Arguments and configuration
Argument Value
verbosity 0
ask_pass False
private_key_file None
remote_user None
connection ssh
timeout 5
ssh_common_args
sftp_extra_args
scp_extra_args
ssh_extra_args
force_handlers True
flush_cache None
become False
become_method sudo
become_user None
become_ask_pass False
tags ['all']
skip_tags []
check False
syntax None
diff False
inventory ['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts None
subset None
extra_vars Not saved by ARA as configured by 'ignored_arguments'
ask_vault_pass False
vault_password_files []
vault_ids []
forks 5
module_path None
listtasks None
listtags None
step None
start_at_task None
args ['setup-hosts.yml']
Records No records have been saved with ara_record for this playbook.
Files
Hosts
Host Changed Failed Ok Skipped Unreachable
aio1 43 0 123 27 0
Task results
Task Action Status Host Started Duration
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:52 +0000 00:00:03.703
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:52 +0000 00:00:02.879
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:52 +0000 00:00:02.235
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:52 +0000 00:00:01.554
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:52 +0000 00:00:00.732
ansible-hardening : Remove the temporary directory file ok aio1 Fri, 31 Jan 2020 15:53:52 +0000 00:00:00.457
ansible-hardening : Private host key files must have mode 0600 or less file ok aio1 Fri, 31 Jan 2020 15:53:50 +0000 00:00:01.256
ansible-hardening : Determine existing private ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:53:49 +0000 00:00:00.466
ansible-hardening : Public host key files must have mode 0644 or less file ok aio1 Fri, 31 Jan 2020 15:53:48 +0000 00:00:01.175
ansible-hardening : Determine existing public ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:53:47 +0000 00:00:00.472
ansible-hardening : Ensure sshd is enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:53:46 +0000 00:00:00.627
ansible-hardening : Adjust ssh server configuration based on STIG requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:53:46 +0000 00:00:00.484
ansible-hardening : Copy login warning banner copy changed aio1 Fri, 31 Jan 2020 15:53:44 +0000 00:00:01.005
ansible-hardening : Check to see if snmpd config contains public/private shell ok aio1 Fri, 31 Jan 2020 15:53:43 +0000 00:00:00.491
ansible-hardening : Check TFTP configuration mode command skipped aio1 Fri, 31 Jan 2020 15:53:42 +0000 00:00:00.242
ansible-hardening : Check for TFTP server configuration file stat ok aio1 Fri, 31 Jan 2020 15:53:42 +0000 00:00:00.443
ansible-hardening : V-72297 - Prevent unrestricted mail relaying lineinfile changed aio1 Fri, 31 Jan 2020 15:53:41 +0000 00:00:00.477
ansible-hardening : Check for postfix configuration file stat ok aio1 Fri, 31 Jan 2020 15:53:40 +0000 00:00:00.487
ansible-hardening : Check for interfaces in promiscuous mode shell ok aio1 Fri, 31 Jan 2020 15:53:39 +0000 00:00:00.456
ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured. debug ok aio1 Fri, 31 Jan 2020 15:53:39 +0000 00:00:00.260
ansible-hardening : Count nameserver entries in /etc/resolv.conf command ok aio1 Fri, 31 Jan 2020 15:53:38 +0000 00:00:00.462
ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 command skipped aio1 Fri, 31 Jan 2020 15:53:38 +0000 00:00:00.227
ansible-hardening : Check firewalld status command ok aio1 Fri, 31 Jan 2020 15:53:37 +0000 00:00:00.462
ansible-hardening : Check if chrony configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:53:36 +0000 00:00:00.491
ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions blockinfile changed aio1 Fri, 31 Jan 2020 15:53:35 +0000 00:00:00.460
