Add validate

ansible/group_vars/all.yml

@@ -0,0 +1,12 @@
+---
+# Global variables for rsyslog configuration management
+
+# Root directory of the rsyslog repository
+repo_root: /root/rsyslog
+
+# rsyslog service name
+rsyslog_service: rsyslog
+
+# Configuration paths
+rsyslog_main_config: /etc/rsyslog.conf
+rsyslog_config_dir: /etc/rsyslog.d

ansible/playbooks/apply.yml

@@ -1,28 +1,39 @@
+---
 - name: Apply rsyslog configuration
   hosts: rsyslog_servers
   become: true
 
   tasks:
-    - name: Copy rsyslog main config
+    - name: Copy rsyslog main configuration
       copy:
         src: ../../files/rsyslog.conf
-        dest: /etc/rsyslog.conf
+        dest: "{{ rsyslog_main_config }}"
         owner: root
         group: root
         mode: '0644'
+        backup: true
+      register: main_config_copied
 
-    - name: Copy rsyslog.d configs
+    - name: Copy rsyslog.d configurations
       copy:
         src: ../../files/rsyslog.d/
-        dest: /etc/rsyslog.d/
+        dest: "{{ rsyslog_config_dir }}/"
         owner: root
         group: root
         mode: '0644'
+      register: config_dir_copied
 
-    - name: Validate rsyslog config
+    - name: Validate rsyslog configuration
       command: rsyslogd -N1
+      changed_when: false
+      when: main_config_copied.changed or config_dir_copied.changed
 
-    - name: Restart rsyslog
+    - name: Restart rsyslog service
       service:
-        name: rsyslog
+        name: "{{ rsyslog_service }}"
         state: restarted
+      when: main_config_copied.changed or config_dir_copied.changed
+
+    - name: Display apply result
+      debug:
+        msg: "✓ rsyslog configuration applied successfully"

ansible/playbooks/drift-check.yml

@@ -0,0 +1,90 @@
+---
+- name: Check rsyslog configuration drift
+  hosts: rsyslog_servers
+  gather_facts: false
+
+  vars:
+    drift_detected: false
+
+  tasks:
+    - name: Check main rsyslog.conf
+      block:
+        - name: Compare main configuration file
+          command: diff -q {{ repo_root }}/files/rsyslog.conf {{ rsyslog_main_config }}
+          register: main_diff
+          changed_when: false
+          failed_when: false
+
+        - name: Fail if main config has drift
+          fail:
+            msg: "{{ lookup('file', repo_root + '/files/rsyslog.conf') | diff([lookup('file', rsyslog_main_config)]) }}"
+          when: main_diff.rc != 0
+          ignore_errors: true
+          register: main_drift
+
+        - name: Set drift flag for main config
+          set_fact:
+            drift_detected: true
+          when: main_diff.rc != 0
+
+    - name: Check rsyslog.d directory
+      block:
+        - name: Find config files in repository
+          find:
+            paths: "{{ repo_root }}/files/rsyslog.d"
+            patterns: "*.conf"
+          register: repo_configs
+
+        - name: Compare each config file
+          block:
+            - name: Compare {{ item.path | basename }}
+              command: diff -q {{ item.path }} {{ rsyslog_config_dir }}/{{ item.path | basename }}
+              register: file_diff
+              changed_when: false
+              failed_when: false
+
+            - name: Set drift flag if file differs
+              set_fact:
+                drift_detected: true
+              when: file_diff.rc != 0
+
+          loop: "{{ repo_configs.files }}"
+
+    - name: Check for extra files on server
+      block:
+        - name: Find config files on server
+          find:
+            paths: "{{ rsyslog_config_dir }}"
+            patterns: "*.conf"
+          register: server_configs
+
+        - name: Check for files in server but not in repo
+          set_fact:
+            drift_detected: true
+          when:
+            - (server_configs.files | length) > (repo_configs.files | length)
+
+    - name: Report status
+      block:
+        - name: Print SYNCED status
+          debug:
+            msg: |
+              ╭─────────────────────────────╮
+              │  ✓ SYNCED                   │
+              │  Configuration is up-to-date │
+              ╰─────────────────────────────╯
+          when: not drift_detected
+
+        - name: Print OUT OF SYNC status
+          debug:
+            msg: |
+              ╭─────────────────────────────╮
+              │  ✗ OUT OF SYNC              │
+              │  Configuration has drifted   │
+              ╰─────────────────────────────╯
+          when: drift_detected
+
+        - name: Fail if drift detected
+          fail:
+            msg: "Configuration drift detected. Live system does not match repository."
+          when: drift_detected

ansible/playbooks/validate.yml

@@ -0,0 +1,15 @@
+---
+- name: Validate rsyslog configuration
+  hosts: rsyslog_servers
+  gather_facts: false
+
+  tasks:
+    - name: Validate rsyslog main configuration
+      command: rsyslogd -N1 -f "{{ rsyslog_main_config }}"
+      register: validate_main
+      failed_when: validate_main.rc != 0
+      changed_when: false
+
+    - name: Display validation result
+      debug:
+        msg: "✓ rsyslog configuration is valid"