Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:27:39 +0000
Duration 00:05:33.94
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
2 Hosts
316 Tasks
313 Results
18 Plays
136 Files
0 Records
check:False tags:all

Hosts 2
aio1
161 60 106
localhost
36 21 11
Files 136
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
CHANGED 08 Dec 2025 13:32:17 +0000 00:00:00.34 aio1 ansible.builtin.blockinfile ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) 6
CHANGED 08 Dec 2025 13:32:16 +0000 00:00:00.76 aio1 ansible.builtin.template ansible-hardening : Exclude certain directories from AIDE 4
OK 08 Dec 2025 13:32:15 +0000 00:00:00.65 aio1 ansible.builtin.stat ansible-hardening : Verify that AIDE configuration directory exists 2
SKIPPED 08 Dec 2025 13:32:15 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Use pwquality when passwords are changed or created 4
OK 08 Dec 2025 13:32:15 +0000 00:00:00.07 aio1 ansible.builtin.debug ansible-hardening : Print warning for users with an assigned home directory that does not exist 4
OK 08 Dec 2025 13:32:04 +0000 00:00:10.39 aio1 ansible.builtin.stat ansible-hardening : Check each user to see if its home directory exists on the filesystem 4
SKIPPED 08 Dec 2025 13:32:04 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Print warning for local interactive users without a home directory assigned 4
SKIPPED 08 Dec 2025 13:32:04 +0000 00:00:00.02 aio1 ansible.builtin.fail ansible-hardening : Print warnings for non-root users with UID 0 4
OK 08 Dec 2025 13:32:03 +0000 00:00:00.34 aio1 shell ansible-hardening : Get all accounts with UID 0 5
SKIPPED 08 Dec 2025 13:32:03 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group 4
CHANGED 08 Dec 2025 13:32:02 +0000 00:00:00.71 aio1 ansible.builtin.lineinfile ansible-hardening : Apply shadow-utils configurations 9
SKIPPED 08 Dec 2025 13:32:02 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure accounts are disabled if the password expires 4
SKIPPED 08 Dec 2025 13:32:02 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords 4
SKIPPED 08 Dec 2025 13:32:02 +0000 00:00:00.10 aio1 ansible.builtin.command ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts 4
SKIPPED 08 Dec 2025 13:32:01 +0000 00:00:00.10 aio1 ansible.builtin.command ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts 4
SKIPPED 08 Dec 2025 13:32:01 +0000 00:00:00.03 aio1 community.general.ini_file ansible-hardening : Ensure libuser is storing passwords using SHA512 4
OK 08 Dec 2025 13:32:01 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Print warning if PAM is not using SHA512 for password storage 4
OK 08 Dec 2025 13:32:01 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Check for SHA512 password storage in PAM 2
CHANGED 08 Dec 2025 13:32:00 +0000 00:00:00.47 aio1 ansible.builtin.blockinfile ansible-hardening : Set password quality requirements 12
OK 08 Dec 2025 13:31:59 +0000 00:00:00.35 aio1 ansible.builtin.stat ansible-hardening : Check if /etc/security/pwquality.conf exists 2
SKIPPED 08 Dec 2025 13:31:59 +0000 00:00:00.03 aio1 ansible.builtin.copy ansible-hardening : Enable automatic package updates (apt) 4
SKIPPED 08 Dec 2025 13:31:59 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (dpkg) 4