ansible-hardening : Remove old config block for V-72223 from openstack-ansible-security blockinfile ok aio1 Fri, 31 Jan 2020 15:53:34 +0000 00:00:00.450
ansible-hardening : Check if ClamAV update process is already running shell ok aio1 Fri, 31 Jan 2020 15:53:32 +0000 00:00:00.472
ansible-hardening : Remove 'Example' line from ClamAV configuration files lineinfile skipped aio1 Fri, 31 Jan 2020 15:53:31 +0000 00:00:00.258
ansible-hardening : Check if ClamAV is installed stat ok aio1 Fri, 31 Jan 2020 15:53:31 +0000 00:00:00.427
ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server. debug ok aio1 Fri, 31 Jan 2020 15:53:30 +0000 00:00:00.261
ansible-hardening : Check if syslog output is being sent to another server command ok aio1 Fri, 31 Jan 2020 15:53:30 +0000 00:00:00.446
ansible-hardening : Check for /tmp on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:53:29 +0000 00:00:00.249
ansible-hardening : Check for /var/log/audit on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:53:28 +0000 00:00:00.250
ansible-hardening : Check for /var on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:53:28 +0000 00:00:00.266
ansible-hardening : Check for /home on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:53:27 +0000 00:00:00.241
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled systemd changed aio1 Fri, 31 Jan 2020 15:53:26 +0000 00:00:01.123
ansible-hardening : Check autofs service command ok aio1 Fri, 31 Jan 2020 15:53:25 +0000 00:00:00.502
ansible-hardening : Check for unlabeled device files command skipped aio1 Fri, 31 Jan 2020 15:53:24 +0000 00:00:00.222
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot selinux skipped aio1 Fri, 31 Jan 2020 15:53:24 +0000 00:00:00.224
ansible-hardening : Check if apparmor is running command ok aio1 Fri, 31 Jan 2020 15:53:22 +0000 00:00:00.462
ansible-hardening : Check apparmor_status output command ok aio1 Fri, 31 Jan 2020 15:53:22 +0000 00:00:00.464
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled copy changed aio1 Fri, 31 Jan 2020 15:53:20 +0000 00:00:01.007
ansible-hardening : Print a warning if FIPS isn't enabled debug ok aio1 Fri, 31 Jan 2020 15:53:20 +0000 00:00:00.255
ansible-hardening : Check if FIPS is enabled command ok aio1 Fri, 31 Jan 2020 15:53:19 +0000 00:00:00.460
ansible-hardening : Check kdump service command ok aio1 Fri, 31 Jan 2020 15:53:18 +0000 00:00:00.478
ansible-hardening : Set sysctl configurations sysctl changed aio1 Fri, 31 Jan 2020 15:53:16 +0000 00:00:02.356
ansible-hardening : V-71983 - USB mass storage must be disabled. lineinfile changed aio1 Fri, 31 Jan 2020 15:53:15 +0000 00:00:00.456
ansible-hardening : Create a GDM keyfile for machine-wide settings template changed aio1 Fri, 31 Jan 2020 15:53:13 +0000 00:00:01.853
ansible-hardening : Create a GDM profile for displaying a login banner copy changed aio1 Fri, 31 Jan 2020 15:53:12 +0000 00:00:01.010
ansible-hardening : Prevent users from changing graphical session locking configurations template changed aio1 Fri, 31 Jan 2020 15:53:10 +0000 00:00:01.037
ansible-hardening : Configure graphical session locking template changed aio1 Fri, 31 Jan 2020 15:53:09 +0000 00:00:01.025
ansible-hardening : Create dconf directories file changed aio1 Fri, 31 Jan 2020 15:53:08 +0000 00:00:00.966
ansible-hardening : Create a user profile in dconf copy changed aio1 Fri, 31 Jan 2020 15:53:06 +0000 00:00:01.010
ansible-hardening : Check for dconf profiles stat ok aio1 Fri, 31 Jan 2020 15:53:06 +0000 00:00:00.448
ansible-hardening : Check if gdm is installed and configured stat ok aio1 Fri, 31 Jan 2020 15:53:04 +0000 00:00:00.454
ansible-hardening : Check if /etc/cron.allow exists stat ok aio1 Fri, 31 Jan 2020 15:53:03 +0000 00:00:00.454
ansible-hardening : Find all world-writable directories shell skipped aio1 Fri, 31 Jan 2020 15:53:03 +0000 00:00:00.227
