diff --git a/.woodpecker.yml b/.woodpecker.yml index 43d8d49..8eca8cf 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -102,6 +102,7 @@ steps: ANSIBLE_FORCE_COLOR: "False" ANSIBLE_RETRY_FILES_ENABLED: "False" ANSIBLE_UNSAFE_WRITES: "True" + ANSIBLE_FORKS: "1" commands: - | # Increase file descriptor limit for Ansible (max safe value) @@ -152,6 +153,7 @@ steps: ANSIBLE_FORCE_COLOR: "False" ANSIBLE_RETRY_FILES_ENABLED: "False" ANSIBLE_UNSAFE_WRITES: "True" + ANSIBLE_FORKS: "1" commands: - | # Increase file descriptor limit for Ansible (max safe value) diff --git a/ansible/playbooks/drift-check.yml b/ansible/playbooks/drift-check.yml index 9cb69b9..dd290c9 100644 --- a/ansible/playbooks/drift-check.yml +++ b/ansible/playbooks/drift-check.yml @@ -79,6 +79,29 @@ ansible.builtin.set_fact: drift_detected: "{{ main_config_check.changed or rsyslogd_check.changed or (extra_files_on_server | default(false)) }}" + # ───────────────────────────────────────────────────────────────────────── + # Debug: Show WHAT changed (for troubleshooting) + # ───────────────────────────────────────────────────────────────────────── + - name: Show main config change status + ansible.builtin.debug: + msg: "Main config (rsyslog.conf) changed: {{ main_config_check.changed }}" + when: drift_detected + + - name: Show rsyslog.d change status + ansible.builtin.debug: + msg: "rsyslog.d directory changed: {{ rsyslogd_check.changed }}" + when: drift_detected + + - name: Show main config diff if changed + ansible.builtin.debug: + var: main_config_check.diff + when: main_config_check.changed and main_config_check.diff is defined + + - name: Show rsyslog.d diff if changed + ansible.builtin.debug: + var: rsyslogd_check.diff + when: rsyslogd_check.changed and rsyslogd_check.diff is defined + # ───────────────────────────────────────────────────────────────────────── # Build structured list of changed files for GitOps status server # This data is parsed by the update-gitops-status.sh wrapper script diff --git a/update-gitops-status.sh b/update-gitops-status.sh index a674ded..2c4b30c 100644 --- a/update-gitops-status.sh +++ b/update-gitops-status.sh @@ -68,16 +68,19 @@ KEEP_LOG="${KEEP_PLAYBOOK_LOG:-false}" if [ "$KEEP_LOG" = "true" ]; then PLAYBOOK_LOG="./drift-check-output.log" echo " Playbook output will be saved to: $PLAYBOOK_LOG" -else - trap "rm -f $PLAYBOOK_LOG" EXIT fi +# Set up cleanup trap (will be updated later with RESPONSE_BODY) +trap "rm -f $PLAYBOOK_LOG" EXIT + # Run playbook (no -v flag to avoid file descriptor exhaustion in containers) # Exit code: 0 = synced, non-zero = drift detected (expected) -# Use default callback for consistent debug output format +# Use YAML callback for consistent debug output format +# Limit forks to 1 to reduce file descriptor usage set +e ANSIBLE_FORCE_COLOR=false \ ANSIBLE_STDOUT_CALLBACK=yaml \ +ANSIBLE_FORKS=1 \ ansible-playbook \ -i "$INVENTORY_FILE" \ "$PLAYBOOK" \ @@ -218,23 +221,55 @@ echo "" echo "Step 4/4: Sending status to gitops-status-server..." echo " URL: $GITOPS_STATUS_SERVER_URL/api/status" echo " Method: POST" +echo " Payload size: $(echo "$STATUS_JSON" | wc -c) bytes" +echo "" + +# Test connectivity first +echo " Testing connectivity to gitops-status-server..." +if ! curl -s -m 5 "$GITOPS_STATUS_SERVER_URL/health" > /dev/null 2>&1; then + echo " ✗ WARNING: Cannot reach $GITOPS_STATUS_SERVER_URL/health" + echo " Attempting DNS resolution..." + nslookup gitops-status-server.observability-stack.svc.cluster.local || true + echo "" +else + echo " ✓ Server is reachable" +fi echo "" # Create temporary files for response RESPONSE_BODY=$(mktemp) -trap "rm -f $RESPONSE_BODY" EXIT +trap "rm -f $RESPONSE_BODY $PLAYBOOK_LOG" EXIT +echo " Sending POST request..." # POST the JSON to the gitops-status-server API with full error reporting # Capture both response code and body for debugging -HTTP_CODE=$(curl -s -w "%{http_code}" \ +set +e +HTTP_RESPONSE=$(curl -s -w "\n%{http_code}" \ -X POST \ -H "Content-Type: application/json" \ -d "$STATUS_JSON" \ "$GITOPS_STATUS_SERVER_URL/api/status" \ - -o "$RESPONSE_BODY" 2>&1 || true) + 2>&1) +CURL_EXIT=$? +set -e -# Extract HTTP code (last 3 digits) -HTTP_CODE="${HTTP_CODE: -3}" +if [ $CURL_EXIT -ne 0 ]; then + echo " ✗ CURL FAILED with exit code $CURL_EXIT" + echo " Error output: $HTTP_RESPONSE" + exit 1 +fi + +# Split response: body is everything except last line, code is last line +HTTP_CODE=$(echo "$HTTP_RESPONSE" | tail -1) +RESPONSE_CONTENT=$(echo "$HTTP_RESPONSE" | head -n -1) +echo "$RESPONSE_CONTENT" > "$RESPONSE_BODY" + +# Validate HTTP code is numeric +if ! [[ "$HTTP_CODE" =~ ^[0-9]+$ ]]; then + echo " ✗ ERROR: Invalid HTTP response code: $HTTP_CODE" + echo " Full response: $HTTP_RESPONSE" + exit 1 +fi echo " Response: HTTP $HTTP_CODE"