ara | File #5851: /home/ssh-gateway/ansible/kuly/find_snowflakes

/home/ssh-gateway/ansible/kuly/find_snowflakes_repos.yaml

Execution

Date 11 Sep 2025 14:30:18 +0100

Duration 00:00:31.76

Controller ssh-gw-4.layershift.com

User root

Versions

Ansible 2.16.11

ara 1.7.3 / 1.7.3

Python 3.10.10

Summary

44 Hosts

6 Tasks

233 Results

1 Plays

1 Files

0 Records

remote_user:root check:False tags:all

Date
11 Sep 2025 14:30:18 +0100
Path
/home/ssh-gateway/ansible/kuly/find_snowflakes_repos.yaml

Argument	Value
version	None
verbosity	1
private_key_file	/home/ssh-gateway/.ssh/id_rsa
remote_user	root
connection	ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-dev.sh']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	20
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['find_snowflakes_repos.yaml']

File: /home/ssh-gateway/ansible/kuly/find_snowflakes_repos.yaml

---
- name: Check for Third-Party Yum/DNF Repositories
  hosts: all
  gather_facts: false
  vars:
    allowed_repos:
      - appstream
      - baseos
      - extras
      - ha
      - powertools
      - crb
      - epel
      - epel-modular
      - layershift
      - kernelcare
      - mariadb
    allowed_repos_wildcard:
      - 'imunify360*'
      - 'cloudlinux*'
      - 'PLESK_*'
      - 'plesk*'
      - 'alt*'

  tasks:
    - name: Get list of enabled repositories
      ansible.builtin.shell: |
        dnf repolist --enabled --quiet
      changed_when: false
      register: enabled_repos_raw
      check_mode: false

    - name: Create a list of enabled repo IDs
      ansible.builtin.set_fact:
        enabled_repos_list: "{{ enabled_repos_raw.stdout_lines | map('split') | map('first') | list }}"

    - name: Identify non-standard repositories (with wildcard support)
      ansible.builtin.set_fact:
        third_party_repos: >-
          {{
            enabled_repos_list
            | difference(allowed_repos)
            | reject('match', '^(' + (allowed_repos_wildcard | default([]) | map('replace', '*', '.*') | join('|')) + ')$')
            | reject('equalto', 'repo')
            | reject('equalto', '')
            | list
          }}

    - name: Assemble report data
      ansible.builtin.set_fact:
        repo_report:
          hostname: "{{ inventory_hostname }}"
          status: "{% if third_party_repos | length > 0 %}non-compliant{% else %}compliant{% endif %}"
          third_party_repos: "{{ third_party_repos }}"
      check_mode: false

    - name: Output report in JSON format
      ansible.builtin.debug:
        msg: "{{ repo_report | to_nice_json }}"
      changed_when: repo_report.status == "non-compliant"

    - name: Make a list of non-compliants
      when: repo_report.status == "non-compliant"
      ansible.builtin.lineinfile:
        path: /home/ssh-gateway/ansible/kuly/find_snowflakes_repos.txt
        create: true
        mode: '0644'
        line: "{{ inventory_hostname }} - BAD REPOS: {{ third_party_repos | join(', ') }}"
      delegate_to: 127.0.0.1

Playbook #3731

File: /home/ssh-gateway/ansible/kuly/find_snowflakes_repos.yaml