Hi Ansible list,
A quick question about using Ansible effectively in a CI/CD context: I'm
wondering about the best way to set up jobs that runs a playbook with
`--check --diff` flags, and gives a concise report of what would be
affected by applying changes.
The use case I want to do now is that I'm writing a job to deploy
monitoring configuration change, and I'd like to provide an at-a-glance
view that says "this job will add this 6 lines of JSON to that config
file". Tha'd be useful for checking there aren't any other stray changes
merged into version control but not deployed yet, as a final
typo-proofreading opportunity for the person pushing the update, and as an
audit log in retrospect.
This seems like other folks might have tried, but I can't find anything
relevant-looking with a google around, so I wanted to check in with this
group.
All the building blocks are there:
Running `template` in diff mode gives this kind of info in task output:
TASK [datadog_agent : Create a configuration file for each Datadog check]
*********************************************************************************************************************
ok: [use1-tst-datadog01.oad-aws.illumina.com] => (item=process)
--- before: /etc/datadog-agent/conf.d/custom_mysql_metrics.d/conf.yaml
+++ after:
/Users/nbailey/.ansible/tmp/ansible-local-83201emVWXJ/tmpOvX8S_/checks.yaml.j2
@@ -25,4 +25,5 @@
- test:original
+ - test:test-diff
changed: [use1-tst-datadog01.oad-aws.illumina.com] =>
(item=custom_mysql_metrics)
ok: [use1-tst-datadog01.oad-aws.illumina.com] => (item=mysql)
And that comes from this return JSON from the task output:
ok: [use1-tst-datadog01.oad-aws.illumina.com] => {
"changed": false,
"diff": {
"after": {
"path": "/etc/datadog-agent/trace-agent.conf"
},
"before": {
"path": "/etc/datadog-agent/trace-agent.conf"
}
},
I could definitely register each task output and construct a big JSON or
YAML block to show all changes across all diffs in a role, but that seems
like it'd be very clunky:
- name: Create a configuration file for each Datadog check
become: True
template:
src: checks.yaml.j2
dest: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml"
owner: "{{ datadog_agent.user | default('dd-agent') }}"
group: "{{ datadog_agent.group | default('dd-agent') }}"
with_items: "{{ datadog_agent.checks|list }}"
notify: restart datadog-agent
when: datadog_agent is defined
register: datadog_config_output
- name: If there were changes, save them for later reporting.
set_fact: {{ false if datadog_config_output.changed == false else do some
gnarly logic that involves parsing results for each item }}
But this seems really labour intensive.
Is this a job for a callback plugin? The 'log_plays' sounds like it's doing
something fundamentally very similar, but the docs are pretty sparse
(https://docs.ansible.com/ansible/2.6/plugins/callback/log_plays.html).
Have other Ansible users tried something like this, and if so, what did you
go with?
Thanks for any pointers!
Nikki
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6f0a3cf2-ec8a-4d88-b73b-ce3c23fdae0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
