Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:40:18 +0000
Duration 00:10:06.79
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.11
Summary
15 Hosts
608 Tasks
2412 Results
18 Plays
158 Files
0 Records
check:False tags:all

Hosts 15
aio1
258 105 142
aio1-cinder-api-container-dbc969ca
110 55 42
aio1-galera-container-077c7d39
110 55 42
aio1-glance-container-171e0f70
110 55 42
aio1-horizon-container-ab87e9b0
110 55 42
aio1-keystone-container-180e4953
110 55 42
aio1-memcached-container-ee374799
110 55 42
aio1-neutron-ovn-northd-container-8b93e2e9
110 55 42
aio1-neutron-server-container-d2f2dbed
113 55 42
aio1-nova-api-container-6428bad1
110 55 42
aio1-placement-container-e6ef1e21
110 55 42
aio1-rabbit-mq-container-84819c5f
110 55 42
aio1-repo-container-37dee50d
110 55 42
aio1-utility-container-7a945452
110 55 42
localhost
36 21 11
Files 158
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
SKIPPED 08 Dec 2025 13:49:55 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) 4
SKIPPED 08 Dec 2025 13:49:55 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Set pam_faildelay configuration on Ubuntu 4
OK 08 Dec 2025 13:49:54 +0000 00:00:00.29 aio1 ansible.builtin.service ansible-hardening : Ensure auditd is running and enabled at boot time 4
SKIPPED 08 Dec 2025 13:49:54 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : Adjust auditd/audispd configurations 7
CHANGED 08 Dec 2025 13:49:53 +0000 00:00:00.49 aio1 ansible.builtin.template ansible-hardening : Deploy rules for auditd based on STIG requirements 56
CHANGED 08 Dec 2025 13:49:53 +0000 00:00:00.16 aio1 ansible.builtin.file ansible-hardening : Remove system default audit.rules file 2
OK 08 Dec 2025 13:49:53 +0000 00:00:00.01 aio1 ansible.builtin.set_fact ansible-hardening : Get valid system architectures for audit rules 2
SKIPPED 08 Dec 2025 13:49:53 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited 4
SKIPPED 08 Dec 2025 13:49:53 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited 4
OK 08 Dec 2025 13:49:52 +0000 00:00:00.15 aio1 ansible.builtin.stat ansible-hardening : Verify that audisp-remote.conf exists 2
OK 08 Dec 2025 13:49:52 +0000 00:00:00.17 aio1 ansible.builtin.stat ansible-hardening : Verify that auditd.conf exists 2
SKIPPED 08 Dec 2025 13:49:52 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Initialize AIDE (this will take a few minutes) 4
OK 08 Dec 2025 13:49:52 +0000 00:00:00.16 aio1 ansible.builtin.stat ansible-hardening : Check to see if AIDE database is already in place 2
SKIPPED 08 Dec 2025 13:49:52 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) 6
SKIPPED 08 Dec 2025 13:49:51 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Exclude certain directories from AIDE 4
OK 08 Dec 2025 13:49:51 +0000 00:00:00.32 aio1 ansible.builtin.stat ansible-hardening : Verify that AIDE configuration directory exists 2
SKIPPED 08 Dec 2025 13:49:51 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Use pwquality when passwords are changed or created 4
SKIPPED 08 Dec 2025 13:49:51 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for users with an assigned home directory that does not exist 4
OK 08 Dec 2025 13:49:46 +0000 00:00:04.56 aio1 ansible.builtin.stat ansible-hardening : Check each user to see if its home directory exists on the filesystem 4
SKIPPED 08 Dec 2025 13:49:46 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for local interactive users without a home directory assigned 4
SKIPPED 08 Dec 2025 13:49:46 +0000 00:00:00.01 aio1 ansible.builtin.fail ansible-hardening : Print warnings for non-root users with UID 0 4
OK 08 Dec 2025 13:49:45 +0000 00:00:00.16 aio1 shell ansible-hardening : Get all accounts with UID 0 5
SKIPPED 08 Dec 2025 13:49:45 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group 4
CHANGED 08 Dec 2025 13:49:44 +0000 00:00:00.49 aio1 ansible.builtin.lineinfile ansible-hardening : Apply shadow-utils configurations 9
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure accounts are disabled if the password expires 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.02 aio1 ansible.builtin.command ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.02 aio1 ansible.builtin.command ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts 4
