Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:40:18 +0000
Duration 00:10:06.79
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.11
Summary
15 Hosts
608 Tasks
2412 Results
18 Plays
158 Files
0 Records
check:False tags:all

Hosts 15
aio1
258 105 142
aio1-cinder-api-container-dbc969ca
110 55 42
aio1-galera-container-077c7d39
110 55 42
aio1-glance-container-171e0f70
110 55 42
aio1-horizon-container-ab87e9b0
110 55 42
aio1-keystone-container-180e4953
110 55 42
aio1-memcached-container-ee374799
110 55 42
aio1-neutron-ovn-northd-container-8b93e2e9
110 55 42
aio1-neutron-server-container-d2f2dbed
113 55 42
aio1-nova-api-container-6428bad1
110 55 42
aio1-placement-container-e6ef1e21
110 55 42
aio1-rabbit-mq-container-84819c5f
110 55 42
aio1-repo-container-37dee50d
110 55 42
aio1-utility-container-7a945452
110 55 42
localhost
36 21 11
Files 158
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
SKIPPED 08 Dec 2025 13:50:23 +0000 00:00:00.01 aio1 ansible.builtin.include_tasks ansible-hardening : Including contrib tasks 1
SKIPPED 08 Dec 2025 13:50:17 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72313 - Change SNMP community strings from default. 4
SKIPPED 08 Dec 2025 13:50:16 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72305 - TFTP must be configured to operate in secure mode 4
SKIPPED 08 Dec 2025 13:50:16 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Check TFTP configuration mode 2
SKIPPED 08 Dec 2025 13:50:16 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72297 - Prevent unrestricted mail relaying 4
SKIPPED 08 Dec 2025 13:50:15 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72295 - Network interfaces must not be in promiscuous mode. 4
SKIPPED 08 Dec 2025 13:50:14 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 4
SKIPPED 08 Dec 2025 13:50:14 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Ensure firewalld is running and enabled 4
SKIPPED 08 Dec 2025 13:50:14 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : V-72269 - Synchronize system clock (configuration file) 4
SKIPPED 08 Dec 2025 13:50:13 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Start and enable chrony 4
SKIPPED 08 Dec 2025 13:50:13 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Ensure ClamAV is running 3
SKIPPED 08 Dec 2025 13:50:13 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Update ClamAV database 3
SKIPPED 08 Dec 2025 13:50:12 +0000 00:00:00.00 aio1 ansible.builtin.lineinfile ansible-hardening : Allow automatic freshclam updates 3
SKIPPED 08 Dec 2025 13:50:12 +0000 00:00:00.00 aio1 ansible.builtin.file ansible-hardening : Ensure ClamAV socket directory exists 3
SKIPPED 08 Dec 2025 13:50:12 +0000 00:00:00.00 aio1 ansible.builtin.lineinfile ansible-hardening : Set ClamAV server type as socket 3
SKIPPED 08 Dec 2025 13:50:12 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Remove 'Example' line from ClamAV configuration files 3
SKIPPED 08 Dec 2025 13:50:09 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : V-71985 - File system automounter must be disabled unless required. 4
SKIPPED 08 Dec 2025 13:50:08 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72039 - All system device files must be correctly labeled to prevent unauthorized modification. 4
SKIPPED 08 Dec 2025 13:50:08 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Relabel files on next boot if SELinux mode changed 4
SKIPPED 08 Dec 2025 13:50:08 +0000 00:00:00.01 aio1 ansible.posix.selinux ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot 4
SKIPPED 08 Dec 2025 13:50:07 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Ensure AppArmor is running 3
SKIPPED 08 Dec 2025 13:50:07 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : Ensure AppArmor is enabled at boot time 3
SKIPPED 08 Dec 2025 13:50:07 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Check if apparmor is running 3
SKIPPED 08 Dec 2025 13:50:07 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Check apparmor_status output 3
SKIPPED 08 Dec 2025 13:50:06 +0000 00:00:00.01 aio1 ansible.builtin.service ansible-hardening : V-72057 - Kernel core dumps must be disabled unless needed. 4
SKIPPED 08 Dec 2025 13:50:03 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Create a GDM keyfile for machine-wide settings 4
SKIPPED 08 Dec 2025 13:50:02 +0000 00:00:00.01 aio1 ansible.builtin.copy ansible-hardening : Create a GDM profile for displaying a login banner 4
