feat(inventory): add Terraform CMDB dynamic inventory for ai-workspace

Reads cmdb.json produced by iac_modules vultr-vps/envs/ai-workspace generate.py and exposes hosts/groups/hostvars to Ansible, linking IaC provisioning to playbook deploys (terraform_cmdb.py). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 20:57:58 +08:00 · 2026-06-23 20:57:58 +08:00 · df48cb4f5a
commit df48cb4f5a
parent 099a144a9e
1 changed files with 106 additions and 0 deletions
--- a/inventory/terraform_cmdb.py
+++ b/inventory/terraform_cmdb.py
@ -0,0 +1,106 @@
+#!/usr/bin/env python3
+"""Ansible 动态 inventory —— 数据源为 Terraform 导出的 CMDB。
+
+与 IAC 联动方式：
+  iac_modules/terraform-hcl-standard/vultr-vps/envs/ai-workspace/ 的 generate.py
+  在 `terraform apply` 后，把 YAML 静态字段与 terraform 运行时输出合并写出
+  cmdb.json（结构化主机事实）。本脚本把它翻译成 Ansible 动态 inventory，
+  于是 IaC 一变更、重跑 `generate.py inventory`，inventory 就跟着变。
+
+取数优先级：
+  1. 环境变量 AI_WORKSPACE_CMDB_JSON 指向的文件
+  2. 环境变量 AI_WORKSPACE_TF_DIR（或默认 env 目录）下的 cmdb.json
+
+用法：
+  ansible-inventory -i inventory/terraform_cmdb.py --list
+  ansible all -i inventory/terraform_cmdb.py -m ping
+"""
+
+import json
+import os
+import sys
+
+HERE = os.path.dirname(os.path.abspath(__file__))
+# playbooks/inventory -> 仓库根 -> terraform env
+REPO_ROOT = os.path.abspath(os.path.join(HERE, "..", ".."))
+DEFAULT_TF_DIR = os.path.join(
+    REPO_ROOT,
+    "iac_modules",
+    "terraform-hcl-standard",
+    "vultr-vps",
+    "envs",
+    "ai-workspace",
+)
+
+
+def _from_explicit_file():
+    path = os.environ.get("AI_WORKSPACE_CMDB_JSON")
+    if path and os.path.isfile(path):
+        with open(path, encoding="utf-8") as fh:
+            return json.load(fh)
+    return None
+
+
+def _from_default_file(tf_dir):
+    path = os.path.join(tf_dir, "cmdb.json")
+    if os.path.isfile(path):
+        with open(path, encoding="utf-8") as fh:
+            return json.load(fh)
+    return None
+
+
+def load_cmdb():
+    tf_dir = os.environ.get("AI_WORKSPACE_TF_DIR", DEFAULT_TF_DIR)
+    for loader in (
+        _from_explicit_file,
+        lambda: _from_default_file(tf_dir),
+    ):
+        data = loader()
+        if data:
+            return data
+    return {}
+
+
+def build_inventory(cmdb):
+    inv = {"_meta": {"hostvars": {}}}
+    groups = {}
+
+    for name, host in cmdb.items():
+        hostvars = {
+            "ansible_host": host.get("ip"),
+            "ansible_user": host.get("ansible_user", "root"),
+            # 云主机 IP 常被回收，放宽 host key 校验避免撞到旧 known_hosts
+            "ansible_ssh_common_args": (
+                "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+            ),
+        }
+        # CMDB 其余字段一并暴露给 playbook 使用
+        hostvars.update(host.get("host_vars", {}))
+        hostvars["cmdb_instance_id"] = host.get("instance_id")
+        hostvars["cmdb_os_id"] = host.get("os_id")
+        hostvars["cmdb_tags"] = host.get("tags", [])
+        inv["_meta"]["hostvars"][name] = hostvars
+
+        for group in host.get("groups", []) or ["ungrouped"]:
+            groups.setdefault(group, {"hosts": []})["hosts"].append(name)
+
+    inv.update(groups)
+    inv["all"] = {"children": sorted(list(groups.keys()) + ["ungrouped"])}
+    return inv
+
+
+def main():
+    args = sys.argv[1:]
+    cmdb = load_cmdb()
+
+    if "--host" in args:
+        # hostvars 已在 _meta 里，单主机查询返回空对象即可
+        print(json.dumps({}))
+        return
+
+    # 默认与 --list 行为一致
+    print(json.dumps(build_inventory(cmdb), indent=2))
+
+
+if __name__ == "__main__":
+    main()