Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 14 Dec 2025 10:04:43 +0000
Duration 00:10:10.66
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.13.5
Summary
15 Hosts
603 Tasks
2357 Results
18 Plays
157 Files
0 Records
check:False tags:all

Hosts 15
aio1
252 104 145
aio1-cinder-api-container-9cd182a1
109 54 39
aio1-galera-container-ee6a63f1
109 54 39
aio1-glance-container-45b22622
109 54 39
aio1-horizon-container-6bea000f
109 54 39
aio1-keystone-container-6e7ba614
109 54 39
aio1-memcached-container-d9c9a864
109 54 39
aio1-neutron-ovn-northd-container-7d70d4d9
109 54 39
aio1-neutron-server-container-987d5a37
112 55 39
aio1-nova-api-container-01d1027c
109 54 39
aio1-placement-container-f07ca565
109 54 39
aio1-rabbit-mq-container-fe40cd53
109 54 39
aio1-repo-container-3917d96e
109 54 39
aio1-utility-container-4cf31764
109 54 39
localhost
36 21 11
Files 157
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
SKIPPED 14 Dec 2025 10:14:51 +0000 00:00:00.01 aio1 ansible.builtin.include_tasks ansible-hardening : Including contrib tasks 1
SKIPPED 14 Dec 2025 10:14:45 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72313 - Change SNMP community strings from default. 4
SKIPPED 14 Dec 2025 10:14:45 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72305 - TFTP must be configured to operate in secure mode 4
SKIPPED 14 Dec 2025 10:14:45 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Check TFTP configuration mode 2
SKIPPED 14 Dec 2025 10:14:44 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72297 - Prevent unrestricted mail relaying 4
SKIPPED 14 Dec 2025 10:14:44 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72295 - Network interfaces must not be in promiscuous mode. 4
SKIPPED 14 Dec 2025 10:14:43 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 4
SKIPPED 14 Dec 2025 10:14:43 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Ensure firewalld is running and enabled 4
SKIPPED 14 Dec 2025 10:14:42 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : V-72269 - Synchronize system clock (configuration file) 4
SKIPPED 14 Dec 2025 10:14:42 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Start and enable chrony 4
SKIPPED 14 Dec 2025 10:14:41 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Ensure ClamAV is running 3
SKIPPED 14 Dec 2025 10:14:41 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Update ClamAV database 3
SKIPPED 14 Dec 2025 10:14:41 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Allow automatic freshclam updates 3
SKIPPED 14 Dec 2025 10:14:41 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Ensure ClamAV socket directory exists 3
SKIPPED 14 Dec 2025 10:14:41 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Set ClamAV server type as socket 3
SKIPPED 14 Dec 2025 10:14:40 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Remove 'Example' line from ClamAV configuration files 3
SKIPPED 14 Dec 2025 10:14:36 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : V-71985 - File system automounter must be disabled unless required. 4
SKIPPED 14 Dec 2025 10:14:36 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72039 - All system device files must be correctly labeled to prevent unauthorized modification. 4
SKIPPED 14 Dec 2025 10:14:36 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Check for unlabeled device files 4
SKIPPED 14 Dec 2025 10:14:36 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Relabel files on next boot if SELinux mode changed 4
SKIPPED 14 Dec 2025 10:14:35 +0000 00:00:00.01 aio1 ansible.posix.selinux ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot 4
SKIPPED 14 Dec 2025 10:14:33 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : Print a warning if FIPS isn't enabled 4
SKIPPED 14 Dec 2025 10:14:33 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Check if FIPS is enabled 2
SKIPPED 14 Dec 2025 10:14:33 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : V-72057 - Kernel core dumps must be disabled unless needed. 4
SKIPPED 14 Dec 2025 10:14:30 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Create a GDM keyfile for machine-wide settings 4
SKIPPED 14 Dec 2025 10:14:30 +0000 00:00:00.01 aio1 ansible.builtin.copy ansible-hardening : Create a GDM profile for displaying a login banner 4
SKIPPED 14 Dec 2025 10:14:30 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Prevent users from changing graphical session locking configurations 6
SKIPPED 14 Dec 2025 10:14:29 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Configure graphical session locking 6
SKIPPED 14 Dec 2025 10:14:29 +0000 00:00:00.02 aio1 ansible.builtin.file ansible-hardening : Create dconf directories 7
SKIPPED 14 Dec 2025 10:14:29 +0000 00:00:00.01 aio1 ansible.builtin.copy ansible-hardening : Create a user profile in dconf 6
SKIPPED 14 Dec 2025 10:14:29 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71955 - The operating system must not allow guest logon to the system. 4
SKIPPED 14 Dec 2025 10:14:28 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71953 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface 4
SKIPPED 14 Dec 2025 10:14:28 +0000 00:00:00.02 aio1 ansible.builtin.file ansible-hardening : Set owner/group owner on /etc/cron.allow 5
SKIPPED 14 Dec 2025 10:14:28 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : V-72047 - All world-writable directories must be group-owned by root, sys, bin, or an application group. 4
SKIPPED 14 Dec 2025 10:14:27 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Find all world-writable directories 2
SKIPPED 14 Dec 2025 10:14:27 +0000 00:00:00.02 aio1 ansible.builtin.file ansible-hardening : Set proper owner, group owner, and permissions on home directories 6
SKIPPED 14 Dec 2025 10:14:27 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : V-72009 - All files and directories must have a valid group owner. 4
SKIPPED 14 Dec 2025 10:14:27 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Search for files/directories with an invalid group owner 2
SKIPPED 14 Dec 2025 10:14:27 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72007 - All files and directories must have a valid owner. 4
SKIPPED 14 Dec 2025 10:14:27 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Search for files/directories with an invalid owner 2
