Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 14 Dec 2025 10:04:43 +0000
Duration 00:10:10.66
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.13.5
Summary
15 Hosts
603 Tasks
2357 Results
18 Plays
157 Files
0 Records
check:False tags:all

Hosts 15
aio1
252 104 145
aio1-cinder-api-container-9cd182a1
109 54 39
aio1-galera-container-ee6a63f1
109 54 39
aio1-glance-container-45b22622
109 54 39
aio1-horizon-container-6bea000f
109 54 39
aio1-keystone-container-6e7ba614
109 54 39
aio1-memcached-container-d9c9a864
109 54 39
aio1-neutron-ovn-northd-container-7d70d4d9
109 54 39
aio1-neutron-server-container-987d5a37
112 55 39
aio1-nova-api-container-01d1027c
109 54 39
aio1-placement-container-f07ca565
109 54 39
aio1-rabbit-mq-container-fe40cd53
109 54 39
aio1-repo-container-3917d96e
109 54 39
aio1-utility-container-4cf31764
109 54 39
localhost
36 21 11
Files 157
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
OK 14 Dec 2025 10:14:23 +0000 00:00:00.14 aio1 ansible.builtin.lineinfile ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) 4
CHANGED 14 Dec 2025 10:14:22 +0000 00:00:00.15 aio1 ansible.builtin.lineinfile ansible-hardening : Set pam_faildelay configuration on Ubuntu 4
OK 14 Dec 2025 10:14:22 +0000 00:00:00.28 aio1 ansible.builtin.service ansible-hardening : Ensure auditd is running and enabled at boot time 4
SKIPPED 14 Dec 2025 10:14:22 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : Adjust auditd/audispd configurations 7
CHANGED 14 Dec 2025 10:14:21 +0000 00:00:00.37 aio1 ansible.builtin.template ansible-hardening : Deploy rules for auditd based on STIG requirements 56
CHANGED 14 Dec 2025 10:14:21 +0000 00:00:00.14 aio1 ansible.builtin.file ansible-hardening : Remove system default audit.rules file 2
OK 14 Dec 2025 10:14:21 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : Get valid system architectures for audit rules 2
SKIPPED 14 Dec 2025 10:14:21 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited 4
SKIPPED 14 Dec 2025 10:14:21 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited 4
OK 14 Dec 2025 10:14:20 +0000 00:00:00.14 aio1 ansible.builtin.stat ansible-hardening : Verify that audisp-remote.conf exists 2
OK 14 Dec 2025 10:14:20 +0000 00:00:00.16 aio1 ansible.builtin.stat ansible-hardening : Verify that auditd.conf exists 2
SKIPPED 14 Dec 2025 10:14:20 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Initialize AIDE (this will take a few minutes) 4
OK 14 Dec 2025 10:14:20 +0000 00:00:00.14 aio1 ansible.builtin.stat ansible-hardening : Check to see if AIDE database is already in place 2
CHANGED 14 Dec 2025 10:14:19 +0000 00:00:00.14 aio1 ansible.builtin.blockinfile ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) 6
CHANGED 14 Dec 2025 10:14:19 +0000 00:00:00.33 aio1 ansible.builtin.template ansible-hardening : Exclude certain directories from AIDE 4
OK 14 Dec 2025 10:14:18 +0000 00:00:00.29 aio1 ansible.builtin.stat ansible-hardening : Verify that AIDE configuration directory exists 2
SKIPPED 14 Dec 2025 10:14:18 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Use pwquality when passwords are changed or created 4
OK 14 Dec 2025 10:14:18 +0000 00:00:00.03 aio1 ansible.builtin.debug ansible-hardening : Print warning for users with an assigned home directory that does not exist 4
OK 14 Dec 2025 10:14:14 +0000 00:00:04.03 aio1 ansible.builtin.stat ansible-hardening : Check each user to see if its home directory exists on the filesystem 4
SKIPPED 14 Dec 2025 10:14:14 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for local interactive users without a home directory assigned 4
SKIPPED 14 Dec 2025 10:14:14 +0000 00:00:00.01 aio1 ansible.builtin.fail ansible-hardening : Print warnings for non-root users with UID 0 4
OK 14 Dec 2025 10:14:13 +0000 00:00:00.14 aio1 shell ansible-hardening : Get all accounts with UID 0 5
SKIPPED 14 Dec 2025 10:14:13 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group 4
CHANGED 14 Dec 2025 10:14:13 +0000 00:00:00.29 aio1 ansible.builtin.lineinfile ansible-hardening : Apply shadow-utils configurations 9
