Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 15 Dec 2025 09:38:00 +0000
Duration 00:17:22.68
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
18 Hosts
603 Tasks
2798 Results
18 Plays
138 Files
0 Records
check:False tags:all

Hosts 18
aio1
251 104 146
aio1-galera-container-10af3343
109 54 39
aio1-galera-container-a48b90ad
109 54 39
aio1-galera-container-cca271a2
109 54 39
aio1-keystone-container-099b553e
109 54 39
aio1-keystone-container-09c3eb81
109 54 39
aio1-keystone-container-98f0317b
109 54 39
aio1-memcached-container-2dff2f2c
109 54 39
aio1-memcached-container-ead2de35
109 54 39
aio1-memcached-container-ef5b20e5
109 54 39
aio1-rabbit-mq-container-5799e909
109 54 39
aio1-rabbit-mq-container-b51f9297
112 55 39
aio1-rabbit-mq-container-fe313327
109 54 39
aio1-repo-container-7d639533
109 54 39
aio1-repo-container-93b37cf6
109 54 39
aio1-repo-container-f79c1daa
109 54 39
aio1-utility-container-407522b4
109 54 39
localhost
36 21 11
Files 138
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
OK 15 Dec 2025 09:55:21 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Generate auditd rules 1
CHANGED 15 Dec 2025 09:55:20 +0000 00:00:00.66 aio1 ansible.builtin.service ansible-hardening : Restart ssh 1
OK 15 Dec 2025 09:55:19 +0000 00:00:00.33 aio1 ansible.builtin.file ansible-hardening : Remove the temporary directory 2
CHANGED 15 Dec 2025 09:55:19 +0000 00:00:00.49 aio1 ansible.builtin.replace ansible-hardening : Manage motd in pam.d 1
OK 15 Dec 2025 09:55:17 +0000 00:00:01.24 aio1 ansible.builtin.file ansible-hardening : Private host key files must have mode 0600 or less 4
OK 15 Dec 2025 09:55:17 +0000 00:00:00.32 aio1 ansible.builtin.shell ansible-hardening : Determine existing private ssh host keys 2
OK 15 Dec 2025 09:55:15 +0000 00:00:01.29 aio1 ansible.builtin.file ansible-hardening : Public host key files must have mode 0644 or less 4
OK 15 Dec 2025 09:55:15 +0000 00:00:00.32 aio1 ansible.builtin.shell ansible-hardening : Determine existing public ssh host keys 2
OK 15 Dec 2025 09:55:14 +0000 00:00:00.63 aio1 ansible.builtin.service ansible-hardening : Ensure sshd is enabled at boot time 4
CHANGED 15 Dec 2025 09:55:14 +0000 00:00:00.37 aio1 ansible.builtin.blockinfile ansible-hardening : Adjust ssh server configuration based on STIG requirements 21
CHANGED 15 Dec 2025 09:55:08 +0000 00:00:05.49 aio1 ansible.builtin.lineinfile ansible-hardening : Drop options from SSH config that we manage 21
CHANGED 15 Dec 2025 09:55:07 +0000 00:00:00.71 aio1 ansible.builtin.copy ansible-hardening : Copy login warning banner 5
OK 15 Dec 2025 09:55:06 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Check to see if snmpd config contains public/private 2
OK 15 Dec 2025 09:55:05 +0000 00:00:00.31 aio1 ansible.builtin.stat ansible-hardening : Check for TFTP server configuration file 2
OK 15 Dec 2025 09:55:05 +0000 00:00:00.32 aio1 ansible.builtin.stat ansible-hardening : Check for postfix configuration file 2
OK 15 Dec 2025 09:55:04 +0000 00:00:00.32 aio1 ansible.builtin.shell ansible-hardening : Check for interfaces in promiscuous mode 2
OK 15 Dec 2025 09:55:04 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured. 4
OK 15 Dec 2025 09:55:03 +0000 00:00:00.34 aio1 command ansible-hardening : Count nameserver entries in /etc/resolv.conf 3
OK 15 Dec 2025 09:55:03 +0000 00:00:00.34 aio1 ansible.builtin.command ansible-hardening : Check firewalld status 2
