Arguments and configuration
Argument Value
verbosity 0
ask_pass False
private_key_file None
remote_user None
connection ssh
timeout 5
ssh_common_args
sftp_extra_args
scp_extra_args
ssh_extra_args
force_handlers True
flush_cache None
become False
become_method sudo
become_user None
become_ask_pass False
tags ['all']
skip_tags []
check False
syntax None
diff False
inventory ['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts None
subset None
extra_vars Not saved by ARA as configured by 'ignored_arguments'
ask_vault_pass False
vault_password_files []
vault_ids []
forks 5
module_path None
listtasks None
listtags None
step None
start_at_task None
args ['setup-hosts.yml']
Records No records have been saved with ara_record for this playbook.
Files
Hosts
Host Changed Failed Ok Skipped Unreachable
aio1 43 0 122 26 0
Task results
Task Action Status Host Started Duration
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:55:41 +0000 00:00:02.887
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:55:41 +0000 00:00:02.296
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:55:41 +0000 00:00:01.782
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:55:41 +0000 00:00:01.247
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:55:41 +0000 00:00:00.581
ansible-hardening : Remove the temporary directory file ok aio1 Fri, 31 Jan 2020 15:55:40 +0000 00:00:00.370
ansible-hardening : Private host key files must have mode 0600 or less file ok aio1 Fri, 31 Jan 2020 15:55:39 +0000 00:00:00.951
ansible-hardening : Determine existing private ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:55:39 +0000 00:00:00.356
ansible-hardening : Public host key files must have mode 0644 or less file ok aio1 Fri, 31 Jan 2020 15:55:37 +0000 00:00:00.957
ansible-hardening : Determine existing public ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:55:37 +0000 00:00:00.361
ansible-hardening : Ensure sshd is enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:55:36 +0000 00:00:00.472
ansible-hardening : Adjust ssh server configuration based on STIG requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:55:36 +0000 00:00:00.384
ansible-hardening : Copy login warning banner copy changed aio1 Fri, 31 Jan 2020 15:55:35 +0000 00:00:00.827
ansible-hardening : Check to see if snmpd config contains public/private shell ok aio1 Fri, 31 Jan 2020 15:55:34 +0000 00:00:00.357
ansible-hardening : Check TFTP configuration mode command skipped aio1 Fri, 31 Jan 2020 15:55:33 +0000 00:00:00.175
ansible-hardening : Check for TFTP server configuration file stat ok aio1 Fri, 31 Jan 2020 15:55:32 +0000 00:00:00.343
ansible-hardening : V-72297 - Prevent unrestricted mail relaying lineinfile changed aio1 Fri, 31 Jan 2020 15:55:32 +0000 00:00:00.366
ansible-hardening : Check for postfix configuration file stat ok aio1 Fri, 31 Jan 2020 15:55:31 +0000 00:00:00.378
ansible-hardening : Check for interfaces in promiscuous mode shell ok aio1 Fri, 31 Jan 2020 15:55:31 +0000 00:00:00.364
ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured. debug ok aio1 Fri, 31 Jan 2020 15:55:30 +0000 00:00:00.197
ansible-hardening : Count nameserver entries in /etc/resolv.conf command ok aio1 Fri, 31 Jan 2020 15:55:30 +0000 00:00:00.355
ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 command skipped aio1 Fri, 31 Jan 2020 15:55:29 +0000 00:00:00.182
ansible-hardening : Check firewalld status command ok aio1 Fri, 31 Jan 2020 15:55:29 +0000 00:00:00.369
ansible-hardening : Check if chrony configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:55:28 +0000 00:00:00.376
ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions blockinfile changed aio1 Fri, 31 Jan 2020 15:55:27 +0000 00:00:00.348
