Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:27:39 +0000
Duration 00:05:33.94
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
2 Hosts
316 Tasks
313 Results
18 Plays
136 Files
0 Records
check:False tags:all

Hosts 2
aio1
161 60 106
localhost
36 21 11
Files 136
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
CHANGED 08 Dec 2025 13:33:11 +0000 00:00:00.71 aio1 ansible.builtin.service ansible-hardening : Restart ssh 1
CHANGED 08 Dec 2025 13:33:10 +0000 00:00:00.49 aio1 ansible.builtin.replace ansible-hardening : Manage motd in pam.d 1
CHANGED 08 Dec 2025 13:33:05 +0000 00:00:00.38 aio1 ansible.builtin.blockinfile ansible-hardening : Adjust ssh server configuration based on STIG requirements 21
CHANGED 08 Dec 2025 13:32:59 +0000 00:00:05.82 aio1 ansible.builtin.lineinfile ansible-hardening : Drop options from SSH config that we manage 21
CHANGED 08 Dec 2025 13:32:58 +0000 00:00:00.76 aio1 ansible.builtin.copy ansible-hardening : Copy login warning banner 5
CHANGED 08 Dec 2025 13:32:51 +0000 00:00:00.33 aio1 ansible.builtin.blockinfile ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions 4
CHANGED 08 Dec 2025 13:32:45 +0000 00:00:01.41 aio1 ansible.builtin.systemd ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled 4
CHANGED 08 Dec 2025 13:32:42 +0000 00:00:00.78 aio1 ansible.builtin.service ansible-hardening : Ensure AppArmor is running 3
CHANGED 08 Dec 2025 13:32:39 +0000 00:00:00.74 aio1 ansible.builtin.copy ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled 4
CHANGED 08 Dec 2025 13:32:34 +0000 00:00:03.67 aio1 ansible.posix.sysctl ansible-hardening : Set sysctl configurations 13
CHANGED 08 Dec 2025 13:32:34 +0000 00:00:00.34 aio1 ansible.builtin.lineinfile ansible-hardening : V-71983 - USB mass storage must be disabled. 4
CHANGED 08 Dec 2025 13:32:23 +0000 00:00:00.37 aio1 ansible.builtin.lineinfile ansible-hardening : Set pam_faildelay configuration on Ubuntu 4
CHANGED 08 Dec 2025 13:32:20 +0000 00:00:00.89 aio1 ansible.builtin.template ansible-hardening : Deploy rules for auditd based on STIG requirements 56
CHANGED 08 Dec 2025 13:32:20 +0000 00:00:00.34 aio1 ansible.builtin.file ansible-hardening : Remove system default audit.rules file 2
CHANGED 08 Dec 2025 13:32:17 +0000 00:00:00.34 aio1 ansible.builtin.blockinfile ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) 6
CHANGED 08 Dec 2025 13:32:16 +0000 00:00:00.76 aio1 ansible.builtin.template ansible-hardening : Exclude certain directories from AIDE 4
CHANGED 08 Dec 2025 13:32:02 +0000 00:00:00.71 aio1 ansible.builtin.lineinfile ansible-hardening : Apply shadow-utils configurations 9
CHANGED 08 Dec 2025 13:32:00 +0000 00:00:00.47 aio1 ansible.builtin.blockinfile ansible-hardening : Set password quality requirements 12
CHANGED 08 Dec 2025 13:31:58 +0000 00:00:00.34 aio1 ansible.builtin.lineinfile ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages 3
CHANGED 08 Dec 2025 13:31:03 +0000 00:00:52.33 aio1 ansible.builtin.package ansible-hardening : Add packages based on STIG requirements 17
CHANGED 08 Dec 2025 13:31:00 +0000 00:00:00.50 aio1 ansible.builtin.tempfile ansible-hardening : Create temporary directory to hold any temporary files 2
CHANGED 08 Dec 2025 13:30:52 +0000 00:00:00.83 aio1 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:30:51 +0000 00:00:00.82 aio1 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:30:51 +0000 00:00:00.46 aio1 ansible.builtin.file openstack_hosts : Create /etc/systemd/journald.conf.d directory 3
CHANGED 08 Dec 2025 13:30:49 +0000 00:00:01.28 aio1 ansible.builtin.systemd systemd_service : Load service networking-post-up 4
CHANGED 08 Dec 2025 13:30:46 +0000 00:00:00.61 aio1 openstack.config_template.config_template systemd_service : Place the systemd service 4