ansible-hardening : Set proper owner, group owner, and permissions on home directories file skipped aio1 Fri, 31 Jan 2020 15:53:02 +0000 00:00:00.291
ansible-hardening : Search for files/directories with an invalid group owner command skipped aio1 Fri, 31 Jan 2020 15:53:01 +0000 00:00:00.240
ansible-hardening : Search for files/directories with an invalid owner command skipped aio1 Fri, 31 Jan 2020 15:53:01 +0000 00:00:00.261
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values shell skipped aio1 Fri, 31 Jan 2020 15:53:00 +0000 00:00:00.237
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership shell skipped aio1 Fri, 31 Jan 2020 15:53:00 +0000 00:00:00.249
ansible-hardening : Remove .shosts or shosts.equiv files file skipped aio1 Fri, 31 Jan 2020 15:52:59 +0000 00:00:00.248
ansible-hardening : Ensure .shosts find has finished async_status skipped aio1 Fri, 31 Jan 2020 15:52:59 +0000 00:00:00.232
ansible-hardening : Check for pam_lastlog in PAM configuration command ok aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:00.466
ansible-hardening : Check if GRUB2 custom file exists stat ok aio1 Fri, 31 Jan 2020 15:52:56 +0000 00:00:00.457
ansible-hardening : Check if sssd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:55 +0000 00:00:00.437
ansible-hardening : Check for '!authenticate' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:52:54 +0000 00:00:00.472
ansible-hardening : V-71947 - Users must provide a password for privilege escalation. debug ok aio1 Fri, 31 Jan 2020 15:52:54 +0000 00:00:00.262
ansible-hardening : Check for 'nopasswd' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:52:53 +0000 00:00:00.462
ansible-hardening : Prevent users with blank or null passwords from authenticating (SUSE) lineinfile changed aio1 Fri, 31 Jan 2020 15:52:52 +0000 00:00:00.756
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:51 +0000 00:00:00.273
ansible-hardening : Ensure auditd is running and enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:52:50 +0000 00:00:00.608
ansible-hardening : Adjust auditd/audispd configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:52:48 +0000 00:00:01.508
ansible-hardening : Deploy rules for auditd based on STIG requirements template changed aio1 Fri, 31 Jan 2020 15:52:47 +0000 00:00:01.090
ansible-hardening : Remove old RHEL 6 audit rules file file ok aio1 Fri, 31 Jan 2020 15:52:46 +0000 00:00:00.477
ansible-hardening : Remove system default audit.rules file file changed aio1 Fri, 31 Jan 2020 15:52:45 +0000 00:00:00.477
ansible-hardening : Get valid system architectures for audit rules set_fact ok aio1 Fri, 31 Jan 2020 15:52:45 +0000 00:00:00.248
ansible-hardening : Verify that audisp-remote.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:43 +0000 00:00:00.457
ansible-hardening : Verify that auditd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:43 +0000 00:00:00.476
ansible-hardening : Create AIDE cron job cron changed aio1 Fri, 31 Jan 2020 15:52:41 +0000 00:00:00.837
ansible-hardening : Initialize AIDE (this will take a few minutes) shell skipped aio1 Fri, 31 Jan 2020 15:52:41 +0000 00:00:00.237
ansible-hardening : Check to see if AIDE database is already in place stat ok aio1 Fri, 31 Jan 2020 15:52:40 +0000 00:00:00.433
ansible-hardening : Configure AIDE to verify additional properties (SUSE) lineinfile changed aio1 Fri, 31 Jan 2020 15:52:39 +0000 00:00:00.462
ansible-hardening : Verify that AIDE configuration directory exists stat ok aio1 Fri, 31 Jan 2020 15:52:38 +0000 00:00:00.717
ansible-hardening : Print warning for users with an assigned home directory that does not exist debug ok aio1 Fri, 31 Jan 2020 15:52:37 +0000 00:00:00.286
