#TopTipTuesday

week1.yml

ansible tag_type_web -b -m shell -a 'awk "{print \$9}" /var/log/nginx/access.log | sort | uniq -c | sort -k1,1nr 2>/dev/null | column -t'

week4_check_app.yml

---
- name: Deploy web application
  hosts: tag_type_app
  become: yes

  tasks:
    - name: Stat the app
      stat:
        path: /srv/flask_app-master/app/__init__.py
      register: app

    - name: Check correct app version is deployed
      assert:
        that:
          - app.stat.checksum == "{{ lookup('env','APPVER') }}"
        fail_msg: "App failed checksum - is the correct version deployed?"

week5_check_firewall.yml

---
- name: Check network ports
  hosts: tag_type_app
  become: yes

  tasks:
    - name: "Firewall: Check there are no naughty ports left open"
      wait_for:
        port: "{{ item }}"
        host: "{{ ansible_host }}"
        timeout: 1
      delegate_to: localhost
# double negative 😱 If a port that is NOT specified in 'when' has a successful connect, it's a failure. Make sense? 😁
      failed_when: not left_door_open is failed
      register: left_door_open
      when: item not in ['80','22']
      with_sequence: start=21 end=81

week6_tidy.yml

---
- name: Tidy files
  hosts: tag_type_app
  vars:
    these_are_expected:
      - a
      - b
      - c
      - h
    in_this_path: /srv/stuff  
  become: yes

  tasks:
    - name: Look what is there
      find:
        paths: "{{ in_this_path }}"
      register: existing

    - name: Clean up
      file:
        path: "{{ item.path }}"
        state: absent
      when: item.path|basename not in these_are_expected
      with_items: "{{ existing.files|default([ ])}}"
      register: removed

    - name: Send report
      mail:
        from: "{{lookup('env','MAIL')}}"
        to: "{{lookup('env','MAIL')}}"
        subject: "REPORT: Tidy files"
        body: "{{ removed | to_nice_json }}"

week8_file_check.yml

---
- name: Check file changes
  hosts: tag_type_app
  become: yes
  vars:
    today_file: "/checks/{{ inventory_hostname }}/{{ ansible_date_time.date }}.txt"

  tasks:
    - name: Find
      find:
        paths: /srv/flask_app-master
        recurse: yes
        size: "1b"
        get_checksum: yes
      register: fchanged

    - assert:
        that:
          - fchanged.files|length != 0
        fail_msg: "Find returned no files"
        success_msg: "Find found some files. Jolly good."

    - name: Ensure directory exists
      file:
        path: "/checks/{{ inventory_hostname }}"
        state: directory
      delegate_to: localhost

    - name: Ensure database exists
      file:
        path: "{{ today_file }}"
        state: touch
        mode: u=rw,g=r
      delegate_to: localhost

    - name: Ensure file checksum OK
      assert:
        that:
          - item.checksum == lookup('pipe', 'grep ' + item.path + ' /checks/' + inventory_hostname + '/latest | cut -f2 -d" "')
        success_msg: "{{ item.path }} is OK"
        fail_msg: "{{ item.path }} FAILED checksum"
      with_items:
        "{{ fchanged.files }}"

    - name: Create database
      lineinfile:
        dest: "{{ today_file }}"
        regexp: "^{{ item.path }}.+$"
        line: "{{ item.path }} {{ item.checksum }}"
      delegate_to: localhost
      with_items:
        "{{ fchanged.files }}"

    - name: Create latest link
      file:
        src: "{{ today_file }}"
        path: "/checks/{{ inventory_hostname }}/latest"
        state: link
      delegate_to: localhost