CHANGED 08 Dec 2025 13:30:45 +0000 00:00:00.88 aio1 ansible.builtin.template systemd_service : Create tmpfiles.d entry 4
CHANGED 08 Dec 2025 13:30:44 +0000 00:00:00.47 aio1 ansible.builtin.file systemd_service : Create TEMP service lock dir 4
CHANGED 08 Dec 2025 13:30:43 +0000 00:00:00.48 aio1 ansible.builtin.file systemd_service : Create TEMP run dir 4
CHANGED 08 Dec 2025 13:30:34 +0000 00:00:08.70 aio1 ansible.builtin.command systemd_networkd : Update initramfs 3
CHANGED 08 Dec 2025 13:30:30 +0000 00:00:00.73 aio1 ansible.builtin.systemd systemd_networkd : Restart systemd-networkd 4
CHANGED 08 Dec 2025 13:30:25 +0000 00:00:02.46 aio1 ansible.builtin.service openstack_hosts : Restart sysstat 1
CHANGED 08 Dec 2025 13:30:20 +0000 00:00:04.23 aio1 openstack.config_template.config_template systemd_networkd : Create systemd-networkd network network(s) 4
CHANGED 08 Dec 2025 13:30:16 +0000 00:00:03.82 aio1 openstack.config_template.config_template systemd_networkd : Create systemd-networkd network link(s) 4
CHANGED 08 Dec 2025 13:30:09 +0000 00:00:06.75 aio1 ansible.builtin.template systemd_networkd : Create systemd-networkd network device(s) 4
CHANGED 08 Dec 2025 13:30:03 +0000 00:00:00.46 aio1 community.general.git_config openstack_hosts : Configure git safe directories 2
CHANGED 08 Dec 2025 13:30:02 +0000 00:00:00.61 aio1 community.general.git_config openstack_hosts : Write git config when git is installed 2
CHANGED 08 Dec 2025 13:29:59 +0000 00:00:02.06 aio1 ansible.builtin.command pki : Update CA store 2
CHANGED 08 Dec 2025 13:29:58 +0000 00:00:00.84 aio1 ansible.builtin.copy pki : Copy CA certificates to target host 2
CHANGED 08 Dec 2025 13:29:52 +0000 00:00:03.11 aio1 ansible.builtin.package openstack_hosts : Install distro packages 1
CHANGED 08 Dec 2025 13:29:52 +0000 00:00:00.45 aio1 ansible.posix.sysctl openstack_hosts : Decreasing tcp_retries2 sysctl 1
CHANGED 08 Dec 2025 13:29:51 +0000 00:00:00.53 aio1 ansible.builtin.blockinfile openstack_hosts : Update hosts file on deploy host 3
CHANGED 08 Dec 2025 13:29:51 +0000 00:00:00.44 aio1 ansible.builtin.blockinfile openstack_hosts : Update hosts file 3
CHANGED 08 Dec 2025 13:29:48 +0000 00:00:00.87 aio1 ansible.builtin.template openstack_hosts : Enable sysstat cron 2
CHANGED 08 Dec 2025 13:29:47 +0000 00:00:00.85 aio1 ansible.builtin.template openstack_hosts : Enable sysstat config 2
CHANGED 08 Dec 2025 13:29:33 +0000 00:00:13.11 aio1 ansible.posix.sysctl openstack_hosts : Adding new system tuning 2
CHANGED 08 Dec 2025 13:29:25 +0000 00:00:07.58 aio1 ansible.builtin.lineinfile openstack_hosts : Clean-up ex-default modules location 2
CHANGED 08 Dec 2025 13:29:24 +0000 00:00:00.83 aio1 ansible.builtin.copy openstack_hosts : Blacklist kernel modules 2
CHANGED 08 Dec 2025 13:29:15 +0000 00:00:08.20 aio1 community.general.modprobe openstack_hosts : Load kernel module(s) 2
CHANGED 08 Dec 2025 13:29:00 +0000 00:00:14.23 aio1 ansible.builtin.package openstack_hosts : Install distro packages for bare metal nodes 2
CHANGED 08 Dec 2025 13:28:53 +0000 00:00:00.82 aio1 ansible.builtin.copy openstack_hosts : Add apt extra conf 1
CHANGED 08 Dec 2025 13:28:52 +0000 00:00:00.86 aio1 ansible.builtin.deb822_repository openstack_hosts : Manage apt repositories 1
CHANGED 08 Dec 2025 13:28:48 +0000 00:00:04.09 aio1 ansible.builtin.apt openstack_hosts : Add requirement packages (repositories gpg keys, toolkits...) 1
CHANGED 08 Dec 2025 13:28:43 +0000 00:00:00.65 aio1 openstack.config_template.config_template openstack_hosts : Add DefaultEnvironment to systemd 1
CHANGED 08 Dec 2025 13:28:43 +0000 00:00:00.43 aio1 ansible.builtin.file openstack_hosts : Create systemd global directory 1