SKIPPED 14 Dec 2025 10:14:13 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure accounts are disabled if the password expires 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.05 aio1 ansible.builtin.command ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.05 aio1 ansible.builtin.command ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.01 aio1 community.general.ini_file ansible-hardening : Ensure libuser is storing passwords using SHA512 4
OK 14 Dec 2025 10:14:12 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning if PAM is not using SHA512 for password storage 4
OK 14 Dec 2025 10:14:11 +0000 00:00:00.14 aio1 ansible.builtin.command ansible-hardening : Check for SHA512 password storage in PAM 2
CHANGED 14 Dec 2025 10:14:11 +0000 00:00:00.19 aio1 ansible.builtin.blockinfile ansible-hardening : Set password quality requirements 12
OK 14 Dec 2025 10:14:11 +0000 00:00:00.15 aio1 ansible.builtin.stat ansible-hardening : Check if /etc/security/pwquality.conf exists 2
SKIPPED 14 Dec 2025 10:14:11 +0000 00:00:00.01 aio1 ansible.builtin.copy ansible-hardening : Enable automatic package updates (apt) 4
SKIPPED 14 Dec 2025 10:14:10 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (dpkg) 4
CHANGED 14 Dec 2025 10:14:10 +0000 00:00:00.14 aio1 ansible.builtin.lineinfile ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages 3
OK 14 Dec 2025 10:14:10 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : V-71977 - Package management tool must verify authenticity of packages 3
OK 14 Dec 2025 10:14:10 +0000 00:00:00.14 aio1 ansible.builtin.command ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ 1
SKIPPED 14 Dec 2025 10:14:10 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (apt) 3
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.set_fact ansible-hardening : V-71855 - Create comma-separated list 3
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : V-71855 - Get files with invalid checksums (apt) 3
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Gather debsums report 1
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.apt ansible-hardening : Ensure debsums is installed 1
OK 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.include_tasks ansible-hardening : Including OS-specific tasks 1
OK 14 Dec 2025 10:14:08 +0000 00:00:00.35 aio1 ansible.builtin.package ansible-hardening : Remove packages based on STIG requirements 17
CHANGED 14 Dec 2025 10:13:43 +0000 00:00:24.93 aio1 ansible.builtin.package ansible-hardening : Add packages based on STIG requirements 17
SKIPPED 14 Dec 2025 10:13:43 +0000 00:00:00.01 aio1 ansible.builtin.dnf ansible-hardening : Install EPEL repository 2
OK 14 Dec 2025 10:13:43 +0000 00:00:00.15 aio1 get_users ansible-hardening : Get user data for all interactive users on the system 2
OK 14 Dec 2025 10:13:42 +0000 00:00:00.23 aio1 get_users ansible-hardening : Get user data for all users on the system 2
SKIPPED 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Check for .shosts or shosts.equiv files 5
SKIPPED 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Locate top level directories to check for .shosts 5
SKIPPED 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 shell ansible-hardening : Verify all installed RPM packages 5
OK 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 ansible.builtin.set_fact ansible-hardening : Set a fact for the temporary directory 2
CHANGED 14 Dec 2025 10:13:41 +0000 00:00:00.20 aio1 ansible.builtin.tempfile ansible-hardening : Create temporary directory to hold any temporary files 2
OK 14 Dec 2025 10:13:41 +0000 00:00:00.15 aio1 ansible.builtin.stat ansible-hardening : Check if grub is present on the remote node 2
OK 14 Dec 2025 10:13:41 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : Set facts 2
OK 14 Dec 2025 10:13:41 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : Check to see if we are booting with EFI or UEFI 2
OK 14 Dec 2025 10:13:40 +0000 00:00:00.14 aio1 ansible.builtin.command ansible-hardening : Check for check/audit mode 2
OK 14 Dec 2025 10:13:40 +0000 00:00:00.03 aio1 ansible.builtin.include_vars ansible-hardening : Gather variables for each operating system 2