SKIPPED 08 Dec 2025 13:50:02 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Prevent users from changing graphical session locking configurations 6
SKIPPED 08 Dec 2025 13:50:02 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Configure graphical session locking 6
SKIPPED 08 Dec 2025 13:50:02 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Create dconf directories 7
SKIPPED 08 Dec 2025 13:50:02 +0000 00:00:00.01 aio1 ansible.builtin.copy ansible-hardening : Create a user profile in dconf 6
SKIPPED 08 Dec 2025 13:50:01 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71955 - The operating system must not allow guest logon to the system. 4
SKIPPED 08 Dec 2025 13:50:01 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71953 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface 4
SKIPPED 08 Dec 2025 13:50:01 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Set owner/group owner on /etc/cron.allow 5
SKIPPED 08 Dec 2025 13:50:00 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72047 - All world-writable directories must be group-owned by root, sys, bin, or an application group. 4
SKIPPED 08 Dec 2025 13:50:00 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Find all world-writable directories 2
SKIPPED 08 Dec 2025 13:50:00 +0000 00:00:00.02 aio1 ansible.builtin.file ansible-hardening : Set proper owner, group owner, and permissions on home directories 6
SKIPPED 08 Dec 2025 13:50:00 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72009 - All files and directories must have a valid group owner. 4
SKIPPED 08 Dec 2025 13:49:59 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Search for files/directories with an invalid group owner 2
SKIPPED 08 Dec 2025 13:49:59 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72007 - All files and directories must have a valid owner. 4
SKIPPED 08 Dec 2025 13:49:59 +0000 00:00:00.01 aio1 ansible.builtin.command ansible-hardening : Search for files/directories with an invalid owner 2
SKIPPED 08 Dec 2025 13:49:59 +0000 00:00:00.01 aio1 shell ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values 5
SKIPPED 08 Dec 2025 13:49:59 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership 4
SKIPPED 08 Dec 2025 13:49:59 +0000 00:00:00.01 aio1 ansible.builtin.file ansible-hardening : Remove .shosts or shosts.equiv files 5
SKIPPED 08 Dec 2025 13:49:58 +0000 00:00:00.01 aio1 ansible.builtin.async_status ansible-hardening : Ensure .shosts find has finished 5
SKIPPED 08 Dec 2025 13:49:58 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-72275 - Display date/time of last logon after logon 4
SKIPPED 08 Dec 2025 13:49:58 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : V-72217 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types 4
SKIPPED 08 Dec 2025 13:49:58 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Set CLASS for grub file 6
SKIPPED 08 Dec 2025 13:49:57 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : Define password options for grub 6
SKIPPED 08 Dec 2025 13:49:57 +0000 00:00:00.01 aio1 debug ansible-hardening : V-71949 - Users must re-authenticate for privilege escalation 5
SKIPPED 08 Dec 2025 13:49:56 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : Lock accounts after three failed login attempts a 15 minute period 5
SKIPPED 08 Dec 2025 13:49:55 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) 4
SKIPPED 08 Dec 2025 13:49:55 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Set pam_faildelay configuration on Ubuntu 4
SKIPPED 08 Dec 2025 13:49:54 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : Adjust auditd/audispd configurations 7
SKIPPED 08 Dec 2025 13:49:53 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited 4
SKIPPED 08 Dec 2025 13:49:53 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited 4
SKIPPED 08 Dec 2025 13:49:52 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : Initialize AIDE (this will take a few minutes) 4
SKIPPED 08 Dec 2025 13:49:52 +0000 00:00:00.01 aio1 ansible.builtin.blockinfile ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) 6
SKIPPED 08 Dec 2025 13:49:51 +0000 00:00:00.01 aio1 ansible.builtin.template ansible-hardening : Exclude certain directories from AIDE 4
SKIPPED 08 Dec 2025 13:49:51 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Use pwquality when passwords are changed or created 4
