File/directory change detection in Ansible?

Hello,

I am interested in migrating over to Ansible. However, currently I use cfengine3, and one of the important features is the ability to detect changes to files and directories. The cfengine agent can monitor file checksums, detect changes to content or inodes/time, run diffs, update hashes, store hashes, alert admins, etc.

I started experimenting with Ansible, and I can probably create a playbook that would utilize, for instances, the shell module and file modules along with using handlers, but it seems to me to be to messy. I might as well create a local script or use Tripwire.

Due to Ansible’s agent-less characteristics will I have to rely on a script or an application like tripwire to run locally on the host, which then will be managed by Ansible?

Or does Ansible have an all encompassing feature/module that can do what I have described above?

Thanks,

Storm D

Hi,

No, ansible does not have this feature built in, i recommend using
tripwire/osiris/aide for this and manage that through ansible.

Ansible does checksum files that it operates on (copy/template/etc)
but this is more for checking if it needs to continue with an action
or to detect change on strictly the files it manages. It does not keep
a database checksums or drifts as the change might have happened on
the source and the intention is to put it on the target.

You CAN build this feature using ansible but considering the existing
specialized applications that already do this I don't think it is
needed.