--- - name: Check rsyslog configuration drift hosts: rsyslog_servers gather_facts: false vars: drift_detected: false tasks: - name: Check main rsyslog.conf block: - name: Compare main configuration file command: diff {{ repo_root }}/files/rsyslog.conf {{ rsyslog_main_config }} register: main_diff changed_when: false failed_when: false - name: Fail if main config has drift fail: msg: "Main rsyslog.conf has drifted from Git. ({{ main_diff.stdout | default('no diff output') }})" when: main_diff.rc != 0 ignore_errors: true register: main_drift - name: Set drift flag for main config set_fact: drift_detected: true when: main_diff.rc != 0 - name: Check rsyslog.d directory block: - name: Find config files in repository find: paths: "{{ repo_root }}/files/rsyslog.d" patterns: "*.conf" register: repo_configs - name: Compare each config file command: diff {{ item.path }} {{ rsyslog_config_dir }}/{{ item.path | basename }} register: file_diffs changed_when: false failed_when: false loop: "{{ repo_configs.files }}" - name: Set drift flag if any file differs set_fact: drift_detected: true when: item.rc != 0 loop: "{{ file_diffs.results }}" - name: Check for extra files on server block: - name: Find config files on server find: paths: "{{ rsyslog_config_dir }}" patterns: "*.conf" register: server_configs - name: Check for files in server but not in repo set_fact: drift_detected: true when: - (server_configs.files | length) > (repo_configs.files | length) - name: Report status block: - name: Print SYNCED status debug: msg: | ╭─────────────────────────────╮ │ ✓ SYNCED │ │ Configuration is up-to-date │ ╰─────────────────────────────╯ when: not drift_detected - name: Print OUT OF SYNC status debug: msg: | ╭─────────────────────────────╮ │ ✗ OUT OF SYNC │ │ Configuration has drifted │ ╰─────────────────────────────╯ when: drift_detected - name: Fail if drift detected fail: msg: "Configuration drift detected. Live system does not match repository." when: drift_detected