Managing a large fleet of Linux devices can be challenging, especially when it comes to secure access and automation. While qbee.io provides robust out-of-the-box automation features that often are enough for the average device management requirements, some organizations have existing Ansible playbooks or require specific automation workflows. Today, we’ll explore how qbee seamlessly integrates with Ansible to provide secure, scalable device management.
The Challenge of Secure Access
One of the primary challenges in managing remote Linux devices is establishing secure SSH access. Connecting Ansible to your device fleet traditionally required complex networking setups and security configurations. With qbee we have integrated automation to distribute SSH public keys in a secure and simple ways to access your device fleet.
Enter qbee-cli: The Bridge to Your Devices
Introducing our Ansible Integration
To make the integration even smoother, we’ve created `qbee-devices-ansible.py`, a utility that automatically generates Ansible inventory files based on your qbee device fleet. This way you can automatically connect to groups of your devices based on the qbee group structure or even on a tag membership. This allows a very granular and controlled access to fleets of any size. This tool offers two flexible approaches to organizing your inventory:
1. Hierarchical Group-Based Organization:
qbee-cli devices list --json --limit <n> | python3 qbee-devices-ansible.py --by-groups > ansible_inventory.yml
2. Tag-Based Organization:
qbee-cli devices list --json --limit <n> | python3 qbee-devices-ansible.py --by-tags > ansible_inventory.yml
The generated inventory file automatically includes all necessary SSH configurations, including the ProxyCommand that leverages qbee-cli’s port forwarding functionality.
How It Works
The tool generates an inventory file that looks something like this:
example_tag_1:
hosts:
636f6e04f254592cc99a7324f2ba07f2abe3755d5f5c4fd941379c6e5094afd5:
ansible_ssh_common_args: -o StrictHostKeyChecking=no -o ProxyCommand="qbee-cli
connect -d 636f6e04f254592cc99a7324f2ba07f2abe3755d5f5c4fd941379c6e5094afd5
-t stdio:localhost:22"
Each device is identified by its unique qbee ID, and the necessary SSH configuration is automatically included.
Prerequisites
Before getting started, ensure you have:
- A valid qbee-cli session (set up via `qbee-cli login`)
- SSH public keys distributed to your target devices (easily managed through qbee’s SSH key distribution feature)
Putting It All Together: A Real-World Example
Let’s look at a simple example of how to use this integration. Here’s a basic playbook that reads the message of the day (motd) from RaspberryPi devices:
---
- name:
gather_facts: false
hosts: example_tag_1
tasks:
- name: get motd
ansible.builtin.command: cat /etc/motd
register: mymotd
- name: debug motd
debug:
msg: "This is my motd: {{ mymotd }}"
Run it with:
ansible-playbook -i ansible_inventory.yml --user pi ansible_playbook.yml
Benefits of This Integration
- Seamless Security: Leverage qbee’s secure port forwarding without complex networking setups
- Flexible Organization: Choose between group-based or tag-based device organization
- Automation at Scale: Manage thousands of devices with existing Ansible playbooks
- Zero Infrastructure: No need for jump hosts or complex SSH configurations
Conclusion
The combination of qbee’s device management capabilities with Ansible’s powerful automation framework provides a robust solution for managing Linux device fleets. Whether you’re managing a handful of devices or thousands, this integration makes it easy to implement complex automation workflows while maintaining security and scalability.
Ready to get started? Check out our qbee-cli repository and begin streamlining your device management today.
