fix: Resolve 'too many open files' error in pipeline

- Remove -v verbose flag from ansible-playbook (was causing file descriptor exhaustion)
- Add recurse: false to find tasks (prevents recursive directory traversal)
- Set ulimit -n 4096 in Woodpecker container to increase FD limit
- Add ANSIBLE_* environment variables for container optimization:
  - ANSIBLE_HOST_KEY_CHECKING=False (skip SSH key verification)
  - ANSIBLE_CALLBACK_WHITELIST=minimal (reduce output verbosity)
  - ANSIBLE_FORCE_COLOR=False (no ANSI color codes)
  - ANSIBLE_RETRY_FILES_ENABLED=False (don't create retry files)

This resolves fsnotify watcher errors in container environments with low FD limits.

.woodpecker.yml

@@ -97,8 +97,16 @@ steps:
       GITOPS_STATUS_SERVER_URL: http://gitops-status-server.observability-stack.svc.cluster.local:80
       REPO_NAME: rsyslog
       SERVER_NAME: rsyslog-lab
+      # Optimize Ansible for container environment
+      ANSIBLE_HOST_KEY_CHECKING: "False"
+      ANSIBLE_CALLBACK_WHITELIST: "minimal"
+      ANSIBLE_FORCE_COLOR: "False"
+      ANSIBLE_RETRY_FILES_ENABLED: "False"
     commands:
       - |
+        # Increase file descriptor limit for Ansible
+        ulimit -n 4096
+
         # Install dependencies: curl for HTTP requests, jq for JSON formatting
         apk add --no-cache curl jq > /dev/null 2>&1
 
@@ -139,8 +147,16 @@ steps:
       GITOPS_STATUS_SERVER_URL: http://gitops-status-server.observability-stack.svc.cluster.local:80
       REPO_NAME: rsyslog
       SERVER_NAME: rsyslog-lab
+      # Optimize Ansible for container environment
+      ANSIBLE_HOST_KEY_CHECKING: "False"
+      ANSIBLE_CALLBACK_WHITELIST: "minimal"
+      ANSIBLE_FORCE_COLOR: "False"
+      ANSIBLE_RETRY_FILES_ENABLED: "False"
     commands:
       - |
+        # Increase file descriptor limit for Ansible
+        ulimit -n 4096
+
         # Install dependencies: curl for HTTP requests, jq for JSON formatting
         apk add --no-cache curl jq bash > /dev/null 2>&1
 

ansible/playbooks/drift-check.yml

@@ -42,12 +42,14 @@
           ansible.builtin.find:
             paths: "{{ rsyslog_config_dir }}"
             patterns: "*.conf"
+            recurse: false
           register: server_configs
 
         - name: Find config files in Git (controller)
           ansible.builtin.find:
             paths: "{{ playbook_dir }}/../../files/rsyslog.d"
             patterns: "*.conf"
+            recurse: false
           delegate_to: localhost
           register: repo_configs
 

update-gitops-status.sh

@@ -66,19 +66,19 @@ echo "Step 1/4: Running drift-check playbook..."
 PLAYBOOK_LOG=$(mktemp)
 trap "rm -f $PLAYBOOK_LOG" EXIT
 
-# Run playbook with verbose flag to capture detailed output
+# Run playbook (no -v flag to avoid file descriptor exhaustion in containers)
 # Exit code: 0 = synced, non-zero = drift detected (expected)
 set +e
 ansible-playbook \
   -i "$INVENTORY_FILE" \
   "$PLAYBOOK" \
-  -v \
   > "$PLAYBOOK_LOG" 2>&1
 DRIFT_RC=$?
 set -e
 
-# Show playbook output for debugging
+# Show playbook output for debugging (compact)
-cat "$PLAYBOOK_LOG"
+echo "Playbook output:"
+cat "$PLAYBOOK_LOG" | tail -20
 echo ""
 
 # ─────────────────────────────────────────────────────────────────────────────────