OK 15 Dec 2025 09:55:02 +0000 00:00:00.35 aio1 ansible.builtin.stat ansible-hardening : Check if chrony configuration file exists 2
CHANGED 15 Dec 2025 09:55:01 +0000 00:00:00.33 aio1 ansible.builtin.blockinfile ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions 4
OK 15 Dec 2025 09:55:00 +0000 00:00:00.32 aio1 ansible.builtin.shell ansible-hardening : Check if ClamAV update process is already running 2
OK 15 Dec 2025 09:54:59 +0000 00:00:00.31 aio1 ansible.builtin.stat ansible-hardening : Check if ClamAV is installed 2
OK 15 Dec 2025 09:54:59 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server. 4
OK 15 Dec 2025 09:54:58 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Check if syslog output is being sent to another server 2
OK 15 Dec 2025 09:54:58 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Check for /tmp on mounted filesystem 4
OK 15 Dec 2025 09:54:58 +0000 00:00:00.06 aio1 ansible.builtin.debug ansible-hardening : Check for /var/log/audit on mounted filesystem 4
OK 15 Dec 2025 09:54:58 +0000 00:00:00.06 aio1 ansible.builtin.debug ansible-hardening : Check for /var on mounted filesystem 4
OK 15 Dec 2025 09:54:57 +0000 00:00:00.06 aio1 ansible.builtin.debug ansible-hardening : Check for /home on mounted filesystem 4
CHANGED 15 Dec 2025 09:54:56 +0000 00:00:01.50 aio1 ansible.builtin.systemd ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled 4
OK 15 Dec 2025 09:54:55 +0000 00:00:00.60 aio1 ansible.builtin.systemd ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled 4
OK 15 Dec 2025 09:54:54 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Check autofs service 2
OK 15 Dec 2025 09:54:53 +0000 00:00:00.62 aio1 ansible.builtin.service ansible-hardening : Ensure AppArmor is running 3
OK 15 Dec 2025 09:54:52 +0000 00:00:00.62 aio1 ansible.builtin.service ansible-hardening : Ensure AppArmor is enabled at boot time 3
OK 15 Dec 2025 09:54:51 +0000 00:00:00.34 aio1 ansible.builtin.command ansible-hardening : Check if apparmor is running 3
OK 15 Dec 2025 09:54:51 +0000 00:00:00.36 aio1 ansible.builtin.command ansible-hardening : Check apparmor_status output 3
CHANGED 15 Dec 2025 09:54:50 +0000 00:00:00.74 aio1 ansible.builtin.copy ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled 4
OK 15 Dec 2025 09:54:49 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Check kdump service 4
CHANGED 15 Dec 2025 09:54:45 +0000 00:00:03.58 aio1 ansible.posix.sysctl ansible-hardening : Set sysctl configurations 13
CHANGED 15 Dec 2025 09:54:45 +0000 00:00:00.34 aio1 ansible.builtin.lineinfile ansible-hardening : V-71983 - USB mass storage must be disabled. 4
OK 15 Dec 2025 09:54:43 +0000 00:00:00.30 aio1 ansible.builtin.stat ansible-hardening : Check for dconf profiles 2
OK 15 Dec 2025 09:54:42 +0000 00:00:00.31 aio1 ansible.builtin.stat ansible-hardening : Check if gdm is installed and configured 1
OK 15 Dec 2025 09:54:41 +0000 00:00:00.32 aio1 ansible.builtin.stat ansible-hardening : Check if /etc/cron.allow exists 2
OK 15 Dec 2025 09:54:38 +0000 00:00:00.32 aio1 ansible.builtin.command ansible-hardening : Check for pam_lastlog in PAM configuration 2
OK 15 Dec 2025 09:54:37 +0000 00:00:00.35 aio1 ansible.builtin.stat ansible-hardening : Check if GRUB2 custom file exists 2
OK 15 Dec 2025 09:54:37 +0000 00:00:00.32 aio1 ansible.builtin.stat ansible-hardening : Check if sssd.conf exists 2