ansible-hardening : Check each user to see if its home directory exists on the filesystem stat ok aio1 Fri, 31 Jan 2020 15:52:31 +0000 00:00:05.423
ansible-hardening : Get all accounts with UID 0 shell ok aio1 Fri, 31 Jan 2020 15:52:30 +0000 00:00:00.474
ansible-hardening : Apply shadow-utils configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:52:29 +0000 00:00:00.791
ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:52:28 +0000 00:00:00.292
ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:52:27 +0000 00:00:00.299
ansible-hardening : Print warning if PAM is not using SHA512 for password storage debug ok aio1 Fri, 31 Jan 2020 15:52:26 +0000 00:00:00.267
ansible-hardening : Check for SHA512 password storage in PAM command ok aio1 Fri, 31 Jan 2020 15:52:26 +0000 00:00:00.455
ansible-hardening : Set password quality requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:52:25 +0000 00:00:00.489
ansible-hardening : Check if /etc/security/pwquality.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:24 +0000 00:00:00.488
ansible-hardening : V-71977 - Require digital signatures for all packages and repositories lineinfile changed aio1 Fri, 31 Jan 2020 15:52:22 +0000 00:00:01.414
ansible-hardening : Determine all SUSE repositories shell ok aio1 Fri, 31 Jan 2020 15:52:21 +0000 00:00:00.459
ansible-hardening : V-71855 - Get files with invalid checksums (rpm) shell skipped aio1 Fri, 31 Jan 2020 15:52:20 +0000 00:00:00.233
ansible-hardening : Ensure RPM verification task has finished async_status ok aio1 Fri, 31 Jan 2020 15:52:19 +0000 00:00:00.694
ansible-hardening : include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:52:19 +0000 00:00:00.237
ansible-hardening : Remove packages based on STIG requirements package ok aio1 Fri, 31 Jan 2020 15:52:17 +0000 00:00:01.676
ansible-hardening : Add packages based on STIG requirements package changed aio1 Fri, 31 Jan 2020 15:51:05 +0000 00:01:11.081
ansible-hardening : Get user data for all interactive users on the system get_users ok aio1 Fri, 31 Jan 2020 15:51:04 +0000 00:00:00.442
ansible-hardening : Get user data for all users on the system get_users ok aio1 Fri, 31 Jan 2020 15:51:03 +0000 00:00:00.830
ansible-hardening : Check for .shosts or shosts.equiv files find skipped aio1 Fri, 31 Jan 2020 15:51:02 +0000 00:00:00.235
ansible-hardening : Verify all installed RPM packages shell ok aio1 Fri, 31 Jan 2020 15:51:01 +0000 00:00:01.180
ansible-hardening : Set a fact for the temporary directory set_fact ok aio1 Fri, 31 Jan 2020 15:51:00 +0000 00:00:00.259
ansible-hardening : Create temporary directory to hold any temporary files command ok aio1 Fri, 31 Jan 2020 15:51:00 +0000 00:00:00.433
ansible-hardening : Check if grub is present on the remote node stat ok aio1 Fri, 31 Jan 2020 15:50:59 +0000 00:00:00.445
ansible-hardening : Set facts set_fact ok aio1 Fri, 31 Jan 2020 15:50:59 +0000 00:00:00.254
ansible-hardening : Check to see if we are booting with EFI or UEFI set_fact ok aio1 Fri, 31 Jan 2020 15:50:58 +0000 00:00:00.247
ansible-hardening : Check for check/audit mode command ok aio1 Fri, 31 Jan 2020 15:50:57 +0000 00:00:00.451
ansible-hardening : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:50:57 +0000 00:00:00.319
openstack_hosts : Copy CA certificates copy skipped aio1 Fri, 31 Jan 2020 15:50:55 +0000 00:00:00.245
openstack_hosts : Update SSH keys authorized_key skipped aio1 Fri, 31 Jan 2020 15:50:55 +0000 00:00:00.273
openstack_hosts : Ensure ssh directory file ok aio1 Fri, 31 Jan 2020 15:50:54 +0000 00:00:00.446
openstack_hosts : Install user defined extra distro packages package skipped aio1 Fri, 31 Jan 2020 15:50:53 +0000 00:00:00.229
openstack_hosts : Install distro packages package changed aio1 Fri, 31 Jan 2020 15:50:48 +0000 00:00:05.088