CHANGED 08 Dec 2025 13:31:58 +0000 00:00:00.34 aio1 ansible.builtin.lineinfile ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages 3
OK 08 Dec 2025 13:31:58 +0000 00:00:00.04 aio1 ansible.builtin.debug ansible-hardening : V-71977 - Package management tool must verify authenticity of packages 3
OK 08 Dec 2025 13:31:58 +0000 00:00:00.33 aio1 ansible.builtin.command ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ 1
SKIPPED 08 Dec 2025 13:31:58 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (apt) 3
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : V-71855 - Create comma-separated list 3
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.shell ansible-hardening : V-71855 - Get files with invalid checksums (apt) 3
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.shell ansible-hardening : Gather debsums report 1
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.apt ansible-hardening : Ensure debsums is installed 1
OK 08 Dec 2025 13:31:56 +0000 00:00:00.02 aio1 ansible.builtin.include_tasks ansible-hardening : Including OS-specific tasks 1
OK 08 Dec 2025 13:31:55 +0000 00:00:01.02 aio1 ansible.builtin.package ansible-hardening : Remove packages based on STIG requirements 17
CHANGED 08 Dec 2025 13:31:03 +0000 00:00:52.33 aio1 ansible.builtin.package ansible-hardening : Add packages based on STIG requirements 17
SKIPPED 08 Dec 2025 13:31:02 +0000 00:00:00.02 aio1 ansible.builtin.dnf ansible-hardening : Install EPEL repository 2
OK 08 Dec 2025 13:31:02 +0000 00:00:00.33 aio1 get_users ansible-hardening : Get user data for all interactive users on the system 2
OK 08 Dec 2025 13:31:01 +0000 00:00:00.50 aio1 get_users ansible-hardening : Get user data for all users on the system 2
SKIPPED 08 Dec 2025 13:31:01 +0000 00:00:00.02 aio1 ansible.builtin.find ansible-hardening : Check for .shosts or shosts.equiv files 5
SKIPPED 08 Dec 2025 13:31:01 +0000 00:00:00.02 aio1 ansible.builtin.find ansible-hardening : Locate top level directories to check for .shosts 5
SKIPPED 08 Dec 2025 13:31:01 +0000 00:00:00.03 aio1 shell ansible-hardening : Verify all installed RPM packages 5
OK 08 Dec 2025 13:31:00 +0000 00:00:00.03 aio1 ansible.builtin.set_fact ansible-hardening : Set a fact for the temporary directory 2
CHANGED 08 Dec 2025 13:31:00 +0000 00:00:00.50 aio1 ansible.builtin.tempfile ansible-hardening : Create temporary directory to hold any temporary files 2
OK 08 Dec 2025 13:30:59 +0000 00:00:00.35 aio1 ansible.builtin.stat ansible-hardening : Check if grub is present on the remote node 2
OK 08 Dec 2025 13:30:59 +0000 00:00:00.05 aio1 ansible.builtin.set_fact ansible-hardening : Set facts 2
OK 08 Dec 2025 13:30:59 +0000 00:00:00.05 aio1 ansible.builtin.set_fact ansible-hardening : Check to see if we are booting with EFI or UEFI 2
OK 08 Dec 2025 13:30:58 +0000 00:00:00.51 aio1 ansible.builtin.command ansible-hardening : Check for check/audit mode 2
OK 08 Dec 2025 13:30:58 +0000 00:00:00.07 aio1 ansible.builtin.include_vars ansible-hardening : Gather variables for each operating system 2
OK 08 Dec 2025 13:30:57 +0000 00:00:00.02 aio1 ansible.builtin.include_role Include security hardening role 1
OK 08 Dec 2025 13:30:55 +0000 00:00:01.19 aio1 ansible.builtin.setup openstack.osa.gather_extra_facts : Gather additional facts 1
