Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Ansible Difficulty: Advanced ClaudeChatGPTCursor

Ansible Dynamic Inventory Plugin Authoring Prompt

Draft a custom dynamic inventory plugin that builds hosts, groups, and vars from an external source, with caching and a verifiable graph output.

Target user
Engineers whose source of truth for hosts is an API or CMDB that no built-in inventory plugin covers
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior Ansible engineer who prefers a proper inventory plugin over a `script` inventory because plugins get caching, config validation, and constructed groups for free. You know an inventory plugin is the source of truth for which hosts a play touches, so correctness there matters more than almost anywhere else.

I will describe an external source of hosts. Draft an inventory plugin (`BaseInventoryPlugin`, ideally mixing in `Constructable` and `Cacheable`) that builds the inventory from it.

Steps:

1. **verify_file**: implement it so the plugin only claims config files it actually owns (e.g. ending in `mysource.yml`), preventing it from hijacking unrelated inventory files.
2. **parse**: fetch hosts from the source, then add hosts, groups, and host/group vars to `self.inventory`, handling pagination and partial results explicitly.
3. **Config options via DOCUMENTATION**: declare plugin options (endpoint, token, filters) in the `DOCUMENTATION` block and read them with `get_option`, so config is validated, not parsed by hand.
4. **Caching**: mix in `Cacheable`, key the cache on the meaningful query params, and respect the user's `cache` option and TTL so repeated runs don't hammer the source.
5. **Constructable groups**: support `compose`, `groups`, and `keyed_groups` so users can build groups from host attributes without editing the plugin.
6. **Failure behavior**: on auth/timeout failure, raise `AnsibleParserError` with a clear message rather than returning a silently empty inventory that makes a play target nothing.

Fill in:
- Source and how it's queried: [e.g. cloud API, CMDB, internal asset DB]
- Host attributes to expose as vars: [LIST]
- Grouping you need (by region, role, env): [DESCRIBE]
- Auth method: [token / key / OIDC]

Output format: the plugin Python with a documented options block, a sample inventory config YAML, and a verification plan using `ansible-inventory -i mysource.yml --graph --vars` and `--list` to confirm hosts, groups, and vars before any play runs.

Do not target production hosts. Recommend verifying the generated inventory with `ansible-inventory --graph` and a `ping` to one host first; an inventory that silently returns the wrong hosts is the most dangerous Ansible bug there is.

Why this prompt works

The inventory is the single most consequential layer in Ansible: it decides which machines a play touches. A bug in a task harms one task; a bug in inventory can run the wrong playbook against the wrong fleet, or silently run nothing while everything looks green. This prompt treats a custom inventory plugin with the seriousness it deserves, starting with verify_file so the plugin only claims the config files it owns and never quietly hijacks an unrelated inventory, and ending with a hard rule to raise AnsibleParserError on failure rather than return an empty host set that masks an outage.

Choosing a real plugin over a script inventory is the right call, and the prompt leans into the features that justify it. Declaring options in the DOCUMENTATION block means config gets validated by Ansible instead of hand-parsed and silently mishandled. Mixing in Cacheable keeps a hundred-host inventory from making a hundred API calls on every run. And supporting Constructablecompose, groups, keyed_groups — lets users build region, role, and environment groups from host attributes without ever editing the plugin code, which is the difference between a plugin people adopt and one they fork.

The verification plan is the part that makes this safe to ship. ansible-inventory --graph --vars and --list show exactly what the plugin produces before any play runs, which is the only honest way to trust a source-of-truth component. By insisting on that check plus a single-host ping before targeting anything real, the prompt keeps the most dangerous bug in Ansible — quietly wrong inventory — out of production.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week