ansible-hardening : Remove old config block for V-72223 from openstack-ansible-security blockinfile ok aio1 Fri, 31 Jan 2020 15:55:27 +0000 00:00:00.354
ansible-hardening : Check if ClamAV update process is already running shell ok aio1 Fri, 31 Jan 2020 15:55:26 +0000 00:00:00.367
ansible-hardening : Remove 'Example' line from ClamAV configuration files lineinfile skipped aio1 Fri, 31 Jan 2020 15:55:25 +0000 00:00:00.198
ansible-hardening : Check if ClamAV is installed stat ok aio1 Fri, 31 Jan 2020 15:55:24 +0000 00:00:00.344
ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server. debug ok aio1 Fri, 31 Jan 2020 15:55:24 +0000 00:00:00.194
ansible-hardening : Check if syslog output is being sent to another server command ok aio1 Fri, 31 Jan 2020 15:55:24 +0000 00:00:00.361
ansible-hardening : Check for /tmp on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:55:23 +0000 00:00:00.189
ansible-hardening : Check for /var/log/audit on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:55:23 +0000 00:00:00.191
ansible-hardening : Check for /var on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:55:22 +0000 00:00:00.188
ansible-hardening : Check for /home on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:55:22 +0000 00:00:00.195
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled systemd changed aio1 Fri, 31 Jan 2020 15:55:21 +0000 00:00:00.878
ansible-hardening : Check autofs service command ok aio1 Fri, 31 Jan 2020 15:55:20 +0000 00:00:00.372
ansible-hardening : Check for unlabeled device files command skipped aio1 Fri, 31 Jan 2020 15:55:20 +0000 00:00:00.180
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot selinux skipped aio1 Fri, 31 Jan 2020 15:55:19 +0000 00:00:00.178
ansible-hardening : Check if apparmor is running command ok aio1 Fri, 31 Jan 2020 15:55:18 +0000 00:00:00.360
ansible-hardening : Check apparmor_status output command ok aio1 Fri, 31 Jan 2020 15:55:18 +0000 00:00:00.352
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled copy changed aio1 Fri, 31 Jan 2020 15:55:17 +0000 00:00:00.806
ansible-hardening : Print a warning if FIPS isn't enabled debug ok aio1 Fri, 31 Jan 2020 15:55:16 +0000 00:00:00.201
ansible-hardening : Check if FIPS is enabled command ok aio1 Fri, 31 Jan 2020 15:55:16 +0000 00:00:00.366
ansible-hardening : Check kdump service command ok aio1 Fri, 31 Jan 2020 15:55:15 +0000 00:00:00.409
ansible-hardening : Set sysctl configurations sysctl changed aio1 Fri, 31 Jan 2020 15:55:13 +0000 00:00:01.935
ansible-hardening : V-71983 - USB mass storage must be disabled. lineinfile changed aio1 Fri, 31 Jan 2020 15:55:13 +0000 00:00:00.358
ansible-hardening : Create a GDM keyfile for machine-wide settings template changed aio1 Fri, 31 Jan 2020 15:55:11 +0000 00:00:01.495
ansible-hardening : Create a GDM profile for displaying a login banner copy changed aio1 Fri, 31 Jan 2020 15:55:10 +0000 00:00:00.826
ansible-hardening : Prevent users from changing graphical session locking configurations template changed aio1 Fri, 31 Jan 2020 15:55:09 +0000 00:00:00.871
ansible-hardening : Configure graphical session locking template changed aio1 Fri, 31 Jan 2020 15:55:08 +0000 00:00:00.844
ansible-hardening : Create dconf directories file changed aio1 Fri, 31 Jan 2020 15:55:07 +0000 00:00:00.772
ansible-hardening : Create a user profile in dconf copy changed aio1 Fri, 31 Jan 2020 15:55:06 +0000 00:00:00.825
ansible-hardening : Check for dconf profiles stat ok aio1 Fri, 31 Jan 2020 15:55:05 +0000 00:00:00.369
ansible-hardening : Check if gdm is installed and configured stat ok aio1 Fri, 31 Jan 2020 15:55:04 +0000 00:00:00.343
ansible-hardening : Check if /etc/cron.allow exists stat ok aio1 Fri, 31 Jan 2020 15:55:04 +0000 00:00:00.355
