That would evidently work to track file changes locally. Our main use case however was to track *on the target system* (1) which team member changed a file (and who deleted a file, like a suddenly missing firewall rule, which precludes just using SVN keywords in the file header) and (2) using which playbook. This is to establish a reverse map from system to playbook and ansible user.
So somehow we need to trigger etckeeper et al. from Ansible itself. Preferably during the runtime so we do not have to load the inventory again, which takes up to 20 seconds, depending on Ansible version and local performance patches. I assume this cannot be achieved cleanly in a callback plugin? --Tobias On Thursday, February 11, 2016 at 6:09:48 PM UTC+1, Brian Coca wrote: > > i would just have something like incron on the target that triggers > etckeeper > > On Thu, Feb 11, 2016 at 8:11 AM, Tobias Wolf <[email protected] > <javascript:>> wrote: > >> We had this discussion over lunch, i.e., we pondered how we could get >> ansible to trigger etckeeper on each host at the conclusion of the >> playbook. We excluded handlers because handlers are not executed once a >> playbook fails. >> >> Did you find a way to cleanly create a hook like this with having to >> append this to each playbook individually? >> >> --Tobias >> >> On Thursday, November 5, 2015 at 4:40:32 PM UTC+1, Dominic Hargreaves >> wrote: >>> >>> Hi, >>> >>> I've had a look around for solutions to this problem, but surprisingly >>> I'm starting to think it's not something supported out of the box with >>> ansible. >>> >>> I would like to define a play or series of plays which are called >>> exactly once on a given group of hosts for each ansible run, at the very >>> start and very end of that run, regardless of which role or roles are being >>> executed. Optionally, the set of tasks at the end could only run if any of >>> the other tasks run changed something (a sort of global_changed state), but >>> this isn't essential. Using ro >>> >>> The use-case is to run etckeeper before and after each run of ansible, >>> to provide a definitive record of what changed on the server (at least as >>> far as the configuration files in /etc go). >>> >>> Does anyone have any suggestions on how I might accomplish this? Would a >>> new feature request be appropriate if it's not already achievable? Note >>> that I wouldn't want to have to modify every playbook and/or role to >>> achieve this, since that would inevitably lead to missed commits and >>> default the point of having a complete changelog. >>> >>> Just in case it isn't obvious: yes, I am managing the ansible playbooks >>> in git already, but etckeeper provides a deeper view of what *actually* >>> changed on the server and can be very helpful for looking back to figure >>> out when/how something was misconfigured. >>> >>> I would be interested to hear other solutions to this. >>> >>> Cheers, >>> Dominic. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/1a612708-41a9-4ae1-8f8d-c5d2fa85ea19%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/1a612708-41a9-4ae1-8f8d-c5d2fa85ea19%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > ---------- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fc50f5ed-3641-40d0-ad4f-96d21bcf229c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
