Feature #24482


Allow the use of external inventories

Added by Laurent Nominé about 5 years ago. Updated over 2 years ago.

Target version:
Fixed in Releases:
Found in Releases:


Currently, the ansible-playbook command is wrapped by foreman_ansible and it only makes use of an-autogenerated inventory. It would be nice if we could make use of /etc/ansible/hosts or another inventory plugin configured in ansible.cfg. Something configurable in the Foreman UI for example.

Actions #1

Updated by Ondřej Pražák almost 5 years ago

Hi, thank you for your feature request. Could you elaborate more on your use case? I am just wondering why you would need to specify another inventory, because in this case Foreman is the inventory provider and the whole point of integration with Ansible is the ability to run playbooks against hosts managed by Foreman. If you have an external inventory (like /etc/ansible/hosts), then why use Foreman in the first place to run Ansible when you can do that with 'ansible-playbook -i'?

Actions #2

Updated by Laurent Nominé almost 5 years ago

Among other things, we like the Ansible integration in Foreman for the ability to launch playbooks and autogenerate them through the UI and the API. We also have multiple smart-proxies in different locations and nobody has to SSH somewhere to run playbooks. Now, the way foreman_ansible is integrated to the Foreman inventory is pretty limited because we don't have access to inventory variables. If we place them to hosts/groups parameters in Foreman, we can't expose them to people or tools that need to run the ansible binary.

It's also quite complicated to handle those variables by code, whereas a (dynamic) inventory file allows more flexibility. Furthermore, a deeper integration of the Ansible native inventory would allow running playbooks scoped to real Ansible groups, instead of enumerating hosts individually.

Actions #3

Updated by Ondřej Ezr over 2 years ago

  • Difficulty set to hard
  • Triaged changed from No to Yes

This has consequences - user would be able to run the ansible against hosts they do not have permissions to.


Also available in: Atom PDF