Hello all,
we use ansible playbooks to deploy an ininital config for e.g. postfix, chrony and sshd_config to new hosts. After the deployment these systems are under the control of the associated SysAdmin. We would like to use ansible to audit the nodes to check if the intitial config was changed BUT not to change them automatically.
In my first approach I run my ansible-playbooks with the --check flag. This way i see where ansible would change something on a certain node or deploy a template again. What I do not see is what changes ansible is going to make on the targed node. I would like to see a diff from the file on a node compared to the template on my ansible controller machine. Do someone have an idea on how to achieve this?
Would it be possible and reasonable to enhance the --check mode to achieve this or do I have to write some program at a higher level to get this done?
Thanks in advance for your comments and thoughts.
Best regards,
Joerg