Splited init and fetch

Signed-off-by: Radovan Sroka <[email protected]>

README.md

@@ -63,7 +63,15 @@ Type: `bool`
 
 ### aide_init
 
-Initializes the AIDE database and fetches it from the remote nodes to store it on the controller node
+Initializes the AIDE database.
+
+Default: `false`
+
+Type: `bool`
+
+### aide_fetch_db
+
+Fetches database from the remote nodes to store it on the controller node
 
 Default: `false`
 

defaults/main.yml

@@ -15,6 +15,9 @@ aide_generate_config: false
 # Enable initialization of the database phase
 aide_init: false
 
+# Fetch db
+aide_fetch_db: false
+
 # Enable check database phase
 aide_check: false
 

examples/default.yml

@@ -6,9 +6,10 @@
     - name: Include role aide
       vars:
         aide_db_fetch_dir: files
-        aide_install: true
-        aide_generate_config: true
-        aide_init: true
+        aide_install: false
+        aide_generate_config: false
+        aide_init: false
+        aide_fetch_db: false
         aide_check: false
         aide_update: false
       ansible.builtin.include_role:

examples/deploy.yml

@@ -9,7 +9,8 @@
         aide_install: true
         aide_generate_config: true
         aide_init: true
-        aide_check: false
-        aide_update: false
+        aide_fetch_db: true
+        aide_check: true
+        aide_update: true
       ansible.builtin.include_role:
         name: linux-system-roles.aide

examples/just_check.yml

@@ -9,6 +9,7 @@
         aide_install: false
         aide_generate_config: false
         aide_init: false
+        aide_fetch_db: false
         aide_check: true
         aide_update: false
       ansible.builtin.include_role:

examples/just_update.yml

@@ -9,6 +9,7 @@
         aide_install: false
         aide_generate_config: false
         aide_init: false
+        aide_fetch_db: false
         aide_check: false
         aide_update: true
       ansible.builtin.include_role:

tasks/main.yml

@@ -29,7 +29,7 @@
   when:
     - aide_generate_config
 
-- name: Initialize AIDE database and fetch it
+- name: Initialize AIDE database
   when:
     - aide_init
   block:
@@ -38,6 +38,29 @@
         cmd: aide --init
       changed_when: true
 
+    - name: Copy AIDE reference database
+      ansible.builtin.copy:
+        remote_src: true
+        src:  "{{ __aide_db_new_name }}"
+        dest: "{{ __aide_db_name }}"
+        owner: root
+        group: root
+        mode: "0440"
+        force: yes
+      when:
+        - not aide_fetch_db
+
+    - name: Remove remote AIDE database file
+      ansible.builtin.file:
+        path: "{{ __aide_db_new_name }}"
+        state: absent
+      when:
+        - not aide_fetch_db
+
+- name: Fetch AIDE database
+  when:
+    - aide_fetch_db
+  block:
     - name: Fetch AIDE database
       ansible.builtin.fetch:
         src: "{{ __aide_db_new_name }}"
@@ -52,15 +75,16 @@
   when:
     - aide_check
   block:
-    - name: Copy AIDE reference database to remote
+    - name: Copy AIDE reference database
       ansible.builtin.copy:
-        src:
-          "{{ aide_db_fetch_dir }}/{{ inventory_hostname }}/var/lib/aide/\
-          aide.db.new.gz"
+        src: "{{ aide_db_fetch_dir }}/{{ inventory_hostname }}\
+        {{ __aide_db_new_name }}"
         dest: "{{ __aide_db_name }}"
         owner: root
         group: root
         mode: "0440"
+      when:
+        - aide_fetch_db
 
     - name: Check against AIDE reference database
       ansible.builtin.command:
@@ -75,7 +99,8 @@
       ansible.builtin.command:
         cmd: aide --update
       register: __aide_update_result
-      failed_when: __aide_update_result.rc > 7
+      failed_when: "'AIDE found NO differences between database and filesystem. Looks okay!!'\
+      not in __aide_update_result.stdout"
       changed_when: true
 
     - name: Fetch AIDE database

templates/aide.conf.j2

@@ -5,8 +5,14 @@
 @@define DBDIR /var/lib/aide
 @@define LOGDIR /var/log/aide
 
+{% if ansible_facts['os_family'] == 'RedHat' and
+  ansible_facts['distribution_major_version'] in ['8','9'] %}
 # The location of the database to be read.
 database=file:@@{DBDIR}/aide.db.gz
+{% else %}
+# The location of the database to be read.
+database_in=file:@@{DBDIR}/aide.db.gz
+{% endif %}
 
 # The location of the database to be written.
 #database_out=sql:host:port:database:login_name:passwd:table
@@ -16,8 +22,15 @@ database_out=file:@@{DBDIR}/aide.db.new.gz
 # Whether to gzip the output to database
 gzip_dbout=yes
 
+{% if ansible_facts['os_family'] == 'RedHat' and
+  ansible_facts['distribution_major_version'] in ['8','9'] %}
 # Default.
 verbose=5
+{% else %}
+# Default.
+log_level=warning
+report_level=changed_attributes
+{% endif %}
 
 report_url=file:@@{LOGDIR}/aide.log
 report_url=stdout