Clean logs older than 90d by default to add missing feature to sudo

2020-12-28 17:39:10 -06:00 · 2020-12-28 17:39:10 -06:00 · 8147f41d6f
commit 8147f41d6f
parent 329e5bd68e
2 changed files with 32 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,4 @@
 ---
-# defaults file for ensure_sudo
+# defaults file for ensure_sudo
 sudo_log_retention: '90d'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -85,4 +85,33 @@
    - 'ensure_sudo.service_facts'
 - name: 'flush handlers'
  meta: 'flush_handlers'
 - name: 'find directories over {{ sudo_log_retention }} old under /var/log/sudo-io'
  when:
    - ansible_system == 'Linux'
    - ensure_sudo is defined
    - sudo_log_retention is defined
    - sudo_log_retention is regex('^[0-9]*[smhdw]$')
  ansible.builtin.find:
    age: '{{ sudo_log_retention }}'
    file_type: 'directory'
    follow: 'no'
    paths:
      - '/var/log/sudo-io/'
    recurse: 'yes'
  register: 'results'
 - name: 'And drop them'
  when:
    - ansible_system == 'Linux'
    - ensure_sudo is defined
    - sudo_log_retention is defined
    - sudo_log_retention is regex('^[0-9]*[smhdw]$')
    - item.path is regex('^/var/log/sudo-io/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])$')
  ansible.builtin.file:
    path: '{{ item.path }}'
    state: 'absent'
  loop: '{{ results.files }}'
  loop_control:
    label: '{{ item.path }} to be removed'
 - name: 'flush handlers'
  meta: 'flush_handlers'