zabinventory : Zabbix Ansible inventory script
Zabinventory is an external Ansible inventory script. It request Zabbix API to retrieve hosts, hostgroups and hosts inventories.
It permit to use Zabbix Hostgroups with Ansible
ansible-playbook playbooks/ntp.yaml zabbixdefinedgroup
Play with Zabbix inventory variables...
ansible cercloud-mfs -m debug -a "var=[date_hw_expiry]" --limit br156-156
Zabinventory is a Python script. It requires some extra-modules.
pip install pandas pip install ansible_vault pip install config_parser
Or more simply, use requirements.txt from repo :
pip install -r requirements.txt
Create your inventory folder and place zabinventory inside it :
inventory/ ├── group_vars │ ├── all │ ├── hadoop-hdplops1 │ ├── hadoop-hdplops1-hbase-regionserver │ └── IUEM-DC203-server └── zabinventory
If used, group_vars should be in the same directory as zabinventory.
Zabbix User creation
On the Zabbix user interface, create a user, this user will connect to the API to retrieve information. This user must be allowed to read all hostgroups that you want to configure with Ansible. It doesn't need frontend access.
Be sure that Zabbix User is granted to read hostgroups you want to manage with Ansible.
Zabinventory respect Ansible configuration location rules. It will try to find configuration in this order :
Edit or create your ansible.cfg :
[defaults] inventory = ./inventory/zabinventory [zabbix_api_params] zabbix_api_url = https://zabbix.server.tld/zabbix/api_jsonrpc.php zabbix_api_username = username zabbix_api_password = passw0rd
Inside folder which contains ansible.cfg file, simply run zabinventory script :
It should return complete list of monitored hosts, hostgroups and inventory variables (inside _meta).
(optional) Protect Zabbix credentials with Ansible Vault
It is a good idea to protect your Zabbix credentials with Ansible Vault.
Zabinventory can read one to all parameters from an encrypted file. Unfortunatly, Ansible inventory script wasn't interactive, you must use a password file.
Inside your ansible configuration, define password file :
[defaults] vault_password_file = ansible_vault_pass.txt
Next, you can create an encrypted configuration with :
ansible-vault edit ./inventory/zabbix-api-params.yaml
Configure Zabinventory ( yaml !) :
--- zabbix_api_url: https://zabbix.server.tld/zabbix/api_jsonrpc.php zabbix_api_username: username zabbix_api_password: passw0rd
Finally, edit ansible configuration, zabbix_api_params section, to point encrypted configuration :
[zabbix_api_params] secured_yaml = ./inventory/zabbix-api-params.yaml
Feel free to fork, submit issues, PR, offence or thanks.
Current state is "that works for us", if Zabinventory work for you to, feel free to notify me on Twitter @tristanlt.