ansible-hardening : Find all world-writable directories shell skipped aio1 Fri, 31 Jan 2020 15:55:03 +0000 00:00:00.174
ansible-hardening : Set proper owner, group owner, and permissions on home directories file skipped aio1 Fri, 31 Jan 2020 15:55:03 +0000 00:00:00.223
ansible-hardening : Search for files/directories with an invalid group owner command skipped aio1 Fri, 31 Jan 2020 15:55:02 +0000 00:00:00.171
ansible-hardening : Search for files/directories with an invalid owner command skipped aio1 Fri, 31 Jan 2020 15:55:02 +0000 00:00:00.181
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values shell skipped aio1 Fri, 31 Jan 2020 15:55:01 +0000 00:00:00.178
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership shell skipped aio1 Fri, 31 Jan 2020 15:55:01 +0000 00:00:00.178
ansible-hardening : Remove .shosts or shosts.equiv files file skipped aio1 Fri, 31 Jan 2020 15:55:01 +0000 00:00:00.178
ansible-hardening : Ensure .shosts find has finished async_status skipped aio1 Fri, 31 Jan 2020 15:55:00 +0000 00:00:00.186
ansible-hardening : Check for pam_lastlog in PAM configuration command ok aio1 Fri, 31 Jan 2020 15:55:00 +0000 00:00:00.378
ansible-hardening : Check if GRUB2 custom file exists stat ok aio1 Fri, 31 Jan 2020 15:54:59 +0000 00:00:00.370
ansible-hardening : Check if sssd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:54:58 +0000 00:00:00.352
ansible-hardening : Check for '!authenticate' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:54:57 +0000 00:00:00.378
ansible-hardening : V-71947 - Users must provide a password for privilege escalation. debug ok aio1 Fri, 31 Jan 2020 15:54:57 +0000 00:00:00.209
ansible-hardening : Check for 'nopasswd' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:54:56 +0000 00:00:00.371
ansible-hardening : Prevent users with blank or null passwords from authenticating (SUSE) lineinfile changed aio1 Fri, 31 Jan 2020 15:54:55 +0000 00:00:00.593
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) lineinfile skipped aio1 Fri, 31 Jan 2020 15:54:55 +0000 00:00:00.192
ansible-hardening : Ensure auditd is running and enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:54:54 +0000 00:00:00.490
ansible-hardening : Adjust auditd/audispd configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:54:53 +0000 00:00:01.202
ansible-hardening : Deploy rules for auditd based on STIG requirements template changed aio1 Fri, 31 Jan 2020 15:54:52 +0000 00:00:00.872
ansible-hardening : Remove old RHEL 6 audit rules file file ok aio1 Fri, 31 Jan 2020 15:54:51 +0000 00:00:00.445
ansible-hardening : Remove system default audit.rules file file changed aio1 Fri, 31 Jan 2020 15:54:50 +0000 00:00:00.389
ansible-hardening : Get valid system architectures for audit rules set_fact ok aio1 Fri, 31 Jan 2020 15:54:50 +0000 00:00:00.190
ansible-hardening : Verify that audisp-remote.conf exists stat ok aio1 Fri, 31 Jan 2020 15:54:49 +0000 00:00:00.374
ansible-hardening : Verify that auditd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:54:49 +0000 00:00:00.393
ansible-hardening : Create AIDE cron job cron changed aio1 Fri, 31 Jan 2020 15:54:48 +0000 00:00:00.680
ansible-hardening : Initialize AIDE (this will take a few minutes) shell skipped aio1 Fri, 31 Jan 2020 15:54:47 +0000 00:00:00.182
ansible-hardening : Check to see if AIDE database is already in place stat ok aio1 Fri, 31 Jan 2020 15:54:47 +0000 00:00:00.353
ansible-hardening : Configure AIDE to verify additional properties (SUSE) lineinfile changed aio1 Fri, 31 Jan 2020 15:54:46 +0000 00:00:00.375
ansible-hardening : Verify that AIDE configuration directory exists stat ok aio1 Fri, 31 Jan 2020 15:54:45 +0000 00:00:00.581
ansible-hardening : Print warning for users with an assigned home directory that does not exist debug ok aio1 Fri, 31 Jan 2020 15:54:44 +0000 00:00:00.219