OK 15 Dec 2025 09:54:36 +0000 00:00:00.34 aio1 ansible.builtin.shell ansible-hardening : Check for '!authenticate' in sudoers files 4
OK 15 Dec 2025 09:54:36 +0000 00:00:00.05 aio1 debug ansible-hardening : V-71947 - Users must provide a password for privilege escalation 5
OK 15 Dec 2025 09:54:35 +0000 00:00:00.34 aio1 ansible.builtin.shell ansible-hardening : Check for 'nopasswd' in sudoers files 4
OK 15 Dec 2025 09:54:35 +0000 00:00:00.32 aio1 ansible.builtin.lineinfile ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) 4
CHANGED 15 Dec 2025 09:54:34 +0000 00:00:00.36 aio1 ansible.builtin.lineinfile ansible-hardening : Set pam_faildelay configuration on Ubuntu 4
OK 15 Dec 2025 09:54:33 +0000 00:00:00.63 aio1 ansible.builtin.service ansible-hardening : Ensure auditd is running and enabled at boot time 4
CHANGED 15 Dec 2025 09:54:32 +0000 00:00:00.87 aio1 ansible.builtin.template ansible-hardening : Deploy rules for auditd based on STIG requirements 56
CHANGED 15 Dec 2025 09:54:31 +0000 00:00:00.33 aio1 ansible.builtin.file ansible-hardening : Remove system default audit.rules file 2
OK 15 Dec 2025 09:54:31 +0000 00:00:00.06 aio1 ansible.builtin.set_fact ansible-hardening : Get valid system architectures for audit rules 2
OK 15 Dec 2025 09:54:30 +0000 00:00:00.30 aio1 ansible.builtin.stat ansible-hardening : Verify that audisp-remote.conf exists 2
OK 15 Dec 2025 09:54:30 +0000 00:00:00.33 aio1 ansible.builtin.stat ansible-hardening : Verify that auditd.conf exists 2
OK 15 Dec 2025 09:54:29 +0000 00:00:00.31 aio1 ansible.builtin.stat ansible-hardening : Check to see if AIDE database is already in place 2
CHANGED 15 Dec 2025 09:54:29 +0000 00:00:00.32 aio1 ansible.builtin.blockinfile ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) 6
CHANGED 15 Dec 2025 09:54:28 +0000 00:00:00.71 aio1 ansible.builtin.template ansible-hardening : Exclude certain directories from AIDE 4
OK 15 Dec 2025 09:54:27 +0000 00:00:00.61 aio1 ansible.builtin.stat ansible-hardening : Verify that AIDE configuration directory exists 2
OK 15 Dec 2025 09:54:27 +0000 00:00:00.07 aio1 ansible.builtin.debug ansible-hardening : Print warning for users with an assigned home directory that does not exist 4
OK 15 Dec 2025 09:54:16 +0000 00:00:10.25 aio1 ansible.builtin.stat ansible-hardening : Check each user to see if its home directory exists on the filesystem 4
OK 15 Dec 2025 09:54:15 +0000 00:00:00.33 aio1 shell ansible-hardening : Get all accounts with UID 0 5
CHANGED 15 Dec 2025 09:54:14 +0000 00:00:00.68 aio1 ansible.builtin.lineinfile ansible-hardening : Apply shadow-utils configurations 9
OK 15 Dec 2025 09:54:13 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Print warning if PAM is not using SHA512 for password storage 4
OK 15 Dec 2025 09:54:13 +0000 00:00:00.31 aio1 ansible.builtin.command ansible-hardening : Check for SHA512 password storage in PAM 2
CHANGED 15 Dec 2025 09:54:12 +0000 00:00:00.47 aio1 ansible.builtin.blockinfile ansible-hardening : Set password quality requirements 12
OK 15 Dec 2025 09:54:12 +0000 00:00:00.33 aio1 ansible.builtin.stat ansible-hardening : Check if /etc/security/pwquality.conf exists 2
CHANGED 15 Dec 2025 09:54:11 +0000 00:00:00.33 aio1 ansible.builtin.lineinfile ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages 3
OK 15 Dec 2025 09:54:10 +0000 00:00:00.04 aio1 ansible.builtin.debug ansible-hardening : V-71977 - Package management tool must verify authenticity of packages 3
