On Mon, 7 Jun 2021 02:48:39 -0700 (PDT) Elkmar <[email protected]> wrote:
> ... check a playbook authenticity before execution
For example
shell> cat test-003.yml
- hosts: all
gather_facts: false
vars:
my_filename: test-003.yml
my_path: "{{ playbook_dir }}/{{ my_filename }}"
my_hash_path: "{{ my_path }}.sha1"
my_hash: "{{ (lookup('file', my_hash_path).split()).0 }}"
tasks:
- name: Test integrity of the playbook
block:
- stat:
path: "{{ my_path }}"
checksum_algorithm: sha1
register: result
- assert:
that: result.stat.checksum == my_hash
delegate_to: localhost
run_once: true
shell> sha1sum test-003.yml > test-003.yml.sha1
shell> cat test-003.yml.sha1
9762fde5aa52f72dfcf064fa3062fd41540573af test-003.yml
shell> ansible-playbook test-003.yml
PLAY [all]
*********************************************************
TASK [stat]
*********************************************************
ok: [test_11]
TASK [assert]
*********************************************************
ok: [test_11] => changed=false msg: All assertions passed
If the hash differs the playbook will fail
TASK [assert]
*********************************************************
fatal: [test_11]: FAILED! => changed=false assertion:
result.stat.checksum == my_hash evaluated_to: false
msg: Assertion failed
--
Vladimir Botka
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/20210607124423.6d4eacf1%40gmail.com.
pgppBz7pR8Hjg.pgp
Description: OpenPGP digital signature