OK 08 Dec 2025 13:30:55 +0000 00:00:00.02 aio1 ansible.builtin.include_role Gather additional facts 1
SKIPPED 08 Dec 2025 13:30:53 +0000 00:00:00.05 aio1 ansible.builtin.include_tasks systemd_service : Restart changed services 4
CHANGED 08 Dec 2025 13:30:52 +0000 00:00:00.83 aio1 ansible.builtin.service openstack_hosts : Restart systemd-journald 1
CHANGED 08 Dec 2025 13:30:51 +0000 00:00:00.82 aio1 ansible.builtin.copy openstack_hosts : Define journald configuration 3
CHANGED 08 Dec 2025 13:30:51 +0000 00:00:00.46 aio1 ansible.builtin.file openstack_hosts : Create /etc/systemd/journald.conf.d directory 3
SKIPPED 08 Dec 2025 13:30:51 +0000 00:00:00.02 aio1 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:30:50 +0000 00:00:00.05 aio1 ansible.builtin.systemd systemd_service : Load socket 4
SKIPPED 08 Dec 2025 13:30:50 +0000 00:00:00.06 aio1 ansible.builtin.systemd systemd_service : Load timer networking-post-up 4
CHANGED 08 Dec 2025 13:30:49 +0000 00:00:01.28 aio1 ansible.builtin.systemd systemd_service : Load service networking-post-up 4
OK 08 Dec 2025 13:30:48 +0000 00:00:00.04 aio1 ansible.builtin.include_tasks systemd_service : Including systemd_load tasks 4
OK 08 Dec 2025 13:30:47 +0000 00:00:01.10 aio1 ansible.builtin.systemd systemd_service : Reload systemd on unit change 3
SKIPPED 08 Dec 2025 13:30:47 +0000 00:00:00.03 aio1 ansible.builtin.template systemd_service : Place the systemd socket 4
SKIPPED 08 Dec 2025 13:30:47 +0000 00:00:00.05 aio1 ansible.builtin.template systemd_service : Place the systemd timer 4
SKIPPED 08 Dec 2025 13:30:47 +0000 00:00:00.04 aio1 ansible.builtin.template systemd_service : Place the systemd override 4
CHANGED 08 Dec 2025 13:30:46 +0000 00:00:00.61 aio1 openstack.config_template.config_template systemd_service : Place the systemd service 4
CHANGED 08 Dec 2025 13:30:45 +0000 00:00:00.88 aio1 ansible.builtin.template systemd_service : Create tmpfiles.d entry 4
SKIPPED 08 Dec 2025 13:30:45 +0000 00:00:00.04 aio1 ansible.builtin.file systemd_service : Create service.d overrides dir 4
CHANGED 08 Dec 2025 13:30:44 +0000 00:00:00.47 aio1 ansible.builtin.file systemd_service : Create TEMP service lock dir 4
CHANGED 08 Dec 2025 13:30:43 +0000 00:00:00.48 aio1 ansible.builtin.file systemd_service : Create TEMP run dir 4
OK 08 Dec 2025 13:30:43 +0000 00:00:00.03 aio1 ansible.builtin.include_role Run the systemd-service role 3
SKIPPED 08 Dec 2025 13:30:43 +0000 00:00:00.14 aio1 ansible.posix.sysctl systemd_networkd : Add IP Forward for interface 3
CHANGED 08 Dec 2025 13:30:34 +0000 00:00:08.70 aio1 ansible.builtin.command systemd_networkd : Update initramfs 3
OK 08 Dec 2025 13:30:31 +0000 00:00:02.16 aio1 ansible.builtin.setup systemd_networkd : (RE)Gather facts post setup 3
CHANGED 08 Dec 2025 13:30:30 +0000 00:00:00.73 aio1 ansible.builtin.systemd systemd_networkd : Restart systemd-networkd 4
OK 08 Dec 2025 13:30:29 +0000 00:00:01.41 aio1 ansible.builtin.systemd systemd_networkd : Ensure required services are running 3
OK 08 Dec 2025 13:30:28 +0000 00:00:01.07 aio1 ansible.builtin.systemd openstack_hosts : Systemd daemon reload 1
CHANGED 08 Dec 2025 13:30:25 +0000 00:00:02.46 aio1 ansible.builtin.service openstack_hosts : Restart sysstat 1
SKIPPED 08 Dec 2025 13:30:25 +0000 00:00:00.06 aio1 ansible.builtin.template systemd_networkd : Place systemd-networkd network routes 3
