记录 Ansible 运行 远程主机中 BASH/Python 脚本的日志
Record the logs of Ansible run the BASH/Python script in the remote host
我有一个剧本可以将 BASH/Python 复制到远程客户端,然后 运行 以本地用户身份复制脚本。我收到安全审计员的要求,要求我将此操作保存为 ansible 服务器中的日志。如果 Ansible 运行 是远程主机中的脚本,有什么简单的方法可以记录历史?
- name: Test Playbook
hosts: all
gather_facts: false
remote_user: ansible
become: true
tasks:
- name: Copy test.sh file to remote host
ansible.builtin.copy:
src: /tmp/test.sh
dest: /tmp
owner: '{{ inventory_hostname }}'
group: '{{ inventory_hostname }}'
mode: '0755'
- name: Run test script
ansible.builtin.command:
cmd: "/tmp/test.sh"
become_user: '{{ inventory_hostname }}'
我是 Ansible 的新手,非常感谢任何帮助!
修改 cmd 以在本地输出到日志文件:
cmd: "/tmp/test.sh > /tmp/log 2>&1"
问:“将操作保存为ansible服务器中的日志。”
答:可以使用community.general.syslogger。例如,给定脚本
shell> cat /tmp/test.sh
#!/bin/sh
printf "[=10=]: [OK] Completed."
剧本将复制 运行 远程主机上的脚本。最后一个任务会将注册的结果写入ansible服务器的日志
- name: Test Playbook
hosts: all
gather_facts: false
tasks:
- name: Copy test.sh file to remote host
ansible.builtin.copy:
src: /tmp/test.sh
dest: /tmp
mode: '0755'
- name: Run test script
ansible.builtin.command:
cmd: /tmp/test.sh
register: result
- name: Send results to log
community.general.syslogger:
msg: "{{ item }} {{ hostvars[item].result }}"
loop: "{{ ansible_play_hosts }}"
delegate_to: localhost
run_once: true
默认优先级 info 写入位于 Ubuntu
的文件 /var/log/syslog
shell> tail -f /var/log/syslog
...
Apr 4 02:37:13 localhost python3[1429581]: ansible-community.general.syslogger Invoked with msg=host01 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.546699', 'end': '2022-04-04 00:37:12.560452', 'delta': '0:00:00.013753', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr 4 02:37:13 localhost ansible_syslogger: host01 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.546699', 'end': '2022-04-04 00:37:12.560452', 'delta': '0:00:00.013753', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
Apr 4 02:37:13 localhost python3[1429607]: ansible-community.general.syslogger Invoked with msg=host02 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.392564', 'end': '2022-04-04 00:37:12.409556', 'delta': '0:00:00.016992', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr 4 02:37:13 localhost ansible_syslogger: host02 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.392564', 'end': '2022-04-04 00:37:12.409556', 'delta': '0:00:00.016992', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
Apr 4 02:37:13 localhost python3[1429632]: ansible-community.general.syslogger Invoked with msg=host03 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.347653', 'end': '2022-04-04 00:37:12.367547', 'delta': '0:00:00.019894', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr 4 02:37:13 localhost ansible_syslogger: host03 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.347653', 'end': '2022-04-04 00:37:12.367547', 'delta': '0:00:00.019894', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
根据您的需要调整参数和格式。
剧本的输出
PLAY [Test Playbook] ***********************************************
TASK [Copy test.sh file to remote host] ****************************
ok: [host01]
ok: [host03]
ok: [host02]
TASK [Run test script] *********************************************
changed: [host03]
changed: [host02]
changed: [host01]
TASK [Send results to log] *****************************************
changed: [host01 -> localhost] => (item=host01)
changed: [host01 -> localhost] => (item=host02)
changed: [host01 -> localhost] => (item=host03)
问:“是否可以将消息记录到自定义文件中?”
A:当然你可以自己写日志信息。例如
- name: Write results to file
ansible.builtin.shell: "echo {{ msg }} >> mylog.ansible"
vars:
msg: >-
{{ '%B %d %H:%M:%S'|strftime }}
{{ item }}
{{ hostvars[item].result.stdout }}
loop: "{{ ansible_play_hosts }}"
delegate_to: localhost
run_once: true
写入文件mylog.ansible
shell> tail -f mylog.ansible
April 04 07:13:28 host01 /tmp/test.sh: [OK] Completed.
April 04 07:13:29 host02 /tmp/test.sh: [OK] Completed.
April 04 07:13:29 host03 /tmp/test.sh: [OK] Completed.
