.cloud.openstack
+only_clouds:
+- hostvds
+cache: true
+cache_plugin: jsonfile
+cache_connection: .inventory-cache
+compose:
+  ansible_user: '"root"'
+  ansible_host: &ipv4
+    (openstack.addresses[openstack.addresses|first]
+      | selectattr('version', 'eq', 4)
+      | first
+    ).addr
+  ansible_ssh_host: *ipv4
+keyed_groups:
+- key: openstack.metadata.groups|split(',')
+  prefix: ''
+  separator: ''