CHANGED 08 Dec 2025 13:28:42 +0000 00:00:00.76 aio1 ansible.builtin.blockinfile openstack_hosts : Add global_environment_variables to environment file 2
CHANGED 08 Dec 2025 13:28:41 +0000 00:00:00.88 aio1 ansible.builtin.template openstack_hosts : Drop openstack release file 2
CHANGED 08 Dec 2025 13:28:40 +0000 00:00:00.44 aio1 ansible.builtin.file openstack_hosts : Allow the usage of local facts 2
CHANGED 08 Dec 2025 13:28:38 +0000 00:00:00.85 aio1 ansible.builtin.template apt_package_pinning : Add apt pin preferences 3
CHANGED 08 Dec 2025 13:28:35 +0000 00:00:00.32 aio1 ansible.builtin.raw Ensure python is installed 0
CHANGED 08 Dec 2025 13:28:30 +0000 00:00:02.97 localhost community.crypto.openssh_keypair openstack.osa.ssh_keypairs : Generate key pair for OpenStack-Ansible-SSH-Signing-Key 6
CHANGED 08 Dec 2025 13:28:29 +0000 00:00:00.54 localhost ansible.builtin.file openstack.osa.ssh_keypairs : Create keypair directories 4
CHANGED 08 Dec 2025 13:28:27 +0000 00:00:00.87 localhost ansible.builtin.shell pki : Create intermediate certificate chain 1
CHANGED 08 Dec 2025 13:28:25 +0000 00:00:01.07 localhost ansible.builtin.copy pki : Save certificate info for ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:23 +0000 00:00:00.58 localhost ansible.builtin.file pki : Symlink the certificate name to the most recently generated 1
CHANGED 08 Dec 2025 13:28:21 +0000 00:00:01.86 localhost community.crypto.x509_certificate pki : Sign the intermediate CA CSR for ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:20 +0000 00:00:01.09 localhost ansible.builtin.copy pki : Write out the new serial number for ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:18 +0000 00:00:01.65 localhost community.crypto.openssl_csr pki : Create the CA CSR for ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:15 +0000 00:00:01.95 localhost community.crypto.openssl_privatekey pki : Generate CA private key for ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:14 +0000 00:00:01.08 localhost ansible.builtin.copy pki : Initialise the serial number for ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:11 +0000 00:00:02.18 localhost ansible.builtin.file pki : Create directories for certificate authority ExampleCorpIntermediate 1
CHANGED 08 Dec 2025 13:28:05 +0000 00:00:01.11 localhost ansible.builtin.copy pki : Save certificate info for ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:28:03 +0000 00:00:00.57 localhost ansible.builtin.file pki : Symlink cert path to the chain file for selfsigned CA 1
CHANGED 08 Dec 2025 13:28:02 +0000 00:00:00.58 localhost ansible.builtin.file pki : Symlink the certificate name to the most recently generated 1
CHANGED 08 Dec 2025 13:28:00 +0000 00:00:02.22 localhost community.crypto.x509_certificate pki : Sign the selfsigned Root CA CSR for ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:27:59 +0000 00:00:01.10 localhost ansible.builtin.copy pki : Write out the new serial number for ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:27:57 +0000 00:00:01.91 localhost community.crypto.openssl_csr pki : Create the CA CSR for ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:27:52 +0000 00:00:03.44 localhost community.crypto.openssl_privatekey pki : Generate CA private key for ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:27:50 +0000 00:00:01.49 localhost ansible.builtin.copy pki : Initialise the serial number for ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:27:47 +0000 00:00:02.32 localhost ansible.builtin.file pki : Create directories for certificate authority ExampleCorpRoot 1
CHANGED 08 Dec 2025 13:27:43 +0000 00:00:04.08 localhost ansible.builtin.file pki : Create PKI directories 1