Skip to content

Send info on playbook usage to syslog #548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Send info on playbook usage to syslog #548

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions provision.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,34 @@
- hosts: all
gather_facts: no
tasks:
- name: Log playbook usage
delegate_to: 127.0.0.1
syslogger:
msg: >-
{{
{
'local_user': lookup('env','USER'),
'ansible_version': ansible_version | default(None),
'ansible_playbook_python': ansible_playbook_python | default(None),
'ansible_check_mode': ansible_check_mode | default(False),
'ansible_diff_mode': ansible_diff_mode | default(False),
'ansible_play_batch': ansible_play_batch | default([]),
'ansible_play_hosts': ansible_play_hosts | default([]),
'ansible_run_tags': ansible_run_tags | default([]),
'ansible_limit': ansible_limit | default(None),
'inventory_hostname': inventory_hostname | default(None),
'inventory_dir': inventory_dir | default(None),
'playbook_dir': playbook_dir | default(None),
'ansible_cmdline': lookup('file', '/proc/self/cmdline') | regex_replace('\u0000',' ') | default(None),
'ansible_forks': ansible_forks | default(None),
Copy link
Member

@baszoetekouw baszoetekouw Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to add the local git version of openconext-deploy, environments-external and roles-external?

Copy link
Member

@baszoetekouw baszoetekouw Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e., include the results of:

git describe --all --tags; 
test -d roles-external && cd roles-external git describe --all --tags || echo "not found"; 
test -d environments-external && cd environment-external && git describe --all --tags || echo "not found"

Copy link
Member

@baszoetekouw baszoetekouw Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Junie AI suggests this approach:

# -*- coding: utf-8 -*-
"""
Ansible lookup plugin: git_revision

Returns the git revision description of the current working repository, similar to
`git describe --all --tags`.

Usage in playbooks/templates:
  - debug: msg="{{ lookup('git_revision') }}"
  # Or in Jinja2 templates
  {{ lookup('git_revision') }}

If the command fails (not a git repo or git not installed), it returns an empty string
and logs a warning on the controller.
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type

import subprocess
from typing import List, Optional

from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display


display = Display()


class LookupModule(LookupBase):
    """Lookup plugin that returns `git describe --all --tags` for the current repo."""

    def run(self, terms: List[str], variables: Optional[dict] = None, **kwargs) -> List[str]:
        # Allow optional 'path' kwarg to run the command in a specific directory.
        path = kwargs.get('path') or kwargs.get('cwd')

        cmd = [
            'git',
            'describe',
            '--all',
            '--tags',
        ]

        try:
            result = subprocess.check_output(
                cmd,
                stderr=subprocess.STDOUT,
                cwd=path if path else None,
            ).decode('utf-8').strip()
        except Exception as e:
            # Don't fail a play because of this; log warning and return empty string
            message = getattr(e, 'output', None)
            if isinstance(message, (bytes, bytearray)):
                try:
                    message = message.decode('utf-8', errors='ignore')
                except Exception:  # pragma: no cover - best effort decoding
                    message = str(e)
            if not message:
                message = str(e)
            display.warning("git_revision lookup failed; returning empty string. Details: %s" % message)
            result = ''

        # Lookup plugins must return a list. We return single-element list.
        return [result]

Copy link
Member

@baszoetekouw baszoetekouw Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or even nicer:

# -*- coding: utf-8 -*-
"""
Ansible lookup plugin: git_revision

Returns the git revision description of the current working repository, similar to
`git describe --all --tags`.

Usage in playbooks/templates:
  - debug: msg="{{ lookup('git_revision') }}"
  # Or in Jinja2 templates
  {{ lookup('git_revision') }}

This version uses native Python Git modules instead of running a shell command.
If GitPython is unavailable or the directory is not a Git repository, it returns
an empty string and logs a warning on the controller.
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type

import os
from typing import List, Optional

from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display


display = Display()

try:
    # GitPython
    from git import Repo  # type: ignore
except Exception:  # pragma: no cover - optional dependency
    Repo = None  # type: ignore


class LookupModule(LookupBase):
    """Lookup plugin that returns a Git describe-like string for the current repo."""

    def run(self, terms: List[str], variables: Optional[dict] = None, **kwargs) -> List[str]:
        # Allow optional 'path' kwarg to point to a specific directory.
        path = kwargs.get('path') or kwargs.get('cwd')
        cwd = path or os.getcwd()

        result = ''

        if Repo is None:
            display.warning("git_revision lookup: GitPython not installed; returning empty string.")
            return [result]

        try:
            repo = Repo(cwd, search_parent_directories=True)
            # Use GitPython's git wrapper to call 'describe'. While GitPython may
            # use the git binary under the hood, from Ansible we are no longer
            # spawning a subprocess directly.
            desc = repo.git.describe('--all', '--tags')
            result = desc.strip()
        except Exception as e:
            display.warning("git_revision lookup failed; returning empty string. Details: %s" % (str(e),))
            result = ''

        # Lookup plugins must return a list. We return single-element list.
        return [result]

}
| to_json
}}
priority: "info"
facility: "user"
log_pid: true
tags:
- always
- name: Read vars from secrets file
include_vars: "{{ secrets_file }}"
no_log: true
Expand Down