Clean logs older than 90d by default to add missing feature to sudo

2020-12-28 17:39:10 -06:00 · 2020-12-28 17:39:10 -06:00 · 8147f41d6f
commit 8147f41d6f
parent 329e5bd68e
2 changed files with 32 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,4 @@
 ---
-# defaults file for ensure_sudo
+# defaults file for ensure_sudo
+sudo_log_retention: '90d'
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -85,4 +85,33 @@
    - 'ensure_sudo.service_facts'
 - name: 'flush handlers'
  meta: 'flush_handlers'
+- name: 'find directories over {{ sudo_log_retention }} old under /var/log/sudo-io'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_sudo is defined
+    - sudo_log_retention is defined
+    - sudo_log_retention is regex('^[0-9]*[smhdw]$')
+  ansible.builtin.find:
+    age: '{{ sudo_log_retention }}'
+    file_type: 'directory'
+    follow: 'no'
+    paths:
+      - '/var/log/sudo-io/'
+    recurse: 'yes'
+  register: 'results'
+- name: 'And drop them'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_sudo is defined
+    - sudo_log_retention is defined
+    - sudo_log_retention is regex('^[0-9]*[smhdw]$')
+    - item.path is regex('^/var/log/sudo-io/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])$')
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: 'absent'
+  loop: '{{ results.files }}'
+  loop_control:
+    label: '{{ item.path }} to be removed'
+- name: 'flush handlers'
+  meta: 'flush_handlers'