I know I can use the shell command with find to get the result.
But it doesn't seem nice as the loop module.
Thanks
On Friday, January 1, 2021 at 6:54:09 AM UTC-5 brae...@gmail.com wrote:
> On 12/31/20 7:43 PM, Thuan wrote:
> > Hi all,
> >
> > My playbook is working for single files but not for directories.
> > It doesn't check the folders permissions recursively.
> >
>
> I would use the find module, which works recursively and provides similar
> information
> as the stat module. You also get a single list as you don't need a loop.
>
> Regards
> Racke
>
> >
> >
> >
> >
> >
> > ============================================================
> >
> > - name: Ensure system directories are own by root group.
> > block:
> > - name: Verify the command directories are exists.
> > become: true
> > stat:
> > path: "{{ item }}"
> > loop:
> > - /bin/
> > - /sbin/
> > - /usr/bin/
> > - /usr/sbin/
> > - /usr/local/bin
> > - /usr/local/sbin
> > register: command_directories
> > - name: Verify the ownership of command directories are belong to root.
> > loop: |
> > {{ command_directories.results | map(attribute='item')|
> > zip(command_directories.results | map(attribute='stat.gr_name'))|list }}
> >
> > assert:
> > that: item.1 == 'root'
> > loop_control:
> > label: "{{ item.0 }}"
> >
> > - set_fact:
> > stig_text: "PASSED"
> > rescue:
> >
> > - name: configure the command directories ownership to root and create
> if it doesn't exist.
> > become: true
> > file:
> > path: "{{ item.item }}"
> > group: root
> > state: "{{ 'directory' if item.stat.exists else 'touch' }}"
> > recurse: yes
> > loop: "{{ command_directories.results }}"
> > register: file_perms_rule
> > - set_fact:
> > stig_text: "PASSED"
> > when: file_perms_rule.changed
> >
> > ==================================================================
> >
> >
> > TASK [Verify the ownership of command directories are belong to root.]
> ***************************************
> > [WARNING]: The loop variable 'item' is already in use. You should set
> the `loop_var` value in the
> > `loop_control` option for the task to something else to avoid variable
> collisions and unexpected behavior.
> > ok: [localhost] => (item=/bin/) => {
> > "ansible_loop_var": "item",
> > "changed": false,
> > "item": [
> > "/bin/",
> > "root"
> > ],
> > "msg": "All assertions passed"
> > }
> > ok: [localhost] => (item=/sbin/) => {
> > "ansible_loop_var": "item",
> > "changed": false,
> > "item": [
> > "/sbin/",
> > "root"
> > ],
> > "msg": "All assertions passed"
> > }
> > ok: [localhost] => (item=/usr/bin/) => {
> > "ansible_loop_var": "item",
> > "changed": false,
> > "item": [
> > "/usr/bin/",
> > "root"
> > ],
> > "msg": "All assertions passed"
> > }
> > ok: [localhost] => (item=/usr/sbin/) => {
> > "ansible_loop_var": "item",
> > "changed": false,
> > "item": [
> > "/usr/sbin/",
> > "root"
> > ],
> > "msg": "All assertions passed"
> > }
> > ok: [localhost] => (item=/usr/local/bin) => {
> > "ansible_loop_var": "item",
> > "changed": false,
> > "item": [
> > "/usr/local/bin",
> > "root"
> > ],
> > "msg": "All assertions passed"
> > }
> > ok: [localhost] => (item=/usr/local/sbin) => {
> > "ansible_loop_var": "item",
> > "changed": false,
> > "item": [
> > "/usr/local/sbin",
> > "root"
> > ],
> > "msg": "All assertions passed"
> > }
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to
> > ansible-proje...@googlegroups.com <mailto:
> ansible-proje...@googlegroups.com>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com
> > <
> https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com?utm_medium=email&utm_source=footer
> >.
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6860ab44-d1e1-4b3c-a852-39128d5b6a45n%40googlegroups.com.