CHANGED 08 Dec 2025 13:49:43 +0000 00:00:00.16 aio1 community.general.ini_file ansible-hardening : Ensure libuser is storing passwords using SHA512 4
OK 08 Dec 2025 13:49:43 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning if PAM is not using SHA512 for password storage 4
OK 08 Dec 2025 13:49:43 +0000 00:00:00.17 aio1 ansible.builtin.command ansible-hardening : Check for SHA512 password storage in PAM 2
CHANGED 08 Dec 2025 13:49:43 +0000 00:00:00.22 aio1 ansible.builtin.blockinfile ansible-hardening : Set password quality requirements 12
OK 08 Dec 2025 13:49:42 +0000 00:00:00.17 aio1 ansible.builtin.stat ansible-hardening : Check if /etc/security/pwquality.conf exists 2
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.01 aio1 ansible.builtin.systemd ansible-hardening : Enable dnf automatic timer for automatic package updates 4
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.01 aio1 set_fact ansible-hardening : Set a fact for the proper dnf automatic timer 5
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.01 aio1 shell ansible-hardening : Check to see which dnf automatic timers are available 5
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Enable automatic package updates (dnf) 4
OK 08 Dec 2025 13:49:41 +0000 00:00:00.15 aio1 ansible.builtin.stat ansible-hardening : Check if /etc/dnf/automatic.conf exists 2
SKIPPED 08 Dec 2025 13:49:41 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (RedHat) 4
CHANGED 08 Dec 2025 13:49:41 +0000 00:00:00.46 aio1 ansible.builtin.lineinfile ansible-hardening : V-71977 - Require digital signatures for all packages 6
SKIPPED 08 Dec 2025 13:49:41 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (rpm) 4
SKIPPED 08 Dec 2025 13:49:40 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : V-71855 - Get files with invalid checksums (rpm) 4
OK 08 Dec 2025 13:49:40 +0000 00:00:00.18 aio1 ansible.builtin.async_status ansible-hardening : Ensure RPM verification task has finished 4
OK 08 Dec 2025 13:49:40 +0000 00:00:00.00 aio1 ansible.builtin.include_tasks ansible-hardening : Including rpm tasks 1
OK 08 Dec 2025 13:49:40 +0000 00:00:00.01 aio1 ansible.builtin.include_tasks ansible-hardening : Including OS-specific tasks 1
OK 08 Dec 2025 13:49:39 +0000 00:00:00.83 aio1 ansible.builtin.package ansible-hardening : Remove packages based on STIG requirements 17
CHANGED 08 Dec 2025 13:49:32 +0000 00:00:06.64 aio1 ansible.builtin.package ansible-hardening : Add packages based on STIG requirements 17
SKIPPED 08 Dec 2025 13:49:32 +0000 00:00:00.01 aio1 ansible.builtin.dnf ansible-hardening : Install EPEL repository 2
OK 08 Dec 2025 13:49:31 +0000 00:00:00.17 aio1 get_users ansible-hardening : Get user data for all interactive users on the system 2
OK 08 Dec 2025 13:49:31 +0000 00:00:00.25 aio1 get_users ansible-hardening : Get user data for all users on the system 2
SKIPPED 08 Dec 2025 13:49:31 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Check for .shosts or shosts.equiv files 5
SKIPPED 08 Dec 2025 13:49:31 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Locate top level directories to check for .shosts 5
OK 08 Dec 2025 13:49:30 +0000 00:00:00.31 aio1 shell ansible-hardening : Verify all installed RPM packages 5
OK 08 Dec 2025 13:49:30 +0000 00:00:00.01 aio1 ansible.builtin.set_fact ansible-hardening : Set a fact for the temporary directory 2
CHANGED 08 Dec 2025 13:49:30 +0000 00:00:00.22 aio1 ansible.builtin.tempfile ansible-hardening : Create temporary directory to hold any temporary files 2
OK 08 Dec 2025 13:49:29 +0000 00:00:00.18 aio1 ansible.builtin.stat ansible-hardening : Check if grub is present on the remote node 2
OK 08 Dec 2025 13:49:29 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : Set facts 2
OK 08 Dec 2025 13:49:29 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : Check to see if we are booting with EFI or UEFI 2
OK 08 Dec 2025 13:49:29 +0000 00:00:00.16 aio1 ansible.builtin.command ansible-hardening : Check for check/audit mode 2
OK 08 Dec 2025 13:49:29 +0000 00:00:00.03 aio1 ansible.builtin.include_vars ansible-hardening : Gather variables for each operating system 2
