One major weakness with Ansible's "lookup" plugins is that they are
evaluated _every single time they are used_, even indirectly. This
means, for example, a shell command could be run many times, potentially
resulting in different values, or executing a complex calculation that
always provides the same result. Ansible does not have a built-in way
to cache the result of a `lookup` or `query` call, so I created this
one. It's inspired by [ansible-cached-lookup][0], which didn't actually
work and is apparently unmaintained. Instead of using a hard-coded
file-based caching system, however, my plugin uses Ansible's
configuration and plugin infrastructure to store values with any
available cache plugin.
Although looking up the _pyrocufflink.net_ wildcard certificate with the
Kubernetes API isn't particularly expensive by itself right now, I can
envision several other uses that may be. Having this plugin available
could speed up future playbooks.
[0]: https://pypi.org/project/ansible-cached-lookup
We don't want Jenkins attemptying to manage test VMs. I thought of
various ways to exclude them, but in the end, I think a simple name
match will work fine.
The host provisioner _should_ manage test VMs, though, so it will need
to be configured to set the `PYROCUFFLINK_EXCLUDE_TEST` environment
variable to `false` to override the default behavior.
In order to fully automate host provisioning, we need to eliminate the
manual step of adding hosts to the Ansible inventory. Ansible has had
the _community.libvirt.libvirt_ inventory plugin for quite a while, but
by itself it is insufficient, as it has no way to add hosts to groups
dynamically. It does expose the domain XML, but parsing that and
extracting group memberships from that using Jinja templates would be
pretty terrible. Thus, I decided the easiest and most appropriate
option would be to develop my own dynamic inventory plugin.
* Supports multiple _libvirt_ servers
* Can connect to the read-only _libvirt_ socket
* Can optionally exclude VMs that are powered off
* Can exclude VMs based on their operating system (if the _libosinfo_
metadata is specified in the domain metadata)
* Can add hosts to groups as specified in the domain metadata
* Exposes guest info as inventory host variables (requires QEMU guest
agent running in the VM and does not work with a read-only _libvirt_
connection)
[ARA Records Ansible][0] is a web-based reporting tool for Ansible. It
consists of a callback plugin that submits task/playbook results to an
HTTP API and a browser GUI to display them.
[0]: https://ara.recordsansible.org/
This plugin sends a notification using _ntfy_ whenever a playbook
fails. This will be useful especially for automated deployments when
the playbook was not launched manually.
Dustin