BestHub
Sign in
Operations 10 min read

Mastering Ansible Inventory: From Basics to Advanced Grouping & Variables

Ansible Inventory defines host lists and variables for automation; this guide explains its purpose, basic file format, verification commands, advanced grouping, variable settings, and privilege escalation techniques, providing practical code examples and tips to streamline server configuration and management.

Linux Ops Smart Journey
Linux Ops Smart Journey
Linux Ops Smart Journey
Mastering Ansible Inventory: From Basics to Advanced Grouping & Variables

What is Ansible Inventory?

Ansible Inventory is a file or database that stores a list of hosts and related configuration information, allowing you to specify target machines and set variables such as IP addresses, usernames, and passwords to simplify task execution.

Basic Inventory File

<code>$ cat hosts
172.139.20.170

[k8sMaster]
172.139.20.121
172.139.20.176
172.139.20.151

[k8sNode]
172.139.20.175
172.139.20.75
172.139.20.66
172.139.20.19

# Support host range syntax
[tmp]
172.139.20.[1:20]
www[01:50].example.com
db-[a:f].example.com</code>

Tip: Group names should not contain hyphens; otherwise Ansible will emit a warning about invalid characters.

Validate Inventory File

Using the ping module:

<code>$ ansible -i hosts k8sMaster -m ping --ssh-common-args="-o StrictHostKeyChecking=no" -u ops -k
SSH password: 
172.139.20.176 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
172.139.20.151 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
172.139.20.121 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}</code>

Parameters explained:

-i hosts k8sMaster: Use the inventory file and specify the target group or host.

-m ping: Run the ping module to test connectivity.

--ssh-common-args="-o StrictHostKeyChecking=no": Disable SSH host key checking.

-u ops: Remote user for login.

-k: Prompt for the SSH password.

Using the file module (without privilege escalation):

<code>$ ansible -i hosts 172.139.20.121 --ssh-common-args="-o StrictHostKeyChecking=no" -u ops -k -m file -a "path=/etc/foo.conf state=touch"
SSH password: 
172.139.20.121 | FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": "Error, could not touch target: [Errno 13] Permission denied: '/etc/foo.conf'", "path": "/etc/foo.conf"}</code>

Tip: The failure is due to insufficient permissions for the

ops

user. Use privilege escalation to succeed.

Privilege escalation parameters:

-b: Enable become (privilege escalation).

--become-method: Method to become, e.g., sudo or su (default sudo).

-K: Prompt for the become password.

<code>$ ansible -i hosts 172.139.20.121 --ssh-common-args="-o StrictHostKeyChecking=no" -u ops -k -m file -a "path=/etc/foo.conf state=touch" -b -K
SSH password: 
BECOME password[defaults to SSH password]: 
172.139.20.121 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": true, "dest": "/etc/foo.conf", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0}</code>

Advanced Usage: Grouping and Variable Settings

When environments become more complex, simple host lists are insufficient. Use inventory grouping and variables to organize hosts.

Defining groups:

<code>[group1]
192.168.xx.xx
10.154.15.45

[group2]
192.167.xx.xx</code>

Defining sub‑groups:

<code>[k8sMaster]
10.154.15.[45:47]

[k8sNode]
10.154.15.56
10.154.15.89
10.154.15.[100:109]

[k8s:children]
k8sMaster
k8sNode</code>

Variables reduce repetitive parameters. Common variables include:

ansible_port: SSH port of the target host.

ansible_user: Remote login user.

ansible_password: Remote login password.

ansible_become: Enable privilege escalation.

ansible_become_method: Method for escalation (sudo or su).

ansible_become_user: User for

su

escalation.

ansible_become_password: Password for escalation.

ansible_python_interpreter: Path to Python on the target.

Example using sudo escalation:

<code>172.139.20.170 ansible_port=22 ansible_user=ops ansible_password=ops_password ansible_become=yes ansible_become_method=sudo ansible_become_password=ops_password</code>

Example using su escalation:

<code>172.139.20.170 ansible_port=22 ansible_user=ops ansible_password=ops_password ansible_become=yes ansible_become_method=su ansible_become_user=root ansible_become_password=root_password</code>

Setting variables for an entire group:

<code>[k8sMaster]
172.139.20.121
172.139.20.176
172.139.20.151

[k8sNode]
172.139.20.175
172.139.20.75
172.139.20.66
172.139.20.19

[k8s:children]
k8sMaster
k8sNode

[k8s:vars]
ansible_user=ops
ansible_password=ops.ecloud.com</code>

Reference Articles

Official Ansible documentation: https://docs.ansible.com/ansible/2.9/user_guide/intro_inventory.html#

Related blog post: https://www.cnblogs.com/jiaxzeng/p/17506341.html

Conclusion

The above only scratches the surface of Ansible Inventory usage. As you deepen your understanding and practice, the inventory file becomes a powerful tool for automated deployment, configuration management, and task orchestration, helping you boost efficiency and reliability.

AutomationInventoryconfigurationDevOpsAnsibleServer management
Linux Ops Smart Journey
Written by

Linux Ops Smart Journey

The operations journey never stops—pursuing excellence endlessly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment