77 lines
4.6 KiB
YAML
77 lines
4.6 KiB
YAML
---
|
|
# =============================================================================
|
|
# DRIFT-CHECK PLAYBOOK
|
|
# Purpose: Compare file on repo vs server to detect if they're in sync
|
|
# Usage: ansible-playbook drift-check.yml
|
|
# Output: SYNCED or OUT_OF_SYNC status
|
|
# =============================================================================
|
|
|
|
- name: Check file drift
|
|
hosts: all
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# TASK 1: Read local file from repo
|
|
# Reads dvir.txt from the local repository using base64 encoding
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
- name: Read local file
|
|
slurp:
|
|
src: "{{ playbook_dir }}/../../files/dvir.txt"
|
|
delegate_to: localhost
|
|
register: local_file
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# TASK 2: Read file from server
|
|
# Attempts to read dvir.txt from /tmp on the target server
|
|
# Failure is allowed here (we'll handle it in next task)
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
- name: Read server file
|
|
slurp:
|
|
src: /tmp/dvir.txt
|
|
register: server_file
|
|
failed_when: false
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# TASK 3: Compare file contents (if server file exists)
|
|
# Decodes base64 and compares content between repo and server
|
|
# Sets drift_detected to true if content differs
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
- name: Compare file contents
|
|
set_fact:
|
|
drift_detected: "{{ (local_file.content | b64decode) != (server_file.content | b64decode) }}"
|
|
when: server_file.rc == 0
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# TASK 4: Mark as drift if server file is missing
|
|
# If the server file doesn't exist, it's also considered drift
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
- name: Mark as drift if server file missing
|
|
set_fact:
|
|
drift_detected: true
|
|
when: server_file.rc != 0
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# TASK 5: Output SYNCED status
|
|
# Displayed when file on server matches repo file exactly
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
- name: Output SYNCED status
|
|
debug:
|
|
msg: "✓ dvir.txt is synced"
|
|
when: not drift_detected
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# TASK 6: Output OUT_OF_SYNC status
|
|
# Displayed when file on server differs from repo or is missing
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
- name: Output OUT_OF_SYNC status
|
|
debug:
|
|
msg: "✗ dvir.txt is out of sync"
|
|
when: drift_detected
|
|
|
|
- name: Fail if drift detected
|
|
fail:
|
|
msg: "Configuration drift detected."
|
|
when: drift_detected
|
|
|