Ideally Payload Data should contain HOSTNAME of the Router. Recently we have implemented many projects for different scenarios, here is my understanding and experience.
If event source that triggers events does not contain any data related to the hostname for the playbook to execute on, the playbook runs on all inventory hosts, as it is written to run on all hosts, as shown below
---
hosts: all
.......
So, the EDA will look for path event.payload.hostname. however our event look like below
2023-12-02 15:43:18,340 - ansible_rulebook.rule_set_runner - INFO - substitute_variables
[{'name': 'recieved-event.yml'}]
[{
'events': {
'm_0': {
'payload': {
'message': 'LowDiskSpace',
'hostname': 'vbrhelhyb01',
'architecture': 'x86_64',
},
So, we need to use this filter ansible.eda.insert_hosts_to_meta to convert above hostname to required format and include in event.meta because the webhook plugin is putting server name with key hostname in the payload in a nested field in the event. ansible-rulebook expects to find meta at the first level. In event.meta not in event.payload.meta
---
- name: Listen for Events on a Webhook
hosts: all
sources:
- ansible.eda.webhook:
host: 0.0.0.0
port: 5000
filters:
- ansible.eda.insert_hosts_to_meta:
host_path: payload.hostname
rules:
- name: Conditions amd Actions to Process Alerts from Manual Generated Events
now event is modified and is posted along with hosts under meta
Now you can see the change in the event, with hosts key added
2023-12-02 17:24:57,505 - ansible_rulebook.rule_set_runner - INFO - substitute_variables
[{'name': 'recieved-event.yml'}]
[{
'events': {
'm_0': {
'payload': {
'message': 'LowDiskSpace',
'hostname': 'vbrhelhyb01',
'proessescount': '150'
},
'meta': {
'endpoint': 'endpoint',
'headers': {
'Content-Length': '290'
},
'hosts': ['vbrhelhyb01'],
'source': {
'name': 'ansible.eda.webhook',
'type': 'ansible.eda.webhook'
},
'received_at': '2023-12-02T09:24:57.307288Z',
'uuid': '9e70cff0-22de-47af-a251-e93e57010831'
}
}
}
}]
Just Assumption only, If the router is not sending any IP address/hostname in the event, at least it should be in the HTTP header. Therefore, you need to have a Python plugin that can extract that information for you.
Hope this is helpful