OK 14 Dec 2025 10:13:40 +0000 00:00:00.01 aio1 ansible.builtin.include_role Include security hardening role 1
OK 14 Dec 2025 10:13:38 +0000 00:00:01.72 aio1 ansible.builtin.setup openstack.osa.gather_extra_facts : Gather additional facts 1
OK 14 Dec 2025 10:13:38 +0000 00:00:00.01 aio1 ansible.builtin.include_role Gather additional facts 1
OK 14 Dec 2025 10:13:37 +0000 00:00:00.43 aio1-keystone-container-6e7ba614 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:37 +0000 00:00:00.47 aio1-horizon-container-6bea000f ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.49 aio1-placement-container-f07ca565 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.51 aio1-nova-api-container-01d1027c ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.58 aio1-glance-container-45b22622 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.53 aio1-neutron-ovn-northd-container-7d70d4d9 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.52 aio1-galera-container-ee6a63f1 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.44 aio1-memcached-container-d9c9a864 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:36 +0000 00:00:00.51 aio1-rabbit-mq-container-fe40cd53 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:35 +0000 00:00:00.65 aio1-utility-container-4cf31764 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:35 +0000 00:00:00.52 aio1-repo-container-3917d96e ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:35 +0000 00:00:00.59 aio1-cinder-api-container-9cd182a1 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 14 Dec 2025 10:13:35 +0000 00:00:00.50 aio1-neutron-server-container-987d5a37 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
CHANGED 14 Dec 2025 10:13:35 +0000 00:00:00.40 aio1-keystone-container-6e7ba614 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:35 +0000 00:00:00.38 aio1-horizon-container-6bea000f ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:35 +0000 00:00:00.47 aio1-placement-container-f07ca565 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.46 aio1-nova-api-container-01d1027c ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.46 aio1-glance-container-45b22622 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.44 aio1-neutron-ovn-northd-container-7d70d4d9 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.46 aio1-galera-container-ee6a63f1 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.42 aio1-memcached-container-d9c9a864 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.43 aio1-rabbit-mq-container-fe40cd53 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.52 aio1-utility-container-4cf31764 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.60 aio1-repo-container-3917d96e ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.47 aio1-cinder-api-container-9cd182a1 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:34 +0000 00:00:00.45 aio1-neutron-server-container-987d5a37 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 14 Dec 2025 10:13:33 +0000 00:00:00.57 aio1-keystone-container-6e7ba614 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.70 aio1-horizon-container-6bea000f ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.64 aio1-placement-container-f07ca565 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.64 aio1-nova-api-container-01d1027c ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.65 aio1-glance-container-45b22622 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.62 aio1-neutron-ovn-northd-container-7d70d4d9 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.66 aio1-galera-container-ee6a63f1 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.59 aio1-memcached-container-d9c9a864 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:32 +0000 00:00:00.59 aio1-rabbit-mq-container-fe40cd53 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:31 +0000 00:00:00.69 aio1-utility-container-4cf31764 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:31 +0000 00:00:00.60 aio1-repo-container-3917d96e ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 14 Dec 2025 10:13:31 +0000 00:00:00.64 aio1-cinder-api-container-9cd182a1 ansible.builtin.copy openstack_hosts : Define journald configuration 3