Ansible: How to log performed changes on the Remote Server?

sebix

6/12/24, 3:50 PM

Ansible can show and log the performed changes (including file diffs) locally on the Control Node, e.g.

TASK [example_task : file mode] ************************************************
--- before
+++ after
@@ -1,4 +1,4 @@
 {
-    "mode": "0640",
+    "mode": "0600",
     "path": "/tmp/foo"
 }

changed: [example.com]

On the Managed Node, the invoked modules log their name and parameters, e.g.

ansible-ansible.legacy.stat[18949]: Invoked with path=/home/admin-tkolb/.gitconfig follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True`

How can the changes, e.g. file diffs and commands executed, be logged on the Managed Node?

209

1 + 0

documentation

ansible

Score:1

Server

U880D

6/13/24, 10:23 AM

I understand that you like to have Distributed Logging on Remote/Managed Nodes. Such can and needs to be implemented within the playbooks itself, see in example Generating a log file from within an Ansible playbook ...

Distributed Logs

It is assumed that the log directory (i.e. /var/log/ansible) exists and the necessary permissions are given on the Remote Node. Furthermore, for this example, gather_facts: true and the execution path is defined (i.e. by ROLE: "{{ playbook_dir.split('/')[2] }}").

- name: "Log applying role {{ ROLE }} with tags {{ ansible_run_tags }}"
  lineinfile:
    path: "/var/log/ansible/{{ ROLE }}/last.{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}.log"
    create: yes
    line: "{{ ansible_date_time.weekday }} {{ ansible_date_time.month }} {{ ansible_date_time.day }} {{ ansible_date_time.time }} {{ ansible_date_time.tz }} {{ ansible_date_time.year }}, {{ ansible_run_tags }}, {{ ansible_user }}"

If provided in a playbook as the very last task it will write a log entry on the Remote Node if the execution hasn't failed before. By doing this, one can have information on Remote Node(s) if roles, playbooks, tasks, etc. where applied, when and by whom, etc.

In your case, you need to adopt the approach and modify and enhance it for your needs. Just adjust the information to be logged with the parameter line. You'll probably have some of the tasks Return Values included and maybe proceed further with

+ 3

sebix

6/13/24, 5:28 PM

This goes in the right direction but only logs the information to the remote server once Ansible reaches this (last) task of the playbook, and does not log all the single steps performed on the remote server. It also misses out if there was an error and Ansible never reaches that logging task.

U880D

6/13/24, 5:31 PM

Indeed. "_... does not log all the single steps performed ..._", if you like to have such you'll either need to log for every task, or maintain a data structure will the results from all task and log only that, or and in oder to achieve also "_... misses out if there was an error and Ansible never reaches that logging task ..._" transfer the final log from the Control Node to each Remote Node.

U880D

6/13/24, 6:05 PM

You may also have a look into a solution example for [How do I summarize ... at the end of execution?](https://stackoverflow.com/a/76283921/6771046). Even if it is for assertions results, the approach could be adopted.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Ansible: How to log performed changes on the Remote Server?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.