OK 08 Dec 2025 13:49:28 +0000 00:00:00.01 aio1 ansible.builtin.include_role Include security hardening role 1
OK 08 Dec 2025 13:49:27 +0000 00:00:00.80 aio1 ansible.builtin.setup openstack.osa.gather_extra_facts : Gather additional facts 1
OK 08 Dec 2025 13:49:27 +0000 00:00:00.01 aio1 ansible.builtin.include_role Gather additional facts 1
OK 08 Dec 2025 13:49:26 +0000 00:00:00.43 aio1-nova-api-container-6428bad1 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:26 +0000 00:00:00.45 aio1-horizon-container-ab87e9b0 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:26 +0000 00:00:00.55 aio1-glance-container-171e0f70 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:26 +0000 00:00:00.50 aio1-rabbit-mq-container-84819c5f ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:26 +0000 00:00:00.50 aio1-repo-container-37dee50d ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.47 aio1-neutron-ovn-northd-container-8b93e2e9 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.49 aio1-keystone-container-180e4953 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.49 aio1-galera-container-077c7d39 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.50 aio1-placement-container-e6ef1e21 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.54 aio1-utility-container-7a945452 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.61 aio1-memcached-container-ee374799 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.48 aio1-cinder-api-container-dbc969ca ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 08 Dec 2025 13:49:25 +0000 00:00:00.44 aio1-neutron-server-container-d2f2dbed ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
CHANGED 08 Dec 2025 13:49:24 +0000 00:00:00.44 aio1-nova-api-container-6428bad1 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:24 +0000 00:00:00.44 aio1-horizon-container-ab87e9b0 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:24 +0000 00:00:00.46 aio1-glance-container-171e0f70 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:24 +0000 00:00:00.45 aio1-rabbit-mq-container-84819c5f ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:24 +0000 00:00:00.44 aio1-repo-container-37dee50d ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.54 aio1-neutron-ovn-northd-container-8b93e2e9 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.53 aio1-keystone-container-180e4953 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.52 aio1-galera-container-077c7d39 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.53 aio1-placement-container-e6ef1e21 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.59 aio1-utility-container-7a945452 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.43 aio1-memcached-container-ee374799 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.54 aio1-cinder-api-container-dbc969ca ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:23 +0000 00:00:00.47 aio1-neutron-server-container-d2f2dbed ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:49:22 +0000 00:00:00.79 aio1-nova-api-container-6428bad1 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:21 +0000 00:00:00.95 aio1-horizon-container-ab87e9b0 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:21 +0000 00:00:00.96 aio1-glance-container-171e0f70 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:21 +0000 00:00:00.97 aio1-rabbit-mq-container-84819c5f ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:21 +0000 00:00:00.98 aio1-repo-container-37dee50d ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:20 +0000 00:00:00.97 aio1-neutron-ovn-northd-container-8b93e2e9 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:20 +0000 00:00:00.96 aio1-keystone-container-180e4953 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:20 +0000 00:00:00.96 aio1-galera-container-077c7d39 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:20 +0000 00:00:00.96 aio1-placement-container-e6ef1e21 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:19 +0000 00:00:00.98 aio1-utility-container-7a945452 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:49:19 +0000 00:00:01.05 aio1-memcached-container-ee374799 ansible.builtin.copy openstack_hosts : Define journald configuration 3