ntp-compliance.yml

---
- name: NTP Server configuration compliance for Network Elements
  hosts: "{{ my_devices }}"
  connection: network_cli
  gather_facts: "{{ my_facts }}"
  vars:
    erase: false
    required_servers: []
    in_servers: []
    out_servers: []
    ee_folder: /tmp

  tasks:
    - name: Read inputs and prepare configs
      ansible.builtin.set_fact:
        required_servers: "{{ required_servers }} + [ 'ntp server {{ item }}' ]"
      with_items: "{{ my_ntp_servers }}"

    - name: Check existing NTP Servers
      ansible.builtin.include_role:
        name: ntpcheck
      when: ansible_network_os is defined

    # Adds NTP server entries in the my_ntp_servers variable if the variable erase is false
    - block:
        - name: Compare NTP servers and remove erroneous entries
          ansible.netcommon.cli_config:
            config: no {{ item }}
          loop: "{{ configured_servers }}"
          when:
            - configured_servers | length > 0
            - item not in required_servers

        - name: Ensure intended NTP servers are present
          ansible.netcommon.cli_config:
            config: "{{ item }}"
          loop: "{{ required_servers }}"
      when: not erase|bool

    # - name: Render template
    #   set_fact:
    #     rendered_template: "{{ lookup('template', 'report.j2') }}"

    - name: Save template to temporary file
      ansible.builtin.template:
        src: report.j2
        dest: "{{ ee_folder }}/temp.html"
        mode: '0755'
      when: in_servers | length > 0 or out_servers | length > 0

    # Creates and uploads a report to S3
    - name: Upload report to S3
      amazon.aws.aws_s3:
        bucket: "{{ my_bucket }}"
        src: "{{ ee_folder }}/temp.html"
        object: "index.html"
        mode: put
        metadata: 'Content-Type=text/html'
      when: in_servers | length > 0 or out_servers | length > 0

    # Erases all ntp server entries if the variable erase is true
    - name: Remove all existing NTP server entries
      ansible.netcommon.cli_config:
        config: no {{ item }}
      loop: "{{ configured_servers }}"
      when:
        - configured_servers | length > 0
        - erase|bool