From 1828ac5cd5ac1ce23931820261766d0b18ea53df Mon Sep 17 00:00:00 2001 From: dvirlabs <114520947+dvirlabs@users.noreply.github.com> Date: Thu, 16 Apr 2026 19:21:49 +0300 Subject: [PATCH] Add validate --- ansible/group_vars/all.yml | 12 +++++ ansible/playbooks/apply.yml | 27 +++++++--- ansible/playbooks/drift-check.yml | 90 +++++++++++++++++++++++++++++++ ansible/playbooks/validate.yml | 15 ++++++ 4 files changed, 136 insertions(+), 8 deletions(-) create mode 100644 ansible/group_vars/all.yml create mode 100644 ansible/playbooks/drift-check.yml create mode 100644 ansible/playbooks/validate.yml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml new file mode 100644 index 0000000..0b9a9c7 --- /dev/null +++ b/ansible/group_vars/all.yml @@ -0,0 +1,12 @@ +--- +# Global variables for rsyslog configuration management + +# Root directory of the rsyslog repository +repo_root: /root/rsyslog + +# rsyslog service name +rsyslog_service: rsyslog + +# Configuration paths +rsyslog_main_config: /etc/rsyslog.conf +rsyslog_config_dir: /etc/rsyslog.d diff --git a/ansible/playbooks/apply.yml b/ansible/playbooks/apply.yml index bc18868..d562293 100644 --- a/ansible/playbooks/apply.yml +++ b/ansible/playbooks/apply.yml @@ -1,28 +1,39 @@ +--- - name: Apply rsyslog configuration hosts: rsyslog_servers become: true tasks: - - name: Copy rsyslog main config + - name: Copy rsyslog main configuration copy: src: ../../files/rsyslog.conf - dest: /etc/rsyslog.conf + dest: "{{ rsyslog_main_config }}" owner: root group: root mode: '0644' + backup: true + register: main_config_copied - - name: Copy rsyslog.d configs + - name: Copy rsyslog.d configurations copy: src: ../../files/rsyslog.d/ - dest: /etc/rsyslog.d/ + dest: "{{ rsyslog_config_dir }}/" owner: root group: root mode: '0644' + register: config_dir_copied - - name: Validate rsyslog config + - name: Validate rsyslog configuration command: rsyslogd -N1 + changed_when: false + when: main_config_copied.changed or config_dir_copied.changed - - name: Restart rsyslog + - name: Restart rsyslog service service: - name: rsyslog - state: restarted \ No newline at end of file + name: "{{ rsyslog_service }}" + state: restarted + when: main_config_copied.changed or config_dir_copied.changed + + - name: Display apply result + debug: + msg: "✓ rsyslog configuration applied successfully" \ No newline at end of file diff --git a/ansible/playbooks/drift-check.yml b/ansible/playbooks/drift-check.yml new file mode 100644 index 0000000..8ad8112 --- /dev/null +++ b/ansible/playbooks/drift-check.yml @@ -0,0 +1,90 @@ +--- +- name: Check rsyslog configuration drift + hosts: rsyslog_servers + gather_facts: false + + vars: + drift_detected: false + + tasks: + - name: Check main rsyslog.conf + block: + - name: Compare main configuration file + command: diff -q {{ repo_root }}/files/rsyslog.conf {{ rsyslog_main_config }} + register: main_diff + changed_when: false + failed_when: false + + - name: Fail if main config has drift + fail: + msg: "{{ lookup('file', repo_root + '/files/rsyslog.conf') | diff([lookup('file', rsyslog_main_config)]) }}" + when: main_diff.rc != 0 + ignore_errors: true + register: main_drift + + - name: Set drift flag for main config + set_fact: + drift_detected: true + when: main_diff.rc != 0 + + - name: Check rsyslog.d directory + block: + - name: Find config files in repository + find: + paths: "{{ repo_root }}/files/rsyslog.d" + patterns: "*.conf" + register: repo_configs + + - name: Compare each config file + block: + - name: Compare {{ item.path | basename }} + command: diff -q {{ item.path }} {{ rsyslog_config_dir }}/{{ item.path | basename }} + register: file_diff + changed_when: false + failed_when: false + + - name: Set drift flag if file differs + set_fact: + drift_detected: true + when: file_diff.rc != 0 + + loop: "{{ repo_configs.files }}" + + - name: Check for extra files on server + block: + - name: Find config files on server + find: + paths: "{{ rsyslog_config_dir }}" + patterns: "*.conf" + register: server_configs + + - name: Check for files in server but not in repo + set_fact: + drift_detected: true + when: + - (server_configs.files | length) > (repo_configs.files | length) + + - name: Report status + block: + - name: Print SYNCED status + debug: + msg: | + ╭─────────────────────────────╮ + │ ✓ SYNCED │ + │ Configuration is up-to-date │ + ╰─────────────────────────────╯ + when: not drift_detected + + - name: Print OUT OF SYNC status + debug: + msg: | + ╭─────────────────────────────╮ + │ ✗ OUT OF SYNC │ + │ Configuration has drifted │ + ╰─────────────────────────────╯ + when: drift_detected + + - name: Fail if drift detected + fail: + msg: "Configuration drift detected. Live system does not match repository." + when: drift_detected diff --git a/ansible/playbooks/validate.yml b/ansible/playbooks/validate.yml new file mode 100644 index 0000000..59f72ba --- /dev/null +++ b/ansible/playbooks/validate.yml @@ -0,0 +1,15 @@ +--- +- name: Validate rsyslog configuration + hosts: rsyslog_servers + gather_facts: false + + tasks: + - name: Validate rsyslog main configuration + command: rsyslogd -N1 -f "{{ rsyslog_main_config }}" + register: validate_main + failed_when: validate_main.rc != 0 + changed_when: false + + - name: Display validation result + debug: + msg: "✓ rsyslog configuration is valid"