Record the logs of Ansible run the BASH/Python script in the remote host-CodePudding

I have a playbook to copy the BASH/Python to the remote client and then run the script as the local user. I got a requirement from the security auditor to ask me to save this action as a log in the ansible server. Is there any simple way I can record the history if Ansible runs the script in the remote host?

- name: Test Playbook
  hosts: all
  gather_facts: false
  remote_user: ansible
  become: true

  tasks:
  - name: Copy test.sh file to remote host
    ansible.builtin.copy:
      src: /tmp/test.sh
      dest: /tmp
      owner: '{{ inventory_hostname }}'
      group: '{{ inventory_hostname }}'
      mode: '0755'   

  - name: Run test script
    ansible.builtin.command:
      cmd: "/tmp/test.sh"
    become_user: '{{ inventory_hostname }}'

I am very new to Ansible, any help is appreciated!

CodePudding user response：

amend the cmd to output locally to a log file:

cmd: "/tmp/test.sh > /tmp/log 2>&1"

CodePudding user response：

You can use community.general.syslogger. For example, given the script

shell> cat /tmp/test.sh
#!/bin/sh
printf "$0: [OK] Completed."

The playbook will copy and run the script at the remote hosts. The last task will write the registered results to the log at the ansible server

- name: Test Playbook
  hosts: all
  gather_facts: false

  tasks:
  - name: Copy test.sh file to remote host
    ansible.builtin.copy:
      src: /tmp/test.sh
      dest: /tmp
      mode: '0755'

  - name: Run test script
    ansible.builtin.command:
      cmd: /tmp/test.sh
    register: result

  - name: Send results to log
    community.general.syslogger:
      msg: "{{ item }} {{ hostvars[item].result }}"
    loop: "{{ ansible_play_hosts }}"
    delegate_to: localhost
    run_once: true

The default priority info writes to the /var/log/syslog at Ubuntu

shell> tail -f /var/log/syslog
...
Apr  4 02:37:13 localhost python3[1429581]: ansible-community.general.syslogger Invoked with msg=host01 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.546699', 'end': '2022-04-04 00:37:12.560452', 'delta': '0:00:00.013753', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr  4 02:37:13 localhost ansible_syslogger: host01 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.546699', 'end': '2022-04-04 00:37:12.560452', 'delta': '0:00:00.013753', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
Apr  4 02:37:13 localhost python3[1429607]: ansible-community.general.syslogger Invoked with msg=host02 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.392564', 'end': '2022-04-04 00:37:12.409556', 'delta': '0:00:00.016992', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr  4 02:37:13 localhost ansible_syslogger: host02 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.392564', 'end': '2022-04-04 00:37:12.409556', 'delta': '0:00:00.016992', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
Apr  4 02:37:13 localhost python3[1429632]: ansible-community.general.syslogger Invoked with msg=host03 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.347653', 'end': '2022-04-04 00:37:12.367547', 'delta': '0:00:00.019894', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr  4 02:37:13 localhost ansible_syslogger: host03 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.347653', 'end': '2022-04-04 00:37:12.367547', 'delta': '0:00:00.019894', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}

Fit the parameters and format to your needs.

^{Output of the playbook
PLAY [Test Playbook] ***********************************************

TASK [Copy test.sh file to remote host] ****************************
ok: [host01]
ok: [host03]
ok: [host02]

TASK [Run test script] *********************************************
changed: [host03]
changed: [host02]
changed: [host01]

TASK [Send results to log] *****************************************
changed: [host01 -> localhost] => (item=host01)
changed: [host01 -> localhost] => (item=host02)
changed: [host01 -> localhost] => (item=host03)}