What is the best approach to creating a inlude_vars file for my requirement
15 views
Skip to first unread message
Shifa Shaikh
Jan 24, 2020, 6:10:01 PM1/24/20
to Ansible Project
I use the stat module to read multiple files statistics from each remote server.
Thus, I'm able to get the file mode and checksum value of say 3 files on host1 and 2 files on host2.
I wish to know what is a good way to create/construct an include_vars file so that I can easily read back each file's mode and checksum for any given server?
I thought of constructing a myvars.yaml as below:
---
host1:
name: /tmp/conf/httpd.conf
checksum: 79783482382789273
mode: 0744
name: /tmp/conf/extra/httpd.conf
checksum: 112312382789273
mode: 0754
host2:
name: /tmp/conf/httpd.conf
checksum: 89662ff9273
mode: 0774
name: /tmp/conf/extra/httpd.conf
checksum: 82094810498
mode: 0754I can construct the myvars.yaml as I like but the challenge is how can I read the values of the individual file name on a given hots?
Any suggestions for construct myvars.yaml differently and reading individual file details in a playbook will be of great help.
Thank you !!
Dick Visser
Jan 25, 2020, 5:55:25 PM1/25/20
to ansible...@googlegroups.com
Hi
The information you've provided seems to contain several cases of
wheel reinvention.
Rather than helping you do that, please explain what you are REALLY
looking to achieve.
The file names in your example suggest: "configuring a web server".
In which case, a few template tasks and a handler might be all you need.
Dick
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fd96dabf-6ed9-4924-84b5-d855d15f05ff%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
The information you've provided seems to contain several cases of
wheel reinvention.
Rather than helping you do that, please explain what you are REALLY
looking to achieve.
The file names in your example suggest: "configuring a web server".
In which case, a few template tasks and a handler might be all you need.
Dick
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fd96dabf-6ed9-4924-84b5-d855d15f05ff%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Shifa Shaikh
Jan 26, 2020, 9:11:08 AM1/26/20
to Ansible Project
Dick Hi,
My requirement is not about configuring a webserver.
It is to maintain a check on a set of files. If the file changes by checksum or permissions I wish to trigger an alert.
Thus, my ansible will stat the file and then compare the checksum and mode that was previously stored in the include_vars file.
If they match we are good else we will trigger an alert.
Thus, I want to understand if my approach/format of storing mode and checksum information for all files on all servers good? if not please propose how should i design the include_vars files so I could read the checksum and mode of a file on a particular IP.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
Stefan Hornburg (Racke)
Jan 28, 2020, 4:13:35 PM1/28/20
to ansible...@googlegroups.com
On 1/26/20 3:11 PM, Shifa Shaikh wrote:
> Dick Hi,
>
> My requirement is not about configuring a webserver.
>
> It is to maintain a check on a set of files. If the file changes by checksum or permissions I wish to trigger an alert.
>
> Thus, my ansible will stat the file and then compare the checksum and mode that was previously stored in the
> include_vars file.
>
> If they match we are good else we will trigger an alert.
>
> Thus, I want to understand if my approach/format of storing mode and checksum information for all files on all servers
> good? if not please propose how should i design the include_vars files so I could read the checksum and mode of a file
> on a particular IP.
Why don't use an existing checksum tool (e.g Google for linux ids checksum tools) ?
> Dick Hi,
>
> My requirement is not about configuring a webserver.
>
> It is to maintain a check on a set of files. If the file changes by checksum or permissions I wish to trigger an alert.
>
> Thus, my ansible will stat the file and then compare the checksum and mode that was previously stored in the
> include_vars file.
>
> If they match we are good else we will trigger an alert.
>
> Thus, I want to understand if my approach/format of storing mode and checksum information for all files on all servers
> good? if not please propose how should i design the include_vars files so I could read the checksum and mode of a file
> on a particular IP.
Regards
Racke
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/fd96dabf-6ed9-4924-84b5-d855d15f05ff%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/fd96dabf-6ed9-4924-84b5-d855d15f05ff%40googlegroups.com>.
> https://groups.google.com/d/msgid/ansible-project/fd96dabf-6ed9-4924-84b5-d855d15f05ff%40googlegroups.com
>
>
>
> --
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>
>
>
> --
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/41899b75-4a2a-486d-a30c-5ddc798a7880%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/41899b75-4a2a-486d-a30c-5ddc798a7880%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Jean-Yves LENHOF
Jan 28, 2020, 4:53:25 PM1/28/20
to ansible...@googlegroups.com
Le 28/01/2020 à 22:13, Stefan Hornburg (Racke) a écrit :
> On 1/26/20 3:11 PM, Shifa Shaikh wrote:
>> Dick Hi,
>>
>> My requirement is not about configuring a webserver.
>>
>> It is to maintain a check on a set of files. If the file changes by checksum or permissions I wish to trigger an alert.
>>
>> Thus, my ansible will stat the file and then compare the checksum and mode that was previously stored in the
>> include_vars file.
>>
>> If they match we are good else we will trigger an alert.
>>
>> Thus, I want to understand if my approach/format of storing mode and checksum information for all files on all servers
>> good? if not please propose how should i design the include_vars files so I could read the checksum and mode of a file
>> on a particular IP.
> Why don't use an existing checksum tool (e.g Google for linux ids checksum tools) ?
>
> Regards
> Racke
As said by Racke, why not using a tool designed for it like these (there
are available for other distro) : https://doc.ubuntu-fr.org/rootkit
Another way to make some controls is to use package tools with some
options....
dpkg --verify or rpm -Va can be interesting to use....
Regards,
JYL
Reply all
Reply to author
Forward
0 new messages