검사 결과 업데이트

ansible/security_check/roles/security_check/tasks/create_readme.yml

@@ -5,7 +5,6 @@
   args:
     chdir: /volume1/platform/05_Security_check/
   register: check_status
-  when: "'nas' in group_names"
 
 - name: check status [2]
   shell: |
@@ -13,22 +12,18 @@
   args:
     chdir: /volume1/platform/05_Security_check/
   register: check_ok
-  when: "'nas' in group_names"
 
 - debug:
     msg: "취약점 {{ check_status.stdout_lines }} 발견"
-  when: "'nas' in group_names"
 
 - debug:
     msg: "취약점 {{ check_ok.stdout_lines }} 양호"
-  when: "'nas' in group_names"
 
 - name: Create README.md
   template:
     src: README.md.j2
     dest: "{{ playbook_dir }}/README.md"
   delegate_to: 127.0.0.1
-  when: "'nas' in group_names"
 
 - name: git push
   shell: |
@@ -36,9 +31,9 @@
     ls -al
     git config --global user.email "sa_8001@ex-em.com"
     git config --global user.name "ByeonJungHun"
-    git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/security_check
+    git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/dsk-iac
     cp ./README.md ~/dsk-iac/ansible/security_check/README.md
-    cd ~/security_check
+    cd ~/dsk-iac
     cat README.md
     pwd
     ls -al
@@ -46,8 +41,6 @@
     git commit -m "검사 결과 업데이트"
     git push
   delegate_to: 127.0.0.1
-  when: "'nas' in group_names"
 
 - debug:
-    msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check"
-  when: "'nas' in group_names"
+    msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check"

ansible/security_check/roles/security_check/tasks/main.yml

@@ -2,3 +2,4 @@
 - include: start.yml
 
 - include: create_readme.yml
+  when: "'nas' in group_names"

ansible/security_check/roles/security_check/tasks/start.yml

@@ -15,7 +15,13 @@
   copy:
     src: "{{ role_path }}/files/ubuntu.sh"
     dest: /tmp/ubuntu.sh
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian'
+
+- name: Copy Security Check Script
+  copy:
+    src: "{{ role_path }}/files/rocky.sh"
+    dest: /tmp/rocky.sh
+  when: ansible_facts['os_family'] == 'RedHat'
 
 - name: Start Security Check Script (become -> true)
   shell: |
@@ -23,21 +29,29 @@
     bash /tmp/ubuntu.sh
     rm -rf /tmp/ubuntu.sh
   become: true
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian'
+
+- name: Start Security Check Script (become -> true)
+  shell: |
+    chdir
+    bash /tmp/rocky.sh
+    rm -rf /tmp/rocky.sh
+  become: true
+  when: ansible_facts['os_family'] == 'RedHat'
 
 - name: Copy Result File to Local
   fetch:
     src: "/tmp/{{ ansible_hostname }}.{{ ansible_host }}.txt"
     dest: "~/checklist/"
     flat: yes
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'
 
 - name: Delete Result File (become -> true)
   file:
     path: "/tmp/{{ ansible_hostname }}.txt"
     state: absent
   become: true
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'
 
 - name: Find Copy File Name
   shell: ls -l ~/checklist/ | awk 'NR>1 {print $9}'