search

ansible / ansible-lint

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you
https://ansible.readthedocs.io/projects/lint/
GNU General Public License v3.0
3.46k stars 654 forks source link

Avoid spamming local syslog while linting (module loading) #4317

Open toralf opened 3 weeks ago

toralf commented 3 weeks ago

Running 

$> ansible-lint

for this repo: https://github.com/toralf/tor-relays spams the local syslog (Gentoo hardened with openrc) with hundreds of lines like this:

Sep  7 19:51:25 p14s ansible-basic.py[2536]: Invoked with name=['prometheus-node-exporter'] package=['prometheus-node-exporter'] state=present update_cache_retries=5 update_cache_retry_max_delay=12 cache_valid_time=0 purge=False force=False upgrade=no dpkg_options=force-confdef,force-confold autoremove=False autoclean=False fail_on_autoremove=False only_upgrade=False force_apt_get=False clean=False allow_unauthenticated=False allow_downgrade=False allow_change_held_packages=False lock_timeout=60 update_cache=None deb=None default_release=None install_recommends=None policy_rc_d=None
Sep  7 19:51:25 p14s ansible-basic.py[2536]: Invoked with name=prometheus-node-exporter daemon_reload=False daemon_reexec=False scope=system no_block=False state=None enabled=None force=None masked=None
Sep  7 19:51:25 p14s ansible-basic.py[2536]: Invoked with path=/var/lib/node_exporter/ state=directory mode=0755 recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Sep  7 19:51:25 p14s ansible-basic.py[2536]: Invoked with create=False line=ARGS=' --web.listen-address=localhost:9100 --collector.tcpstat --collector.textfile.directory=/var/lib/node_exporter/ --collector.filesystem.mount-points-exclude="^/(dev|proc|run/credentials/.+|sys|var/lib/docker/.+|var/lib/containers/storage/.+)($|/)" ' path=/etc/default/prometheus-node-exporter regex=^ARGS= regexp=^ARGS= state=present backrefs=False backup=False firstmatch=False unsafe_writes=False search_string=None insertafter=None insertbefore=None validate=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Sep  7 19:51:26 p14s ansible-basic.py[2536]: Invoked with url=https://github.com/toralf/torutils/raw/main/metrics.sh dest=/root/metrics.sh mode=0744 force=True http_agent=ansible-httpget use_proxy=True validate_certs=True force_basic_auth=False use_gssapi=False backup=False checksum= timeout=10 unredirected_headers=[] decompress=True use_netrc=True unsafe_writes=False url_username=None url_password=NOT_LOGGING_PARAMETER client_cert=None client_key=None headers=None tmp_dest=None ciphers=None owner=None group=None seuser=None serole=None s

This should not happen.

audgirka commented 2 weeks ago

A PR would be welcomed here.

audgirka commented 2 weeks ago

Related https://forum.ansible.com/t/ansible-lint-causes-massive-amount-of-debug-logging-to-syslog/853

tanwigeetika1618 commented 1 week ago

Hi @toralf I tried reproducing the issue by running ansible-lint on top of your repository, but I wasn't able to replicate the messages that spamming the syslog you're seeing. From what I've observed, it doesn't seem like ansible-lint itself is causing this issue. Instead, it's possible that the problem is related to an Ansible module installed locally on your system, which might be responsible for spamming the syslog.

toralf commented 1 week ago

Instead, it's possible that the problem is related to an Ansible module installed locally on your system, which might be responsible for spamming the syslog.

Pfr - will check here the Gentoo config. At least it happens here at this system for other repos too. So it is not related to the mentioned repository I do assume.

tanwigeetika1618 commented 1 week ago

Right! I t will happen with the other repos too as it's independent of the repos. I guess this is likely tied to the environment such as the Gentoo config. If you can check for any unusual configurations in your systemd/journald settings which could be causing this excessive logging. Or you can test the same workflow on a different system or VM, if possible, to isolate whether the issue persists outside of your current setup. Meanwhile I'm also trying to do the same.

toralf commented 1 week ago

I silenced them with

skip_list:
  - experimental

for now

toralf commented 1 week ago

FWIW Gentoo allows to have multiple Python versions being installed in parallel. The particular version is then symlinked:

$ ls -l /usr/bin/python*
lrwxrwxrwx 1 root root    13 Apr 13 20:05 /usr/bin/python -> python-exec2c
lrwxrwxrwx 1 root root    13 Apr 13 20:05 /usr/bin/python3 -> python-exec2c
-rwxr-xr-x 1 root root 14344 Sep 20 08:39 /usr/bin/python3.11
-rwxr-xr-x 1 root root  2971 Sep 20 08:39 /usr/bin/python3.11-config
-rwxr-xr-x 1 root root 14344 Sep 20 08:38 /usr/bin/python3.12
-rwxr-xr-x 1 root root  2992 Sep 20 08:38 /usr/bin/python3.12-config
lrwxrwxrwx 1 root root    31 Apr 13 20:05 /usr/bin/python3-config -> ../lib/python-exec/python-exec2
lrwxrwxrwx 1 root root    31 Aug 24 11:41 /usr/bin/python-argcomplete-check-easy-install-script -> ../lib/python-exec/python-exec2
lrwxrwxrwx 1 root root    31 Apr 13 20:05 /usr/bin/python-config -> ../lib/python-exec/python-exec2
-rwxr-xr-x 1 root root 18536 Apr 13 20:05 /usr/bin/python-exec2c