AnsibleRoles/ensure_sudo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clean logs older than 90d by default to add missing feature to sudo

Browse Source
This commit is contained in:
Jason Rothstein
2020-12-28 17:39:10 -06:00
parent 329e5bd68e
commit 8147f41d6f
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@@ -1,2 +1,4 @@
--- ---
# defaults file for ensure_sudo # defaults file for ensure_sudo
sudo_log_retention: '90d'

29
tasks/main.yml
View File

@@ -85,4 +85,33 @@
- 'ensure_sudo.service_facts' - 'ensure_sudo.service_facts'
- name: 'flush handlers' - name: 'flush handlers'
meta: 'flush_handlers' meta: 'flush_handlers'
- name: 'find directories over {{ sudo_log_retention }} old under /var/log/sudo-io'
when:
- ansible_system == 'Linux'
- ensure_sudo is defined
- sudo_log_retention is defined
- sudo_log_retention is regex('^[0-9]*[smhdw]$')
ansible.builtin.find:
age: '{{ sudo_log_retention }}'
file_type: 'directory'
follow: 'no'
paths:
- '/var/log/sudo-io/'
recurse: 'yes'
register: 'results'
- name: 'And drop them'
when:
- ansible_system == 'Linux'
- ensure_sudo is defined
- sudo_log_retention is defined
- sudo_log_retention is regex('^[0-9]*[smhdw]$')
- item.path is regex('^/var/log/sudo-io/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])$')
ansible.builtin.file:
path: '{{ item.path }}'
state: 'absent'
loop: '{{ results.files }}'
loop_control:
label: '{{ item.path }} to be removed'
- name: 'flush handlers'
meta: 'flush_handlers'