I know I can use the shell command with find to get the result. But it doesn't seem nice as the loop module.
Thanks On Friday, January 1, 2021 at 6:54:09 AM UTC-5 [email protected] wrote: > On 12/31/20 7:43 PM, Thuan wrote: > > Hi all, > > > > My playbook is working for single files but not for directories. > > It doesn't check the folders permissions recursively. > > > > I would use the find module, which works recursively and provides similar > information > as the stat module. You also get a single list as you don't need a loop. > > Regards > Racke > > > > > > > > > > > > > ============================================================ > > > > - name: Ensure system directories are own by root group. > > block: > > - name: Verify the command directories are exists. > > become: true > > stat: > > path: "{{ item }}" > > loop: > > - /bin/ > > - /sbin/ > > - /usr/bin/ > > - /usr/sbin/ > > - /usr/local/bin > > - /usr/local/sbin > > register: command_directories > > - name: Verify the ownership of command directories are belong to root. > > loop: | > > {{ command_directories.results | map(attribute='item')| > > zip(command_directories.results | map(attribute='stat.gr_name'))|list }} > > > > assert: > > that: item.1 == 'root' > > loop_control: > > label: "{{ item.0 }}" > > > > - set_fact: > > stig_text: "PASSED" > > rescue: > > > > - name: configure the command directories ownership to root and create > if it doesn't exist. > > become: true > > file: > > path: "{{ item.item }}" > > group: root > > state: "{{ 'directory' if item.stat.exists else 'touch' }}" > > recurse: yes > > loop: "{{ command_directories.results }}" > > register: file_perms_rule > > - set_fact: > > stig_text: "PASSED" > > when: file_perms_rule.changed > > > > ================================================================== > > > > > > TASK [Verify the ownership of command directories are belong to root.] > *************************************** > > [WARNING]: The loop variable 'item' is already in use. You should set > the `loop_var` value in the > > `loop_control` option for the task to something else to avoid variable > collisions and unexpected behavior. > > ok: [localhost] => (item=/bin/) => { > > "ansible_loop_var": "item", > > "changed": false, > > "item": [ > > "/bin/", > > "root" > > ], > > "msg": "All assertions passed" > > } > > ok: [localhost] => (item=/sbin/) => { > > "ansible_loop_var": "item", > > "changed": false, > > "item": [ > > "/sbin/", > > "root" > > ], > > "msg": "All assertions passed" > > } > > ok: [localhost] => (item=/usr/bin/) => { > > "ansible_loop_var": "item", > > "changed": false, > > "item": [ > > "/usr/bin/", > > "root" > > ], > > "msg": "All assertions passed" > > } > > ok: [localhost] => (item=/usr/sbin/) => { > > "ansible_loop_var": "item", > > "changed": false, > > "item": [ > > "/usr/sbin/", > > "root" > > ], > > "msg": "All assertions passed" > > } > > ok: [localhost] => (item=/usr/local/bin) => { > > "ansible_loop_var": "item", > > "changed": false, > > "item": [ > > "/usr/local/bin", > > "root" > > ], > > "msg": "All assertions passed" > > } > > ok: [localhost] => (item=/usr/local/sbin) => { > > "ansible_loop_var": "item", > > "changed": false, > > "item": [ > > "/usr/local/sbin", > > "root" > > ], > > "msg": "All assertions passed" > > } > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to > > [email protected] <mailto: > [email protected]>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com > > < > https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com?utm_medium=email&utm_source=footer > >. > > > -- > Ecommerce and Linux consulting + Perl and web application programming. > Debian and Sympa administration. Provisioning with Ansible. > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6860ab44-d1e1-4b3c-a852-39128d5b6a45n%40googlegroups.com.
