Ansible host level interceptors
20 views
Skip to first unread message
ishan jain
Apr 13, 2017, 7:20:36 AM4/13/17
to Ansible Project
Is there a way in Ansible to create a host level interceptor which does 'something' in case ansible-playbook command is invoked ?
What i am trying to do here is to get informed periodically about 'ansible-playbook' command invocations anywhere on my host. There are a large number of users and playbooks on my host now and as any of them are capable of changing my target machines, i need to know/track all ansible-playbook triggers. Parsing the logs can get tedious. I was thinking maybe there is a way in Ansible to record all commands invoked in a file that i can then read and know only what playbooks are executed.
Benjamin Redling
Apr 13, 2017, 9:44:03 AM4/13/17
to ansible...@googlegroups.com
Hi,
Am 13.04.2017 um 13:20 schrieb ishan jain:
> Is there a way in Ansible to create a host level interceptor which does
> 'something' in case ansible-playbook command is invoked ?
> What i am trying to do here is to get informed periodically about
> 'ansible-playbook' command invocations anywhere on my host. There are a
> large number of users and playbooks on my host now and as any of them
> are capable of changing my target machines,
Sorry but that approach sounds dubious.
Solution: don't let everybody, anytime change your "target machines".
(Welcome to the world of change management.)
> i need to know/track all
> ansible-playbook triggers. Parsing the logs can get tedious. I was
> thinking maybe there is a way in Ansible to record all commands invoked
> in a file that i can then read and know only what playbooks are executed.
If you want audits and RBAC:
primary choice, obviously, look at Ansible Tower -- if you have only 10
hosts or less; or enough money.
secondary choices, if your budget is restricted but you have enough time
to fiddle yourself have a look at Openstack Ara and/or Rundeck and/or
Jenkins
Regards,
Benjamin
--
FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html
vox: +49 3641 9 44323 | fax: +49 3641 9 44321
Am 13.04.2017 um 13:20 schrieb ishan jain:
> Is there a way in Ansible to create a host level interceptor which does
> 'something' in case ansible-playbook command is invoked ?
> What i am trying to do here is to get informed periodically about
> 'ansible-playbook' command invocations anywhere on my host. There are a
> large number of users and playbooks on my host now and as any of them
> are capable of changing my target machines,
Solution: don't let everybody, anytime change your "target machines".
(Welcome to the world of change management.)
> i need to know/track all
> ansible-playbook triggers. Parsing the logs can get tedious. I was
> thinking maybe there is a way in Ansible to record all commands invoked
> in a file that i can then read and know only what playbooks are executed.
primary choice, obviously, look at Ansible Tower -- if you have only 10
hosts or less; or enough money.
secondary choices, if your budget is restricted but you have enough time
to fiddle yourself have a look at Openstack Ara and/or Rundeck and/or
Jenkins
Regards,
Benjamin
--
FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html
vox: +49 3641 9 44323 | fax: +49 3641 9 44321
ishan jain
Apr 18, 2017, 8:59:54 AM4/18/17
to Ansible Project
Thanks for suggesting ARA. It looks interesting. I am now trying it.
Reply all
Reply to author
Forward
0 new messages