OK 15 Dec 2025 09:54:10 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ 1
OK 15 Dec 2025 09:54:08 +0000 00:00:00.02 aio1 ansible.builtin.include_tasks ansible-hardening : Including OS-specific tasks 1
OK 15 Dec 2025 09:54:07 +0000 00:00:01.03 aio1 ansible.builtin.package ansible-hardening : Remove packages based on STIG requirements 17
CHANGED 15 Dec 2025 09:53:19 +0000 00:00:48.07 aio1 ansible.builtin.package ansible-hardening : Add packages based on STIG requirements 17
OK 15 Dec 2025 09:53:18 +0000 00:00:00.31 aio1 get_users ansible-hardening : Get user data for all interactive users on the system 2
OK 15 Dec 2025 09:53:18 +0000 00:00:00.48 aio1 get_users ansible-hardening : Get user data for all users on the system 2
OK 15 Dec 2025 09:53:17 +0000 00:00:00.04 aio1 ansible.builtin.set_fact ansible-hardening : Set a fact for the temporary directory 2
CHANGED 15 Dec 2025 09:53:16 +0000 00:00:00.47 aio1 ansible.builtin.tempfile ansible-hardening : Create temporary directory to hold any temporary files 2
OK 15 Dec 2025 09:53:16 +0000 00:00:00.33 aio1 ansible.builtin.stat ansible-hardening : Check if grub is present on the remote node 2
OK 15 Dec 2025 09:53:15 +0000 00:00:00.05 aio1 ansible.builtin.set_fact ansible-hardening : Set facts 2
OK 15 Dec 2025 09:53:15 +0000 00:00:00.05 aio1 ansible.builtin.set_fact ansible-hardening : Check to see if we are booting with EFI or UEFI 2
OK 15 Dec 2025 09:53:15 +0000 00:00:00.32 aio1 ansible.builtin.command ansible-hardening : Check for check/audit mode 2
OK 15 Dec 2025 09:53:15 +0000 00:00:00.08 aio1 ansible.builtin.include_vars ansible-hardening : Gather variables for each operating system 2
OK 15 Dec 2025 09:53:14 +0000 00:00:00.02 aio1 ansible.builtin.include_role Include security hardening role 1
OK 15 Dec 2025 09:53:12 +0000 00:00:01.21 aio1 ansible.builtin.setup openstack.osa.gather_extra_facts : Gather additional facts 1
OK 15 Dec 2025 09:53:12 +0000 00:00:00.02 aio1 ansible.builtin.include_role Gather additional facts 1
OK 15 Dec 2025 09:53:11 +0000 00:00:01.02 aio1-repo-container-7d639533 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:11 +0000 00:00:01.05 aio1-repo-container-93b37cf6 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:11 +0000 00:00:01.09 aio1-repo-container-f79c1daa ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:10 +0000 00:00:01.12 aio1-keystone-container-09c3eb81 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:10 +0000 00:00:01.18 aio1-keystone-container-98f0317b ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:10 +0000 00:00:00.96 aio1-keystone-container-099b553e ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:10 +0000 00:00:01.11 aio1-galera-container-a48b90ad ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:10 +0000 00:00:01.10 aio1-galera-container-cca271a2 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:09 +0000 00:00:01.41 aio1-galera-container-10af3343 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:09 +0000 00:00:01.52 aio1-utility-container-407522b4 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:09 +0000 00:00:01.35 aio1-memcached-container-ead2de35 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:09 +0000 00:00:01.18 aio1-memcached-container-2dff2f2c ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
OK 15 Dec 2025 09:53:09 +0000 00:00:01.03 aio1-memcached-container-ef5b20e5 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1