1

Ansible: How to log performed changes on the Remote Server?

Ansible can show and log the performed changes (including file diffs) locally on the Control Node, e.g.

TASK [example_task : file mode] ************************************************
--- before
+++ after
@@ -1,4 +1,4 @@
 {
-    "mode": "0640",
+    "mode": "0600",
     "path": "/tmp/foo"
 }

changed: [example.com]

On the Managed Node, the invoked modules log their name and parameters, e.g.

ansible-ansible.legacy.stat[18949]: Invoked with path=/home/admin-tkolb/.gitconfig follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True`

How can the changes, e.g. file diffs and commands executed, be logged on the Managed Node?

sebix
  • 4,313
  • 2
  • 29
  • 47

1 Answers1

1

I understand that you like to have Distributed Logging on Remote/Managed Nodes. Such can and needs to be implemented within the playbooks itself, see in example Generating a log file from within an Ansible playbook ...

Distributed Logs

It is assumed that the log directory (i.e. /var/log/ansible) exists and the necessary permissions are given on the Remote Node. Furthermore, for this example, gather_facts: true and the execution path is defined (i.e. by ROLE: "{{ playbook_dir.split('/')[2] }}").

- name: "Log applying role {{ ROLE }} with tags {{ ansible_run_tags }}"
  lineinfile:
    path: "/var/log/ansible/{{ ROLE }}/last.{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}.log"
    create: yes
    line: "{{ ansible_date_time.weekday }} {{ ansible_date_time.month }} {{ ansible_date_time.day }} {{ ansible_date_time.time }} {{ ansible_date_time.tz }} {{ ansible_date_time.year }}, {{ ansible_run_tags }}, {{ ansible_user }}"

If provided in a playbook as the very last task it will write a log entry on the Remote Node if the execution hasn't failed before. By doing this, one can have information on Remote Node(s) if roles, playbooks, tasks, etc. where applied, when and by whom, etc.

In your case, you need to adopt the approach and modify and enhance it for your needs. Just adjust the information to be logged with the parameter line. You'll probably have some of the tasks Return Values included and maybe proceed further with

sebix
  • 4,313
  • 2
  • 29
  • 47
U880D
  • 1,017
  • 2
  • 12
  • 18
  • This goes in the right direction but only logs the information to the remote server once Ansible reaches this (last) task of the playbook, and does not log all the single steps performed on the remote server. It also misses out if there was an error and Ansible never reaches that logging task. – sebix Jun 13 '23 at 17:28
  • Indeed. "_... does not log all the single steps performed ..._", if you like to have such you'll either need to log for every task, or maintain a data structure will the results from all task and log only that, or and in oder to achieve also "_... misses out if there was an error and Ansible never reaches that logging task ..._" transfer the final log from the Control Node to each Remote Node. – U880D Jun 13 '23 at 17:31
  • 1
    You may also have a look into a solution example for [How do I summarize ... at the end of execution?](https://stackoverflow.com/a/76283921/6771046). Even if it is for assertions results, the approach could be adopted. – U880D Jun 13 '23 at 18:05