ansible-hardening : Check each user to see if its home directory exists on the filesystem stat ok aio1 Fri, 31 Jan 2020 15:54:40 +0000 00:00:04.405
ansible-hardening : Get all accounts with UID 0 shell ok aio1 Fri, 31 Jan 2020 15:54:39 +0000 00:00:00.358
ansible-hardening : Apply shadow-utils configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:54:38 +0000 00:00:00.633
ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:54:37 +0000 00:00:00.233
ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:54:37 +0000 00:00:00.219
ansible-hardening : Print warning if PAM is not using SHA512 for password storage debug ok aio1 Fri, 31 Jan 2020 15:54:36 +0000 00:00:00.200
ansible-hardening : Check for SHA512 password storage in PAM command ok aio1 Fri, 31 Jan 2020 15:54:36 +0000 00:00:00.355
ansible-hardening : Set password quality requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:54:35 +0000 00:00:00.380
ansible-hardening : Check if /etc/security/pwquality.conf exists stat ok aio1 Fri, 31 Jan 2020 15:54:35 +0000 00:00:00.377
ansible-hardening : V-71977 - Require digital signatures for all packages and repositories lineinfile changed aio1 Fri, 31 Jan 2020 15:54:33 +0000 00:00:01.177
ansible-hardening : Determine all SUSE repositories shell ok aio1 Fri, 31 Jan 2020 15:54:32 +0000 00:00:00.353
ansible-hardening : V-71855 - Get files with invalid checksums (rpm) shell skipped aio1 Fri, 31 Jan 2020 15:54:32 +0000 00:00:00.170
ansible-hardening : Ensure RPM verification task has finished async_status ok aio1 Fri, 31 Jan 2020 15:54:31 +0000 00:00:00.556
ansible-hardening : include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:54:30 +0000 00:00:00.176
ansible-hardening : Remove packages based on STIG requirements package ok aio1 Fri, 31 Jan 2020 15:54:29 +0000 00:00:01.553
ansible-hardening : Add packages based on STIG requirements package changed aio1 Fri, 31 Jan 2020 15:53:30 +0000 00:00:58.635
ansible-hardening : Get user data for all interactive users on the system get_users ok aio1 Fri, 31 Jan 2020 15:53:29 +0000 00:00:00.362
ansible-hardening : Get user data for all users on the system get_users ok aio1 Fri, 31 Jan 2020 15:53:28 +0000 00:00:00.694
ansible-hardening : Check for .shosts or shosts.equiv files find skipped aio1 Fri, 31 Jan 2020 15:53:28 +0000 00:00:00.183
ansible-hardening : Verify all installed RPM packages shell ok aio1 Fri, 31 Jan 2020 15:53:27 +0000 00:00:00.984
ansible-hardening : Set a fact for the temporary directory set_fact ok aio1 Fri, 31 Jan 2020 15:53:26 +0000 00:00:00.185
ansible-hardening : Create temporary directory to hold any temporary files command ok aio1 Fri, 31 Jan 2020 15:53:26 +0000 00:00:00.373
ansible-hardening : Check if grub is present on the remote node stat ok aio1 Fri, 31 Jan 2020 15:53:25 +0000 00:00:00.368
ansible-hardening : Set facts set_fact ok aio1 Fri, 31 Jan 2020 15:53:25 +0000 00:00:00.193
ansible-hardening : Check to see if we are booting with EFI or UEFI set_fact ok aio1 Fri, 31 Jan 2020 15:53:25 +0000 00:00:00.187
ansible-hardening : Check for check/audit mode command ok aio1 Fri, 31 Jan 2020 15:53:24 +0000 00:00:00.349
ansible-hardening : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:53:24 +0000 00:00:00.229
openstack_hosts : Copy CA certificates copy skipped aio1 Fri, 31 Jan 2020 15:53:23 +0000 00:00:00.181
openstack_hosts : Update SSH keys authorized_key skipped aio1 Fri, 31 Jan 2020 15:53:22 +0000 00:00:00.172
openstack_hosts : Ensure ssh directory file ok aio1 Fri, 31 Jan 2020 15:53:22 +0000 00:00:00.358
openstack_hosts : Install user defined extra distro packages package skipped aio1 Fri, 31 Jan 2020 15:53:21 +0000 00:00:00.187