SKIPPED 14 Dec 2025 10:14:26 +0000 00:00:00.01 aio1 shell ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values 5
SKIPPED 14 Dec 2025 10:14:26 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership 4
SKIPPED 14 Dec 2025 10:14:26 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Remove .shosts or shosts.equiv files 5
SKIPPED 14 Dec 2025 10:14:26 +0000 00:00:00.01 aio1 ansible.builtin.async_status ansible-hardening : Ensure .shosts find has finished 5
SKIPPED 14 Dec 2025 10:14:25 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : V-72217 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types 4
SKIPPED 14 Dec 2025 10:14:25 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Set CLASS for grub file 5
SKIPPED 14 Dec 2025 10:14:25 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : Define password options for grub 5
SKIPPED 14 Dec 2025 10:14:24 +0000 00:00:00.01 aio1 debug ansible-hardening : V-71949 - Users must re-authenticate for privilege escalation 5
SKIPPED 14 Dec 2025 10:14:23 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : Lock accounts after three failed login attempts a 15 minute period 5
SKIPPED 14 Dec 2025 10:14:23 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) 4
SKIPPED 14 Dec 2025 10:14:22 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : Adjust auditd/audispd configurations 7
SKIPPED 14 Dec 2025 10:14:21 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited 4
SKIPPED 14 Dec 2025 10:14:21 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited 4
SKIPPED 14 Dec 2025 10:14:20 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Initialize AIDE (this will take a few minutes) 4
SKIPPED 14 Dec 2025 10:14:18 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Use pwquality when passwords are changed or created 4
SKIPPED 14 Dec 2025 10:14:14 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for local interactive users without a home directory assigned 4
SKIPPED 14 Dec 2025 10:14:14 +0000 00:00:00.01 aio1 ansible.builtin.fail ansible-hardening : Print warnings for non-root users with UID 0 4
SKIPPED 14 Dec 2025 10:14:13 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group 4
SKIPPED 14 Dec 2025 10:14:13 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure accounts are disabled if the password expires 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.05 aio1 ansible.builtin.command ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.05 aio1 ansible.builtin.command ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts 4
SKIPPED 14 Dec 2025 10:14:12 +0000 00:00:00.01 aio1 community.general.ini_file ansible-hardening : Ensure libuser is storing passwords using SHA512 4
SKIPPED 14 Dec 2025 10:14:11 +0000 00:00:00.01 aio1 ansible.builtin.copy ansible-hardening : Enable automatic package updates (apt) 4
SKIPPED 14 Dec 2025 10:14:10 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (dpkg) 4
SKIPPED 14 Dec 2025 10:14:10 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (apt) 3
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.set_fact ansible-hardening : V-71855 - Create comma-separated list 3
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : V-71855 - Get files with invalid checksums (apt) 3
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Gather debsums report 1
SKIPPED 14 Dec 2025 10:14:09 +0000 00:00:00.01 aio1 ansible.builtin.apt ansible-hardening : Ensure debsums is installed 1
SKIPPED 14 Dec 2025 10:13:43 +0000 00:00:00.01 aio1 ansible.builtin.dnf ansible-hardening : Install EPEL repository 2
SKIPPED 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Check for .shosts or shosts.equiv files 5
SKIPPED 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Locate top level directories to check for .shosts 5
SKIPPED 14 Dec 2025 10:13:42 +0000 00:00:00.01 aio1 shell ansible-hardening : Verify all installed RPM packages 5
SKIPPED 14 Dec 2025 10:13:30 +0000 00:00:00.10 aio1-keystone-container-6e7ba614 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.20 aio1-horizon-container-6bea000f ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.21 aio1-placement-container-f07ca565 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-nova-api-container-01d1027c ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-glance-container-45b22622 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-neutron-ovn-northd-container-7d70d4d9 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-galera-container-ee6a63f1 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-memcached-container-d9c9a864 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-rabbit-mq-container-fe40cd53 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-utility-container-4cf31764 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-repo-container-3917d96e ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.08 aio1-cinder-api-container-9cd182a1 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.02 aio1-neutron-server-container-987d5a37 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.10 aio1-keystone-container-6e7ba614 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.12 aio1-horizon-container-6bea000f ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:29 +0000 00:00:00.13 aio1-placement-container-f07ca565 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-nova-api-container-01d1027c ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-glance-container-45b22622 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-neutron-ovn-northd-container-7d70d4d9 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-galera-container-ee6a63f1 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-memcached-container-d9c9a864 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-rabbit-mq-container-fe40cd53 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-utility-container-4cf31764 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.13 aio1-repo-container-3917d96e ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.08 aio1-cinder-api-container-9cd182a1 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 14 Dec 2025 10:13:28 +0000 00:00:00.02 aio1-neutron-server-container-987d5a37 ansible.builtin.include_role Run the systemd-service role 3