Here's a rather basic and unfinished script which might be of use to you
too.
By the way inventory plugins are a thing now, might be worth while making
into a inventory plugin rather than a simple inventory script
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
Example dynamic inventory script which queries active directory.
Likely to need modification for each environment as there are likely
to be different versions of active directory in use needing different
connection parameters.
To use, create a configuration file in users's home dir
called .ansible_inventory.cfg
must contain a [domain] section
and then settings for the following values
domain_controller
connect_to_dc_with_ssl (either True or False)
query_domain
query_user
query_pass
'''
# import class and constants
from ldap3 import Server, Connection, ALL, NTLM, Tls
import json
import ssl
import pprint
import re
import ConfigParser, os
config = ConfigParser.ConfigParser()
user_dir = os.path.expanduser("~")
config.read(user_dir + '/.ansible_inventory.cfg')
domain_controller = config.get('domain', 'domain_controller')
connect_to_dc_with_ssl= config.getboolean('domain', 'connect_to_dc_with_ssl
')
query_domain = config.get('domain', 'query_domain')
query_user = config.get('domain', 'query_user')
query_cred = config.get('domain', 'query_pass')
user = query_domain + "\\" + query_user
# define the server and the connection
# TODO see if not doing get_info speeds things up
server = Server(domain_controller, use_ssl=connect_to_dc_with_ssl,
get_info='ALL')
# TODO remove debug statements
# print "showing server information"
# print (server.info)
# TODO determine if it is quicker to use auto_bind=True
#conn = Connection(server, user="playnetwork.com\\ldapusr",
password=ldappwd, authentication=NTLM, auto_bind=True)
conn = Connection(server, user=user, password=query_cred,
authentication=NTLM)
conn.open()
conn.bind()
# conn.entries
# print(conn)
conn.search('CN=Computers, DC=subdomain, DC=yourorg, DC=yourcompany, DC=com',
'(objectclass=computer)', attributes=["name","OperatingSystem"])
#pp = pprint.PrettyPrinter(indent=4)
#pp.pprint (conn.response)
# print conn.entries
# generate list of all servers (replace 'HOST' with something that matches
machines you want to be part of inventory
names = []
for x in conn.response:
atts = x['attributes']
if 'operatingSystem' in atts:
if atts["operatingSystem"] == 'Windows Server 2012 R2 Standard':
if re.match('HOST', atts['name'] ):
names.append(atts['name'])
# TODO add group. This ought to be doable via a server naming convention
# TODO add _meta for speed as mentioned here:
http://docs.ansible.com/ansible/developing_inventory.html
# TODO add vars
conn.unbind()
hosts = {}
hosts['hosts'] = names
var = {'a':True}
export = {}
export['main_group'] = hosts
export['main_group_win'] = hosts
#export['vars'] = var
On Wednesday, February 14, 2018 at 8:02:33 AM UTC, balz.as...@unibas.ch
wrote:
>
> We do exactly that: We run ansible in pull mode with AD as inventory.
>
> Maybe you can take a look at the dynamic inventory script we use:
> https://github.com/ANTS-Framework/ants/blob/master/antslib/inventory/inventory_ad
> (Because it is used for ansible-pull, it will only return the current
> host, but it should give you some ideas.)
>
> Am Dienstag, 13. Februar 2018 02:50:31 UTC+1 schrieb Aaron K:
>>
>> Does anyone have code that can pull a dynamic inventory from list of AD
>> OUs? Want to use the windows_update module to patch our servers only in
>> specific OUs.
>>
>> Maybe I missed it, but I don't see Windows Active Directory inventory
>> here: https://github.com/ansible/ansible/tree/devel/contrib/inventory
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/73217875-2dfd-406a-9da4-1cadb1672a62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
