ansible-aide

ansible-aide copied to clipboard

Currently the ansible-aide role runs an aide db update after every play run due to the fact that there's no way in Ansible to check if something/anything has changed during a playbook run on a host, which in turn should trigger the aide db update.

Some possible solutions received from the Ansible IRC community are: Option 1.) Making use of the new playbook blocks feature to check and register changes from other roles/plays. This is currently not possible until a later release of Ansible core, which will allow for such things. I was told there could be a couple of month wait on this feature to be properly implemented.

Option 2.) A callback plugin could be written similar to what runs at the end of a playbook run where changes, failures, etc are displayed. Currently I don't have the knowledge/ability to write such a plug-in in Python (since I have no Python programming experience/ability) so this would have to be worked on by another contributor. Something such as when changes > 0 would trigger the Update aide database handler/task in this case. Volunteers please :)

As a workaround a new boolean was added to address just checking aide state and not forcing an update aide_update_db. I real solution is still required to be able to trigger an aide update when any task changes something in a playbook run.