test0820g1

Young-Kyoo Kim·2025년 8월 20일
---
- name: Safe Service Status Check with Error Handling
  hosts: all
  gather_facts: yes
  vars:
    target_services:
      - auditd
      - mlocate-updatedb.timer
      - updatedb.timer
      - chronyd
      - firewalld
      - sshd
      - NetworkManager
    
    service_results: []

  tasks:
    - name: Check service existence first
      shell: |
        for service in {{ target_services | join(' ') }}; do
          if systemctl list-unit-files --type=service,timer | grep -q "^$service"; then
            echo "$service:exists"
          else
            echo "$service:not_found"
          fi
        done
      register: service_existence_check
      
    - name: Parse service existence
      set_fact:
        existing_services: "{{ service_existence_check.stdout_lines | select('match', '.*:exists$') | map('regex_replace', ':exists$', '') | list }}"
        missing_services: "{{ service_existence_check.stdout_lines | select('match', '.*:not_found$') | map('regex_replace', ':not_found$', '') | list }}"
        
    - name: Get detailed status for existing services only
      shell: |
        service="{{ item }}"
        if systemctl is-active "$service" >/dev/null 2>&1; then
          active_state="active"
        else
          active_state="$(systemctl is-active "$service" 2>/dev/null || echo 'inactive')"
        fi
        
        if systemctl is-enabled "$service" >/dev/null 2>&1; then
          enabled_state="enabled"
        else
          enabled_state="$(systemctl is-enabled "$service" 2>/dev/null || echo 'disabled')"
        fi
        
        echo "$service:$active_state:$enabled_state"
      register: existing_service_status
      loop: "{{ existing_services }}"
      failed_when: false
      
    - name: Build service information safely
      set_fact:
        node_service_info:
          hostname: "{{ inventory_hostname }}"
          os_version: "{{ ansible_distribution }} {{ ansible_distribution_version }}"
          services: {}
          
    - name: Add existing services to info
      set_fact:
        node_service_info: "{{ node_service_info | combine({
          'services': node_service_info.services | combine({
            item.split(':')[0]: {
              'exists': true,
              'active_state': item.split(':')[1],
              'enabled_state': item.split(':')[2],
              'is_active': item.split(':')[1] == 'active',
              'is_enabled': item.split(':')[2] == 'enabled'
            }
          })
        }) }}"
      loop: "{{ existing_service_status.results | map(attribute='stdout') | list }}"
      when: existing_service_status.results is defined
      
    - name: Add missing services to info
      set_fact:
        node_service_info: "{{ node_service_info | combine({
          'services': node_service_info.services | combine({
            item: {
              'exists': false,
              'active_state': 'not-found',
              'enabled_state': 'not-found',
              'is_active': false,
              'is_enabled': false
            }
          })
        }) }}"
      loop: "{{ missing_services }}"
      
    - name: Display safe service status
      debug:
        msg: |
          
          ================================================
          HOST: {{ inventory_hostname }} ({{ ansible_distribution }} {{ ansible_distribution_version }})
          ================================================
          
          📊 SERVICES FOUND: {{ existing_services | length }}/{{ target_services | length }}
          📊 SERVICES MISSING: {{ missing_services | length }}/{{ target_services | length }}
          
          {% for service in target_services %}
          {% if service in existing_services %}
          {% set svc_info = node_service_info.services[service] %}
          ├─ {{ service }}: {{ '🟢 ACTIVE' if svc_info.is_active else '🔴 ' + svc_info.active_state | upper }} | {{ '✅ ENABLED' if svc_info.is_enabled else '❌ ' + svc_info.enabled_state | upper }}
          {% else %}
          ├─ {{ service }}: ❌ NOT FOUND
          {% endif %}
          {% endfor %}
          
          🎯 KEY SERVICES STATUS:
          {% if 'auditd' in existing_services %}
          {% set auditd = node_service_info.services['auditd'] %}
          🔍 auditd: {{ '✅ OPERATIONAL' if auditd.is_active else '⚠️ ' + auditd.active_state | upper }}
          {% else %}
          🔍 auditd: ❌ NOT INSTALLED
          {% endif %}
          
          {% if 'mlocate-updatedb.timer' in existing_services %}
          📍 mlo

0개의 댓글