feat: add role fingerprints to syslog

[richm]

Feature: Add a fingerprint string to the system log to indicate when the role began
successfully, and when the role finished successfully. The fingerprint string indicates
the role name, a timestamp, and the platform.

Reason: Users can see when the role was used and if it was used successfully. This
information from the system log can be collected by log scanners and aggregators
for further analysis.

Result: The role logs fingerprints to the system log.

This also adds a test to check if the fingerprints were written upon a successful
role invocation.

Signed-off-by: Rich Megginson rmeggins@redhat.com

Summary by Sourcery

Add a syslog fingerprinting mechanism to the kdump role and verify its presence via tests.

New Features:

• Introduce an sr_fingerprint Ansible module to write structured fingerprint messages to syslog for diagnostic use.
• Record begin and success fingerprint messages from the kdump role including role name, Ansible version, and platform details.

Tests:

• Extend the default reboot test to verify that kdump role syslog fingerprints are written to the system journal when syslog is available.

Chores:

• Add Ansible sanity ignore entries and a library path for the kdump test role to accommodate the new custom module.

[sourcery-ai]

Reviewer's Guide

Adds a new sr_fingerprint Ansible module and wires it into the kdump role to emit begin/success fingerprints to syslog, along with a test that validates the fingerprints appear in the system journal when the role runs successfully.

Sequence diagram for kdump role syslog fingerprints

sequenceDiagram
    actor Operator
    participant AnsibleController
    participant KdumpRole
    participant SrFingerprintModule
    participant Syslog

    Operator->>AnsibleController: run_playbook_with_kdump_role
    AnsibleController->>KdumpRole: execute_tasks

    KdumpRole->>SrFingerprintModule: task_Record_role_begin_fingerprint(sr_message="begin system_role:kdump ...")
    SrFingerprintModule->>SrFingerprintModule: _local_iso8601_no_microseconds
    SrFingerprintModule->>Syslog: module.log("begin system_role:kdump ... <timestamp>")
    SrFingerprintModule-->>KdumpRole: exit_json(changed=False)

    KdumpRole->>KdumpRole: perform_kdump_configuration

    KdumpRole->>SrFingerprintModule: task_Record_role_success_fingerprint(sr_message="success system_role:kdump ...")
    SrFingerprintModule->>SrFingerprintModule: _local_iso8601_no_microseconds
    SrFingerprintModule->>Syslog: module.log("success system_role:kdump ... <timestamp>")
    SrFingerprintModule-->>KdumpRole: exit_json(changed=False)

    KdumpRole-->>AnsibleController: role_completed_successfully
    AnsibleController-->>Operator: playbook_run_report

Loading

Updated class diagram for the sr_fingerprint Ansible module

classDiagram
    class sr_fingerprint {
        +run_module() void
        +main() void
        -_local_iso8601_no_microseconds() str
    }

    class AnsibleModule {
        +params dict
        +check_mode bool
        +log(msg str) void
        +exit_json(**kwargs) void
    }

    class datetime_module {
        +datetime
        +timezone
    }

    sr_fingerprint ..> AnsibleModule : uses
    sr_fingerprint ..> datetime_module : uses

Loading

File-Level Changes

Change	Details	Files
Introduce sr_fingerprint custom Ansible module to write timestamped fingerprint messages to syslog.	Create a new library module sr_fingerprint.py with a required sr_message parameter. Generate an ISO8601 local timestamp (without microseconds) using a helper that is compatible with older Python versions. Concatenate sr_message and the timestamp into a single log line and write it using module.log, returning changed=False and supporting check mode without logging.	library/sr_fingerprint.py
Emit role begin/success fingerprints from the kdump role using sr_fingerprint with role, Ansible, and distro metadata.	Call sr_fingerprint at the start of set_vars.yml to log a begin fingerprint containing system_role:kdump, ansible_version, and distribution/version. Call sr_fingerprint at the end of main.yml after starting the kdump service to log a success fingerprint containing the same metadata.	tasks/set_vars.yml tasks/main.yml
Add an integration-style test that validates the fingerprints are written to the system journal when the role runs successfully.	In the reboot test playbook, check for /dev/log and capture the current time as __journal_start_time only when syslog is available. After running the role, use journalctl filtered by __journal_start_time and grep to assert that begin and success fingerprints for system_role:kdump are present, ignoring Ansible "Invoked with" noise, without marking the task changed. Gate the fingerprint-check task on /dev/log existence to avoid failures where syslog is unavailable and add role library path for tests.	tests/tests_default_reboot.yml tests/roles/linux-system-roles.kdump/library .sanity-ansible-ignore-2.14.txt .sanity-ansible-ignore-2.16.txt .sanity-ansible-ignore-2.17.txt .sanity-ansible-ignore-2.18.txt .sanity-ansible-ignore-2.19.txt .sanity-ansible-ignore-2.20.txt .sanity-ansible-ignore-2.21.txt .sanity-ansible-ignore-2.22.txt

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• In sr_fingerprint._local_iso8601_no_microseconds, consider capturing datetime.datetime.now() once and reusing it instead of calling it twice to avoid subtle inconsistencies around second boundaries and to simplify the logic.
• The journal fingerprint test runs journalctl twice and relies on shell pipelines with grep; you could make this more robust and efficient by using a single journalctl invocation with built-in filtering (e.g. -g or SYSLOG_IDENTIFIER/UNIT constraints) and reducing the shell logic to a single command.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `sr_fingerprint._local_iso8601_no_microseconds`, consider capturing `datetime.datetime.now()` once and reusing it instead of calling it twice to avoid subtle inconsistencies around second boundaries and to simplify the logic.
- The journal fingerprint test runs `journalctl` twice and relies on shell pipelines with `grep`; you could make this more robust and efficient by using a single `journalctl` invocation with built-in filtering (e.g. `-g` or `SYSLOG_IDENTIFIER`/`UNIT` constraints) and reducing the shell logic to a single command.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[richm]

[citest]