test0820f4

Young-Kyoo Kim·2025년 8월 20일
---
- name: Service Status Check on RHEL Systems
  hosts: all
  gather_facts: yes
  vars:
    # 확인할 서비스 목록 (필요에 따라 추가/수정)
    target_services:
      - auditd
      - mlocate-updatedb.timer  # RHEL 7/8에서 mlocate는 timer로 실행
      - updatedb.timer          # 일부 시스템에서는 updatedb.timer
      - chronyd
      - firewalld
      - sshd
      - NetworkManager
    
    service_results: []

  tasks:
    - name: Check if system is RHEL/CentOS
      fail:
        msg: "This playbook is designed for RHEL/CentOS systems only"
      when: ansible_os_family != "RedHat"
      
    - name: Get systemd service status for each service
      systemd:
        name: "{{ item }}"
      register: service_status
      failed_when: false
      loop: "{{ target_services }}"
      
    - name: Collect service information
      set_fact:
        current_service_info:
          hostname: "{{ inventory_hostname }}"
          os_version: "{{ ansible_distribution }} {{ ansible_distribution_version }}"
          services: {}
          
    - name: Process service status results
      set_fact:
        current_service_info: "{{ current_service_info | combine({
          'services': current_service_info.services | combine({
            item.item: {
              'exists': item.status is defined,
              'active': item.status.ActiveState == 'active' if item.status is defined else false,
              'enabled': item.status.UnitFileState == 'enabled' if item.status is defined else false,
              'status': item.status.ActiveState if item.status is defined else 'not-found',
              'loaded': item.status.LoadState if item.status is defined else 'not-found'
            }
          })
        }) }}"
      loop: "{{ service_status.results }}"
      
    - name: Add to service results
      set_fact:
        service_results: "{{ service_results + [current_service_info] }}"
      delegate_to: localhost
      delegate_facts: true

- name: Analyze and Display Service Status Results
  hosts: localhost
  gather_facts: no
  
  tasks:
    - name: Display service status summary
      debug:
        msg: |
          
          ================================================
          SERVICE STATUS CHECK SUMMARY
          ================================================
          
          Total Nodes Checked: {{ service_results | length }}
          Services Monitored: {{ target_services | join(', ') }}
          
    - name: Create service status matrix
      set_fact:
        service_matrix: {}
        
    - name: Build service status matrix
      set_fact:
        service_matrix: "{{ service_matrix | combine({
          item[0]: service_matrix[item[0]] | default({}) | combine({
            item[1]: (service_results | selectattr('services.' + item[0] + '.active', 'defined') | selectattr('services.' + item[0] + '.active', 'equalto', true) | list | length)
          })
        }) }}"
      with_nested:
        - "{{ target_services }}"
        - ["active", "inactive", "not_found"]
      vars:
        active_count: "{{ service_results | selectattr('services.' + item[0] + '.active', 'defined') | selectattr('services.' + item[0] + '.active', 'equalto', true) | list | length }}"
        inactive_count: "{{ service_results | selectattr('services.' + item[0] + '.exists', 'defined') | selectattr('services.' + item[0] + '.exists', 'equalto', true) | selectattr('services.' + item[0] + '.active', 'equalto', false) | list | length }}"
        not_found_count: "{{ service_results | selectattr('services.' + item[0] + '.exists', 'defined') | selectattr('services.' + item[0] + '.exists', 'equalto', false) | list | length }}"
        
    - name: Display service statistics
      debug:
        msg: |
          
          SERVICE STATUS STATISTICS:
          {% for service in target_services %}
          
          {{ service }}:
          {% set active_nodes = service_results | selectattr('services.' + service + '.active', 'defined') | selectattr('services.' + service + '.active', 'equalto', true) | list %}
          {% set inactive_nodes = service_results | selectattr('services.' + service + '.exists', 'defined') | selectattr('services.' + service + '.exists', 'equalto', true) | selectattr('services.' + service + '.active', 'equalto', false) | list %}
          {% set missing_nodes = service_results | selectattr('services.' + service + '.exists', 'defined') | selectattr('services.' + service + '.exists', 'equalto', false) | list %}
          ├─ Active: {{ active_nodes | length }} nodes {{ '(' + (active_nodes | map(attribute='hostname') | join(', ')) + ')' if active_nodes | length > 0 else '' }}
          ├─ Inactive: {{ inactive_nodes | length }} nodes {{ '(' + (inactive_nodes | map(attribute='hostname') | join(', ')) + ')' if inactive_nodes | length > 0 else '' }}
          └─ Not Found: {{ missing_nodes | length }} nodes {{ '(' + (missing_nodes | map(attribute='hostname') | join(', ')) + ')' if missing_nodes | length > 0 else '' }}
          {% endfor %}
          
    - name: Display detailed service status per node
      debug:
        msg: |
          
          ================================================
          DETAILED SERVICE STATUS PER NODE
          ================================================
          
          HOST: {{ item.hostname }} ({{ item.os_version }})
          {% for service in target_services %}
          {% if item.services[service].exists %}
          ├─ {{ service }}: {{ '🟢 ACTIVE' if item.services[service].active else '🔴 INACTIVE' }} ({{ item.services[service].status }}) {{ '| ENABLED' if item.services[service].enabled else '| DISABLED' }}
          {% else %}
          ├─ {{ service }}: ❌ NOT FOUND
          {% endif %}
          {% endfor %}
          
      loop: "{{ service_results }}"
      
    - name: Identify critical service issues
      set_fact:
        critical_issues: []
        
    - name: Check for auditd issues (security critical)
      set_fact:
        critical_issues: "{{ critical_issues + ['auditd not active on: ' + (service_results | selectattr('services.auditd.active', 'defined') | selectattr('services.auditd.active', 'equalto', false) | map(attribute='hostname') | join(', '))] }}"
      when: service_results | selectattr('services.auditd.active', 'defined') | selectattr('services.auditd.active', 'equalto', false) | list | length > 0
      
    - name: Display critical issues
      debug:
        msg: |
          
          ⚠️  CRITICAL ISSUES DETECTED:
          {% for issue in critical_issues %}
          - {{ issue }}
          {% endfor %}
          
      when: critical_issues | length > 0
      
    - name: Generate service status report
      copy:
        content: |
          Hostname,OS_Version,{% for service in target_services %}{{ service }}_Status,{{ service }}_Enabled,{% endfor %}
          {% for result in service_results -%}
          {{ result.hostname }},{{ result.os_version }},{% for service in target_services %}{{ result.services[service].status if result.services[service].exists else 'not-found' }},{{ result.services[service].enabled if result.services[service].exists else 'N/A' }},{% endfor %}
          {% endfor %}
        dest: "./service_status_report.csv"
        
    - name: Generate detailed JSON report
      copy:
        content: "{{ service_results | to_nice_json }}"
        dest: "./service_status_detailed.json"
        
    - name: Display report locations
      debug:
        msg: |
          
          ================================================
          REPORTS GENERATED
          ================================================
          
          📊 CSV Summary: ./service_status_report.csv
          📋 Detailed JSON: ./service_status_detailed.json

0개의 댓글