Consider, that with this mechanism you will not detect packages which
have been installed directly either by custom installer, the standard
configure-make-make install or by directly copying binaries or scripts
in some central location.
Also keep in mind, that if you omit (or someone removes) an essential
package (let's say "python" :-) from good_packages, you risk to
completely screw up your systems. I am normally extremely careful when
it comes to /remove/ stuff through ansible.
Also because of that you should absolutely consider Michael's comment.
Additionally you might consider to implement some inventory/monitoring
which allows you to monitor software changes.
Cheers
frank
On 28/10/18 17:34, Jonathan Lozada De La Matta wrote:
I 2nd Michael's comment.
On Sun, Oct 28, 2018 at 11:37 AM Michael Mullay <[email protected]
<mailto:[email protected]>> wrote:
Hi Sathya,
You could get a list of current packages via 'yum list' or whatever
package manager, then use that as the list of packages as the
variable, and do something like the following. Maintaining and
parsing that 'master' list however might be quite cumbersome.
name: remove unwanted packages
package:
name: "{{ item }}"
state: absent
when item not in good_packages
Of course the simpler and saner way would be to just restrict people
from installing packages in the first place. ;)
On Sat, Oct 27, 2018 at 10:44 AM Sathya Narayanan
<[email protected] <mailto:[email protected]>> wrote:
Hi All,
I am new to ansible and I would like to understand or get some
ideas about how to use ansible to maintain standard operating
system environment.
For example : I would like to have ansible to check all my
existing OS (Amazon Linux) to see if there are any additional
package installed.
The idea is to have a list of rpm names as standard packages,
and ansible should monitor if all my systems are having only the
list of approved rpms. In case of any extra rpms installed by
any of the engineer, then ansible should automatically remove it.
Not sure, if I have explained my ask clear, but the idea is to
have ansible maintain software inventory (approved software) and
any unauthorized software installed, then it should notify via
email and remove that software.
Regards,
Sathya.R
--
You received this message because you are subscribed to the
Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to
[email protected]
<mailto:[email protected]>.
To post to this group, send email to
[email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CACqv84jQ%2BpHqRtk4fAoCvyhey-o6cRgugv0uOWnNn4Odf%2BgEDA%40mail.gmail.com
<https://groups.google.com/d/msgid/ansible-project/CACqv84jQ%2BpHqRtk4fAoCvyhey-o6cRgugv0uOWnNn4Odf%2BgEDA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to
[email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAH4rTPtxobZgb%3DiD4qGpfvQJg17d1Z5EeZD41_Ry6pz%2BVwLkJA%40mail.gmail.com
<https://groups.google.com/d/msgid/ansible-project/CAH4rTPtxobZgb%3DiD4qGpfvQJg17d1Z5EeZD41_Ry6pz%2BVwLkJA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
Jonathan lozada de la matta
AUTOMATION PRACTICE
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BLrTbWvnJiBt71FduuK1A24NAo0a6gfdH1cq%3D04YHsvBQ%40mail.gmail.com
<https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BLrTbWvnJiBt71FduuK1A24NAo0a6gfdH1cq%3D04YHsvBQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/af230f5e-db71-561c-57d2-31ebbf0df11d%40drosera.ch.
For more options, visit https://groups.google.com/d/optout.