openstack_hosts : Install distro packages package changed aio1 Fri, 31 Jan 2020 15:53:17 +0000 00:00:04.533
openstack_hosts : Create a directory to hold systemd journals on disk file ok aio1 Fri, 31 Jan 2020 15:53:16 +0000 00:00:00.376
openstack_hosts : Start and enable the sysstat service service changed aio1 Fri, 31 Jan 2020 15:53:14 +0000 00:00:01.407
openstack_hosts : Enable sysstat cron template changed aio1 Fri, 31 Jan 2020 15:53:13 +0000 00:00:01.048
openstack_hosts : Configure sysstat include_tasks ok aio1 Fri, 31 Jan 2020 15:53:12 +0000 00:00:00.186
openstack_hosts : Adding new system tuning sysctl changed aio1 Fri, 31 Jan 2020 15:53:06 +0000 00:00:06.334
openstack_hosts : Write list of modules to load at boot template changed aio1 Fri, 31 Jan 2020 15:53:04 +0000 00:00:01.149
openstack_hosts : Load kernel module(s) modprobe changed aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:05.788
openstack_hosts : Fail fast if we can't load a module fail skipped aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:00.199
openstack_hosts : check how kernel modules are implemented (statically builtin, dynamic, not set) slurp ok aio1 Fri, 31 Jan 2020 15:52:57 +0000 00:00:00.643
openstack_hosts : Install user defined extra distro packages for bare metal nodes package skipped aio1 Fri, 31 Jan 2020 15:52:57 +0000 00:00:00.179
openstack_hosts : Install distro packages for bare metal nodes package changed aio1 Fri, 31 Jan 2020 15:52:37 +0000 00:00:19.514
openstack_hosts : Refresh repositories if necessary zypper_repository ok aio1 Fri, 31 Jan 2020 15:52:23 +0000 00:00:13.581
openstack_hosts : Add/Remove/Update standard and user defined repositories zypper_repository changed aio1 Fri, 31 Jan 2020 15:52:07 +0000 00:00:16.478
openstack_hosts : Add/Remove/Update acceptable repository vendors template changed aio1 Fri, 31 Jan 2020 15:52:05 +0000 00:00:00.812
openstack_hosts : Add/Remove repositories gpg keys manually rpm_key skipped aio1 Fri, 31 Jan 2020 15:52:05 +0000 00:00:00.180
openstack_hosts : If a keyfile is provided, copy the gpg keyfile to the key location copy skipped aio1 Fri, 31 Jan 2020 15:52:05 +0000 00:00:00.172
openstack_hosts : Remove gettext-runtime-mini without removing grub2 shell ok aio1 Fri, 31 Jan 2020 15:52:04 +0000 00:00:00.374
openstack_hosts : Check if Snapper root configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:52:03 +0000 00:00:00.345
openstack_hosts : Apply package management distro specific configuration include_tasks ok aio1 Fri, 31 Jan 2020 15:52:03 +0000 00:00:00.170
openstack_hosts : Remove the blacklisted packages package ok aio1 Fri, 31 Jan 2020 15:52:01 +0000 00:00:01.790
openstack_hosts : Update hosts file command ok aio1 Fri, 31 Jan 2020 15:52:00 +0000 00:00:00.655
openstack_hosts : Stat host file stat ok aio1 Fri, 31 Jan 2020 15:51:59 +0000 00:00:00.389
openstack_hosts : Copy templated hosts file entries script template changed aio1 Fri, 31 Jan 2020 15:51:58 +0000 00:00:00.834
openstack_hosts : Drop hosts file entries script locally template changed aio1 Fri, 31 Jan 2020 15:51:57 +0000 00:00:00.781
openstack_hosts : Add global_environment_variables to environment file blockinfile changed aio1 Fri, 31 Jan 2020 15:51:57 +0000 00:00:00.582
openstack_hosts : Drop openstack release file template changed aio1 Fri, 31 Jan 2020 15:51:55 +0000 00:00:01.335
openstack_hosts : Allow the usage of local facts file changed aio1 Fri, 31 Jan 2020 15:51:54 +0000 00:00:00.620
openstack_hosts : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:51:54 +0000 00:00:00.241
Check for a supported Operating System assert ok aio1 Fri, 31 Jan 2020 15:51:53 +0000 00:00:00.178
Ensure python is installed raw ok aio1 Fri, 31 Jan 2020 15:51:52 +0000 00:00:00.392