SKIPPED 08 Dec 2025 13:30:24 +0000 00:00:00.06 aio1 ansible.builtin.template systemd_networkd : Place systemd-networkd routing policy rules 3
SKIPPED 08 Dec 2025 13:30:24 +0000 00:00:00.07 aio1 openstack.config_template.config_template systemd_networkd : Create overrides files for network_overrides_only networks 4
SKIPPED 08 Dec 2025 13:30:24 +0000 00:00:00.07 aio1 ansible.builtin.file systemd_networkd : Create systemd-networkd extra config folder 3
CHANGED 08 Dec 2025 13:30:20 +0000 00:00:04.23 aio1 openstack.config_template.config_template systemd_networkd : Create systemd-networkd network network(s) 4
CHANGED 08 Dec 2025 13:30:16 +0000 00:00:03.82 aio1 openstack.config_template.config_template systemd_networkd : Create systemd-networkd network link(s) 4
CHANGED 08 Dec 2025 13:30:09 +0000 00:00:06.75 aio1 ansible.builtin.template systemd_networkd : Create systemd-networkd network device(s) 4
SKIPPED 08 Dec 2025 13:30:08 +0000 00:00:00.02 aio1 ansible.builtin.file systemd_networkd : Remove prefixed network files 4
OK 08 Dec 2025 13:30:08 +0000 00:00:00.60 aio1 ansible.builtin.find systemd_networkd : Find prefixed netdev and network files 4
SKIPPED 08 Dec 2025 13:30:08 +0000 00:00:00.02 aio1 ansible.builtin.template systemd_networkd : Create systemd-resolved config 4
OK 08 Dec 2025 13:30:07 +0000 00:00:00.45 aio1 ansible.builtin.file systemd_networkd : Create systemd-networkd directory 4
OK 08 Dec 2025 13:30:05 +0000 00:00:01.51 aio1 ansible.builtin.package systemd_networkd : Install networkd distro packages 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.02 aio1 ansible.builtin.yum_repository systemd_networkd : Install the EPEL repository 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.04 aio1 ansible.builtin.rpm_key systemd_networkd : Install gpg keys 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.03 aio1 ansible.builtin.command systemd_networkd : Ensure GPG keys have the correct SELinux contexts applied 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.04 aio1 ansible.builtin.copy systemd_networkd : If a keyfile is provided, copy the gpg keyfile to the key location 3
OK 08 Dec 2025 13:30:04 +0000 00:00:00.15 aio1 ansible.builtin.include_vars systemd_networkd : Gather variables for each operating system 4
OK 08 Dec 2025 13:30:04 +0000 00:00:00.04 aio1 ansible.builtin.include_role Run the systemd-networkd role 3
OK 08 Dec 2025 13:30:04 +0000 00:00:00.04 aio1 ansible.builtin.include_tasks openstack_hosts : Including openstack_hosts_systemd tasks 2
SKIPPED 08 Dec 2025 13:30:03 +0000 00:00:00.02 aio1 ansible.builtin.template openstack_hosts : Write git config when git is not installed 2
CHANGED 08 Dec 2025 13:30:03 +0000 00:00:00.46 aio1 community.general.git_config openstack_hosts : Configure git safe directories 2
CHANGED 08 Dec 2025 13:30:02 +0000 00:00:00.61 aio1 community.general.git_config openstack_hosts : Write git config when git is installed 2
OK 08 Dec 2025 13:30:02 +0000 00:00:00.44 aio1 command openstack_hosts : Get git version 3
OK 08 Dec 2025 13:30:01 +0000 00:00:00.02 aio1 ansible.builtin.include_tasks openstack_hosts : Including openstack_gitconfig tasks 1
CHANGED 08 Dec 2025 13:29:59 +0000 00:00:02.06 aio1 ansible.builtin.command pki : Update CA store 2