Display high-level summary of --diff output

[N. Bailey]

Hi Ansible list,

A quick question about using Ansible effectively in a CI/CD context: I'm wondering about the best way to set up jobs that runs a playbook with `--check --diff` flags, and gives a concise report of what would be affected by applying changes.

The use case I want to do now is that I'm writing a job to deploy monitoring configuration change, and I'd like to provide an at-a-glance view that says "this job will add this 6 lines of JSON to that config file". Tha'd be useful for checking there aren't any other stray changes merged into version control but not deployed yet, as a final typo-proofreading opportunity for the person pushing the update, and as an audit log in retrospect.

This seems like other folks might have tried, but I can't find anything relevant-looking with a google around, so I wanted to check in with this group.

All the building blocks are there:

Running `template` in diff mode gives this kind of info in task output:    

TASK [datadog_agent : Create a configuration file for each Datadog check] *********************************************************************************************************************

ok: [use1-tst-datadog01.oad-aws.illumina.com] => (item=process)

--- before: /etc/datadog-agent/conf.d/custom_mysql_metrics.d/conf.yaml

+++ after: /Users/nbailey/.ansible/tmp/ansible-local-83201emVWXJ/tmpOvX8S_/checks.yaml.j2

@@ -25,4 +25,5 @@

     - test:original

+    - test:test-diff

changed: [use1-tst-datadog01.oad-aws.illumina.com] => (item=custom_mysql_metrics)

ok: [use1-tst-datadog01.oad-aws.illumina.com] => (item=mysql)

And that comes from this return JSON from the task output: 

ok: [use1-tst-datadog01.oad-aws.illumina.com] => {

    "changed": false,

    "diff": {

        "after": {

            "path": "/etc/datadog-agent/trace-agent.conf"

        },

        "before": {

            "path": "/etc/datadog-agent/trace-agent.conf"

        }

    },

I could definitely register each task output and construct a big JSON or YAML block to show all changes across all diffs in a role, but that seems like it'd be very clunky:

- name: Create a configuration file for each Datadog check
  become: True
  template:
    src: checks.yaml.j2
    dest: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml"
    owner: "{{ datadog_agent.user | default('dd-agent') }}"
    group: "{{ datadog_agent.group | default('dd-agent') }}"
  with_items: "{{ datadog_agent.checks|list }}"
  notify: restart datadog-agent
  when: datadog_agent is defined
  register: datadog_config_output

- name: If there were changes, save them for later reporting.
  set_fact: {{ false if datadog_config_output.changed == false else do some gnarly logic that involves parsing results for each item }}

But this seems really labour intensive.

Is this a job for a callback plugin? The 'log_plays' sounds like it's doing something fundamentally very similar, but the docs are pretty sparse (https://docs.ansible.com/ansible/2.6/plugins/callback/log_plays.html).

Have other Ansible users tried something like this, and if so, what did you go with?

Thanks for any pointers!

Nikki

[Brian Coca]

A better way to construct the output you want is using a custom
callback, see the json/junit ones as starting points.
--
----------
Brian Coca

[N. Bailey]

Thank you Brian, those two are much better examples than the callback plugins I was looking at!

Other folks on this list, if you would find something like this useful, I put together a rough proof of concept along with a list of links to docs I found useful explaining callback plugins, and a description of what I want to achieve: https://github.com/kwerey/ansible-diff-callback. If you have ideas about the best approach to take, feel free to drop me a line here or comment on that repo. 

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/0TG0aQICf6w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7fnTq2LdxmOa_fbYUPwMRQ_zoFgV6tef1EbhLohy8MBxA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.