openstack_hosts : Create a directory to hold systemd journals on disk file ok aio1 Fri, 31 Jan 2020 15:50:47 +0000 00:00:00.471
openstack_hosts : Start and enable the sysstat service service changed aio1 Fri, 31 Jan 2020 15:50:45 +0000 00:00:01.596
openstack_hosts : Enable sysstat cron template changed aio1 Fri, 31 Jan 2020 15:50:43 +0000 00:00:01.027
openstack_hosts : Configure sysstat include_tasks ok aio1 Fri, 31 Jan 2020 15:50:42 +0000 00:00:00.244
openstack_hosts : Adding new system tuning sysctl changed aio1 Fri, 31 Jan 2020 15:50:35 +0000 00:00:07.160
openstack_hosts : Write list of modules to load at boot template changed aio1 Fri, 31 Jan 2020 15:50:33 +0000 00:00:01.302
openstack_hosts : Load kernel module(s) modprobe changed aio1 Fri, 31 Jan 2020 15:50:27 +0000 00:00:06.634
openstack_hosts : Fail fast if we can't load a module fail skipped aio1 Fri, 31 Jan 2020 15:50:26 +0000 00:00:00.253
openstack_hosts : check how kernel modules are implemented (statically builtin, dynamic, not set) slurp ok aio1 Fri, 31 Jan 2020 15:50:25 +0000 00:00:00.743
openstack_hosts : Install user defined extra distro packages for bare metal nodes package skipped aio1 Fri, 31 Jan 2020 15:50:24 +0000 00:00:00.228
openstack_hosts : Install distro packages for bare metal nodes package changed aio1 Fri, 31 Jan 2020 15:50:11 +0000 00:00:13.029
openstack_hosts : Refresh repositories if necessary zypper_repository ok aio1 Fri, 31 Jan 2020 15:49:55 +0000 00:00:15.091
openstack_hosts : Add/Remove/Update standard and user defined repositories zypper_repository changed aio1 Fri, 31 Jan 2020 15:49:37 +0000 00:00:17.872
openstack_hosts : Add/Remove/Update acceptable repository vendors template changed aio1 Fri, 31 Jan 2020 15:49:35 +0000 00:00:01.017
openstack_hosts : Add/Remove repositories gpg keys manually rpm_key skipped aio1 Fri, 31 Jan 2020 15:49:35 +0000 00:00:00.223
openstack_hosts : If a keyfile is provided, copy the gpg keyfile to the key location copy skipped aio1 Fri, 31 Jan 2020 15:49:34 +0000 00:00:00.238
openstack_hosts : Remove gettext-runtime-mini without removing grub2 shell ok aio1 Fri, 31 Jan 2020 15:49:34 +0000 00:00:00.460
openstack_hosts : Check if Snapper root configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:49:33 +0000 00:00:00.426
openstack_hosts : Apply package management distro specific configuration include_tasks ok aio1 Fri, 31 Jan 2020 15:49:32 +0000 00:00:00.220
openstack_hosts : Remove the blacklisted packages package ok aio1 Fri, 31 Jan 2020 15:49:30 +0000 00:00:01.946
openstack_hosts : Update hosts file command ok aio1 Fri, 31 Jan 2020 15:49:29 +0000 00:00:00.781
openstack_hosts : Stat host file stat ok aio1 Fri, 31 Jan 2020 15:49:28 +0000 00:00:00.452
openstack_hosts : Copy templated hosts file entries script template changed aio1 Fri, 31 Jan 2020 15:49:27 +0000 00:00:00.988
openstack_hosts : Drop hosts file entries script locally template changed aio1 Fri, 31 Jan 2020 15:49:26 +0000 00:00:00.929
openstack_hosts : Add global_environment_variables to environment file blockinfile changed aio1 Fri, 31 Jan 2020 15:49:24 +0000 00:00:00.692
openstack_hosts : Drop openstack release file template changed aio1 Fri, 31 Jan 2020 15:49:22 +0000 00:00:01.571
openstack_hosts : Allow the usage of local facts file changed aio1 Fri, 31 Jan 2020 15:49:21 +0000 00:00:00.788
openstack_hosts : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:49:21 +0000 00:00:00.301
Remove apt package manager proxy file skipped aio1 Fri, 31 Jan 2020 15:49:19 +0000 00:00:00.218
include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:49:18 +0000 00:00:00.230
Check for a supported Operating System assert ok aio1 Fri, 31 Jan 2020 15:49:18 +0000 00:00:00.239
Ensure python is installed raw ok aio1 Fri, 31 Jan 2020 15:49:15 +0000 00:00:00.486