SKIPPED 08 Dec 2025 13:49:51 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for users with an assigned home directory that does not exist 4
SKIPPED 08 Dec 2025 13:49:46 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print warning for local interactive users without a home directory assigned 4
SKIPPED 08 Dec 2025 13:49:46 +0000 00:00:00.01 aio1 ansible.builtin.fail ansible-hardening : Print warnings for non-root users with UID 0 4
SKIPPED 08 Dec 2025 13:49:45 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure accounts are disabled if the password expires 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.02 aio1 ansible.builtin.command ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts 4
SKIPPED 08 Dec 2025 13:49:44 +0000 00:00:00.02 aio1 ansible.builtin.command ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts 4
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.01 aio1 ansible.builtin.systemd ansible-hardening : Enable dnf automatic timer for automatic package updates 4
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.01 aio1 set_fact ansible-hardening : Set a fact for the proper dnf automatic timer 5
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.01 aio1 shell ansible-hardening : Check to see which dnf automatic timers are available 5
SKIPPED 08 Dec 2025 13:49:42 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Enable automatic package updates (dnf) 4
SKIPPED 08 Dec 2025 13:49:41 +0000 00:00:00.01 aio1 ansible.builtin.lineinfile ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (RedHat) 4
SKIPPED 08 Dec 2025 13:49:41 +0000 00:00:00.01 aio1 ansible.builtin.debug ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (rpm) 4
SKIPPED 08 Dec 2025 13:49:40 +0000 00:00:00.01 aio1 ansible.builtin.shell ansible-hardening : V-71855 - Get files with invalid checksums (rpm) 4
SKIPPED 08 Dec 2025 13:49:32 +0000 00:00:00.01 aio1 ansible.builtin.dnf ansible-hardening : Install EPEL repository 2
SKIPPED 08 Dec 2025 13:49:31 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Check for .shosts or shosts.equiv files 5
SKIPPED 08 Dec 2025 13:49:31 +0000 00:00:00.01 aio1 ansible.builtin.find ansible-hardening : Locate top level directories to check for .shosts 5
SKIPPED 08 Dec 2025 13:49:18 +0000 00:00:00.10 aio1-nova-api-container-6428bad1 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:18 +0000 00:00:00.12 aio1-horizon-container-ab87e9b0 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.13 aio1-glance-container-171e0f70 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.13 aio1-rabbit-mq-container-84819c5f ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-repo-container-37dee50d ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-neutron-ovn-northd-container-8b93e2e9 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-keystone-container-180e4953 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-galera-container-077c7d39 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-placement-container-e6ef1e21 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-utility-container-7a945452 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-memcached-container-ee374799 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.07 aio1-cinder-api-container-dbc969ca ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.02 aio1-neutron-server-container-d2f2dbed ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.10 aio1-nova-api-container-6428bad1 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-horizon-container-ab87e9b0 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-glance-container-171e0f70 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:17 +0000 00:00:00.12 aio1-rabbit-mq-container-84819c5f ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:16 +0000 00:00:00.12 aio1-repo-container-37dee50d ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:16 +0000 00:00:00.12 aio1-neutron-ovn-northd-container-8b93e2e9 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:16 +0000 00:00:00.12 aio1-keystone-container-180e4953 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:16 +0000 00:00:00.12 aio1-galera-container-077c7d39 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:49:16 +0000 00:00:00.12 aio1-placement-container-e6ef1e21 ansible.builtin.include_role Run the systemd-service role 3