最近发现 lookup 是查看本地文件内容的一个组件,至于能不能看远程的没试
今天看到别人发的一个检查脚本,突然想用 ansible 实现一下,不过我 ansible 会的还是少,花了好几个小时只写出了这么一点,记录下来,以后有时间再学。 这个 playbook 的实现的目的就是对文件的特定内容进行判断,符合要求就记录成功,不符合要求就记录失败,最后计数。
---
- name: check
hosts: servera
gather_facts: false
vars:
- success_count: 0
- fail_count: 0
- login_defs: "{{ lookup('file','/etc/login.defs') | regex_replace('\\\n|\\\t| +',' ') }}"
- pass_max_days: "{{ login_defs | regex_findall('\\bPASS_MAX_DAYS ([0-9]+)') | map('int') | list }}"
- pass_min_len: "{{ login_defs | regex_findall('\\bPASS_MIN_LEN ([0-9]+)') | map('int') | list }}"
- pass_warn_age: "{{ login_defs | regex_findall('\\bPASS_WARN_AGE ([0-9]+)') | map('int') | list }}"
tasks:
- name: check PASS_MAX_DAYS
assert:
success_msg: "PASS_MAX_DAYS <= 90"
fail_msg: "PASS_MAX_DAYS > 90"
that:
- pass_max_days[0] <= 90
ignore_errors: true
register: PASS_MAX_DAYS
- name: check PASS_MIN_LEN
assert:
success_msg: "PASS_MIN_LEN >= 8"
fail_msg: "PASS_MIN_LEN < 8"
that:
- pass_min_len[0] >= 8
ignore_errors: true
register: PASS_MIN_LEN
- name: check PASS_WARN_AGE
assert:
success_msg: "PASS_WARN_AGE >= 30"
fail_msg: "PASS_WARN_AGE < 30"
that:
- pass_warn_age[0] >= 30
ignore_errors: true
register: PASS_WARN_AGE
- name: PASS_MAX_DAYS success count
set_fact:
success_count: "{{ success_count | int + 1 }}"
when: PASS_MAX_DAYS is succeeded
- name: PASS_MAX_DAYS fail count
set_fact:
fail_count: "{{ fail_count | int + 1 }}"
when: PASS_MAX_DAYS is failed
- name: PASS_MIN_LEN success count
set_fact:
set_fact:
success_count: "{{ success_count | int + 1 }}"
when: PASS_MIN_LEN is succeeded
- name: PASS_MIN_LEN fail count
set_fact:
fail_count: "{{ fail_count | int + 1 }}"
when: PASS_MIN_LEN is failed
- name: PASS_WARN_AGE success count
set_fact:
success_count: "{{ success_count | int + 1 }}"
when: PASS_WARN_AGE is succeeded
- name: PASS_WARN_AGE fail count
set_fact:
fail_count: "{{ fail_count | int + 1 }}"
when: PASS_WARN_AGE is failed
- name: success count
debug:
msg: "{{ success_count }}"
- name: fail count
debug:
msg: "{{ fail_count }}"