我有一个剧本可以将 BASH/Python 复制到远程客户端,然后 运行 以本地用户身份复制脚本。我收到安全审计员的要求,要求我将此操作保存为 ansible 服务器中的日志。如果 Ansible 运行 是远程主机中的脚本,有什么简单的方法可以记录历史?
- name: Test Playbook
hosts: all
gather_facts: false
remote_user: ansible
become: true
tasks:
- name: Copy test.sh file to remote host
ansible.builtin.copy:
src: /tmp/test.sh
dest: /tmp
owner: '{{ inventory_hostname }}'
group: '{{ inventory_hostname }}'
mode: '0755'
- name: Run test script
ansible.builtin.command:
cmd: "/tmp/test.sh"
become_user: '{{ inventory_hostname }}'
我是 Ansible 的新手,非常感谢任何帮助!
修改 cmd 以在本地输出到日志文件:
cmd: "/tmp/test.sh > /tmp/log 2>&1"
问:“将操作保存为ansible服务器中的日志。”
答:可以使用community.general.syslogger。例如,给定脚本
shell> cat /tmp/test.sh
#!/bin/sh
printf "[=10=]: [OK] Completed."
剧本将复制 运行 远程主机上的脚本。最后一个任务会将注册的结果写入ansible服务器的日志
- name: Test Playbook
hosts: all
gather_facts: false
tasks:
- name: Copy test.sh file to remote host
ansible.builtin.copy:
src: /tmp/test.sh
dest: /tmp
mode: '0755'
- name: Run test script
ansible.builtin.command:
cmd: /tmp/test.sh
register: result
- name: Send results to log
community.general.syslogger:
msg: "{{ item }} {{ hostvars[item].result }}"
loop: "{{ ansible_play_hosts }}"
delegate_to: localhost
run_once: true
默认优先级 info 写入位于 Ubuntu
的文件 /var/log/syslogshell> tail -f /var/log/syslog
...
Apr 4 02:37:13 localhost python3[1429581]: ansible-community.general.syslogger Invoked with msg=host01 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.546699', 'end': '2022-04-04 00:37:12.560452', 'delta': '0:00:00.013753', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr 4 02:37:13 localhost ansible_syslogger: host01 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.546699', 'end': '2022-04-04 00:37:12.560452', 'delta': '0:00:00.013753', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
Apr 4 02:37:13 localhost python3[1429607]: ansible-community.general.syslogger Invoked with msg=host02 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.392564', 'end': '2022-04-04 00:37:12.409556', 'delta': '0:00:00.016992', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr 4 02:37:13 localhost ansible_syslogger: host02 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.392564', 'end': '2022-04-04 00:37:12.409556', 'delta': '0:00:00.016992', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
Apr 4 02:37:13 localhost python3[1429632]: ansible-community.general.syslogger Invoked with msg=host03 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.347653', 'end': '2022-04-04 00:37:12.367547', 'delta': '0:00:00.019894', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False} ident=ansible_syslogger priority=info facility=daemon log_pid=False
Apr 4 02:37:13 localhost ansible_syslogger: host03 {'changed': True, 'stdout': '/tmp/test.sh: [OK] Completed.', 'stderr': '', 'rc': 0, 'cmd': ['/tmp/test.sh'], 'start': '2022-04-04 00:37:12.347653', 'end': '2022-04-04 00:37:12.367547', 'delta': '0:00:00.019894', 'msg': '', 'stdout_lines': ['/tmp/test.sh: [OK] Completed.'], 'stderr_lines': [], 'failed': False}
根据您的需要调整参数和格式。
剧本的输出
PLAY [Test Playbook] ***********************************************
TASK [Copy test.sh file to remote host] ****************************
ok: [host01]
ok: [host03]
ok: [host02]
TASK [Run test script] *********************************************
changed: [host03]
changed: [host02]
changed: [host01]
TASK [Send results to log] *****************************************
changed: [host01 -> localhost] => (item=host01)
changed: [host01 -> localhost] => (item=host02)
changed: [host01 -> localhost] => (item=host03)
问:“是否可以将消息记录到自定义文件中?”
A:当然你可以自己写日志信息。例如
- name: Write results to file
ansible.builtin.shell: "echo {{ msg }} >> mylog.ansible"
vars:
msg: >-
{{ '%B %d %H:%M:%S'|strftime }}
{{ item }}
{{ hostvars[item].result.stdout }}
loop: "{{ ansible_play_hosts }}"
delegate_to: localhost
run_once: true
写入文件mylog.ansible
shell> tail -f mylog.ansible
April 04 07:13:28 host01 /tmp/test.sh: [OK] Completed.
April 04 07:13:29 host02 /tmp/test.sh: [OK] Completed.
April 04 07:13:29 host03 /tmp/test.sh: [OK] Completed.