{"id":5882,"sha1":"a95f23655189d1d760144c3fe04a2085e01497ba","playbook":{"id":3762,"items":{"plays":2,"tasks":7,"results":2375,"hosts":401,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-prod.sh"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["RM10132-find-snowflakes-repos.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"}],"started":"2025-09-15T12:09:19.739056+01:00","ended":"2025-09-15T12:14:27.088831+01:00","duration":"00:05:07.349775","name":null,"ansible_version":"2.16.11","client_version":"1.7.3","python_version":"3.10.10","server_version":"1.7.3","status":"failed","path":"/home/ssh-gateway/ansible/kuly/RM10132-find-snowflakes-repos.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: Delete existing snowflakes report file\n hosts: localhost\n tasks:\n - name: Delete file\n ansible.builtin.file:\n path: RM10132_find_snowflakes_repos.txt\n state: absent\n force: true\n delegate_to: 127.0.0.1\n\n- name: Check for Third-Party Yum/DNF Repositories\n hosts: all\n gather_facts: false\n vars:\n allowed_repos:\n - appstream\n - baseos\n - extras\n - ha\n - powertools\n - crb\n - epel\n - epel-modular\n - layershift\n - kernelcare\n allowed_repos_wildcard:\n - 'mariadb*'\n - 'imunify360*'\n - 'cloudlinux*'\n - 'PLESK_*'\n - 'plesk*'\n - 'alt*'\n - 'packages.twingate*'\n\n tasks:\n - name: Get list of enabled repositories\n ansible.builtin.shell: |\n dnf repolist --enabled --quiet\n changed_when: false\n register: enabled_repos_raw\n check_mode: false\n\n - name: Create a list of enabled repo IDs\n ansible.builtin.set_fact:\n enabled_repos_list: \"{{ enabled_repos_raw.stdout_lines | map('split') | map('first') | list }}\"\n\n - name: Identify non-standard repositories (with wildcard support)\n ansible.builtin.set_fact:\n third_party_repos: >-\n {{\n enabled_repos_list\n | difference(allowed_repos)\n | reject('match', '^(' + (allowed_repos_wildcard | default([]) | map('replace', '*', '.*') | join('|')) + ')$')\n | reject('equalto', 'repo')\n | reject('equalto', '')\n | list\n }}\n\n - name: Assemble report data\n ansible.builtin.set_fact:\n repo_report:\n hostname: \"{{ inventory_hostname }}\"\n status: \"{% if third_party_repos | length > 0 %}non-compliant{% else %}compliant{% endif %}\"\n third_party_repos: \"{{ third_party_repos }}\"\n check_mode: false\n\n - name: Output report in JSON format\n ansible.builtin.debug:\n msg: \"{{ repo_report | to_nice_json }}\"\n changed_when: repo_report.status == \"non-compliant\"\n\n - name: Make a list of non-compliants\n when: repo_report.status == \"non-compliant\"\n ansible.builtin.lineinfile:\n path: RM10132_find_snowflakes_repos.txt\n create: true\n mode: '0644'\n line: \"{{ inventory_hostname }} - BAD REPOS: {{ third_party_repos | join(', ') }}\"\n delegate_to: 127.0.0.1\n","created":"2025-09-15T12:09:19.758577+01:00","updated":"2025-09-15T12:09:19.758599+01:00","path":"/home/ssh-gateway/ansible/kuly/RM10132-find-snowflakes-repos.yaml"}