drift-check recursive

2026-04-24 16:13:34 +03:00 · 2026-04-24 16:13:34 +03:00 · 5f6f641bb4
commit 5f6f641bb4
parent 5c52acf456
2 changed files with 49 additions and 2 deletions
--- a/ansible/playbooks/check_confd_content.yml
+++ b/ansible/playbooks/check_confd_content.yml
@ -0,0 +1,38 @@
+---
+# Helper task to compare individual rsyslog.d config file content
+# Called from drift-check.yml with loop_var: confd_file
+
+- name: Read Git version of {{ confd_file }}
+  slurp:
+    src: "{{ playbook_dir }}/../../files/rsyslog.d/{{ confd_file }}"
+  delegate_to: localhost
+  register: git_file_content
+
+- name: Read server version of {{ confd_file }}
+  slurp:
+    src: "{{ rsyslog_config_dir }}/{{ confd_file }}"
+  register: server_file_content
+
+- name: Normalize and compare {{ confd_file }} content
+  set_fact:
+    git_normalized: "{{ git_file_content.content | b64decode | replace('\r\n', '\n') }}"
+    server_normalized: "{{ server_file_content.content | b64decode | replace('\r\n', '\n') }}"
+
+- name: Check if {{ confd_file }} content matches
+  set_fact:
+    file_matches: "{{ git_normalized == server_normalized }}"
+
+- name: Debug {{ confd_file }} comparison
+  debug:
+    msg: |
+      File: {{ confd_file }}
+      Git size: {{ git_normalized | length }} chars
+      Server size: {{ server_normalized | length }} chars
+      Match: {{ file_matches }}
+  when: not file_matches
+
+- name: Mark drift if {{ confd_file }} differs
+  set_fact:
+    drift_detected: true
+    drifted_files: "{{ drifted_files + ['rsyslog.d/' + confd_file] }}"
+  when: not file_matches
--- a/ansible/playbooks/drift-check.yml
+++ b/ansible/playbooks/drift-check.yml
@ -52,7 +52,7 @@
      when: not main_conf_match

    # ─────────────────────────────────────────────────────────────────────────
-    # Compare rsyslog.d directory files
+    # Compare rsyslog.d directory files (filenames and content)
    # ─────────────────────────────────────────────────────────────────────────
    - name: List Git rsyslog.d files
      find:
@ -78,12 +78,21 @@
      set_fact:
        confd_match: "{{ git_confd_names == server_confd_names }}"

-    - name: Mark drift if rsyslog.d files differ
+    - name: Mark drift if rsyslog.d file list differs
      set_fact:
        drift_detected: true
        drifted_files: "{{ drifted_files + ['rsyslog.d/'] }}"
      when: not confd_match

+    # Compare content of each file in rsyslog.d (only if filenames match)
+    - name: Compare content of rsyslog.d config files
+      include_tasks:
+        file: check_confd_content.yml
+      loop: "{{ git_confd_names }}"
+      loop_control:
+        loop_var: confd_file
+      when: confd_match
+
    # ─────────────────────────────────────────────────────────────────────────
    # Output markers for update-gitops-status.sh parsing
    # ─────────────────────────────────────────────────────────────────────────