Blueprints

Run Ansible playbook and alert on configuration drift

Source

yaml
id: ansible-config-drift
namespace: company.team
description: >
  Run an Ansible playbook from inline inventory and playbook definitions, then
  alert in Slack only when configuration drift is detected on any host.

tasks:
  - id: set_up_env
    type: io.kestra.plugin.ansible.cli.AnsibleCLI
    inputFiles:
      inventory.ini: |
        [servers]
        server1.example.test ansible_user=admin ansible_ssh_private_key_file=~/.ssh/id_rsa
        server2.example.test ansible_user=admin ansible_ssh_private_key_file=~/.ssh/id_rsa
        server3.example.test ansible_user=admin ansible_ssh_private_key_file=~/.ssh/id_rsa
      myplaybook.yml: |
        ---
        - name: Ensure environment variable is set correctly
          hosts: servers
          become: true

          tasks:
            - name: Ensure MY_APP_MODE is set
              lineinfile:
                path: /home/{{ ansible_user }}/.bashrc
                regexp: '^MY_APP_MODE='
                line: 'MY_APP_MODE=production'
                state: present
              notify: Refresh environment

          handlers:
            - name: Refresh environment
              shell: . /home/{{ ansible_user }}/.bashrc
              changed_when: false
    taskRunner:
      type: io.kestra.plugin.core.runner.Process
    ansibleConfig: |
      [defaults]
      interpreter_python = auto_silent
      log_path={{ workingDir }}/ansible.log
      stdout_callback = yaml
    commands:
      - ansible-playbook -i inventory.ini myplaybook.yml

  - id: loop_hosts
    type: io.kestra.plugin.core.flow.ForEach
    values: "{{ outputs.set_up_env.vars.outputs }}"
    tasks:
      - id: check_drift
        type: io.kestra.plugin.notifications.slack.SlackIncomingWebhook
        runIf: "{{ (taskrun.value | jq('.changed') | first) == true }}"
        url: "{{ secret('SLACK_WEBHOOK') }}"
        payload: |
          {
            "text": "Configuration updated - {{ taskrun.value | jq('.msg') | first ?? Null }}"
          }

triggers:
  - id: check_nightly
    type: io.kestra.plugin.core.trigger.Schedule
    cron: 0 3 * * *
    disabled: true
See more

About this blueprint

Infrastructure

This flow runs an Ansible playbook defined inline (inventory and playbook) to enforce MY_APP_MODE=production for the listed servers. After the Ansible run, it inspects each host result and posts a Slack alert only for hosts that required changes (drift detected). A nightly schedule trigger is provided but disabled by default.

Ansible CLI

Process

For Each

Slack Incoming Webhook

Schedule

More Related Blueprints

CoreInfrastructure
Create a PagerDuty alert when a workflow fails
CloudInfrastructure
Build a Docker image and push it to AWS Elastic Container Registry (ECR)
CoreInfrastructure
CI/CD with a GitHub webhook trigger in production and a manually-supplied JSON-type input for local testing

New to Kestra?

Use blueprints to kickstart your first workflows.

Get started with Kestra