Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:27:39 +0000
Duration 00:05:33.94
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
2 Hosts
316 Tasks
313 Results
18 Plays
136 Files
0 Records
check:False tags:all

Hosts 2
aio1
161 60 106
localhost
36 21 11
Files 136
Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.






Reset
Report Status
Date
Duration
Host Action Task Tags Notes
SKIPPED 08 Dec 2025 13:32:43 +0000 00:00:00.03 aio1 ansible.builtin.debug ansible-hardening : V-72039 - All system device files must be correctly labeled to prevent unauthorized modification. 4
SKIPPED 08 Dec 2025 13:32:43 +0000 00:00:00.03 aio1 ansible.builtin.command ansible-hardening : Check for unlabeled device files 4
SKIPPED 08 Dec 2025 13:32:43 +0000 00:00:00.03 aio1 ansible.builtin.file ansible-hardening : Relabel files on next boot if SELinux mode changed 4
SKIPPED 08 Dec 2025 13:32:43 +0000 00:00:00.03 aio1 ansible.posix.selinux ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot 4
SKIPPED 08 Dec 2025 13:32:39 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : Print a warning if FIPS isn't enabled 4
SKIPPED 08 Dec 2025 13:32:39 +0000 00:00:00.03 aio1 ansible.builtin.command ansible-hardening : Check if FIPS is enabled 2
SKIPPED 08 Dec 2025 13:32:38 +0000 00:00:00.02 aio1 ansible.builtin.service ansible-hardening : V-72057 - Kernel core dumps must be disabled unless needed. 4
SKIPPED 08 Dec 2025 13:32:33 +0000 00:00:00.03 aio1 ansible.builtin.template ansible-hardening : Create a GDM keyfile for machine-wide settings 4
SKIPPED 08 Dec 2025 13:32:33 +0000 00:00:00.02 aio1 ansible.builtin.copy ansible-hardening : Create a GDM profile for displaying a login banner 4
SKIPPED 08 Dec 2025 13:32:33 +0000 00:00:00.02 aio1 ansible.builtin.template ansible-hardening : Prevent users from changing graphical session locking configurations 6
SKIPPED 08 Dec 2025 13:32:33 +0000 00:00:00.02 aio1 ansible.builtin.template ansible-hardening : Configure graphical session locking 6
SKIPPED 08 Dec 2025 13:32:32 +0000 00:00:00.03 aio1 ansible.builtin.file ansible-hardening : Create dconf directories 7
SKIPPED 08 Dec 2025 13:32:32 +0000 00:00:00.02 aio1 ansible.builtin.copy ansible-hardening : Create a user profile in dconf 6
SKIPPED 08 Dec 2025 13:32:32 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : V-71955 - The operating system must not allow guest logon to the system. 4
SKIPPED 08 Dec 2025 13:32:31 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : V-71953 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface 4
SKIPPED 08 Dec 2025 13:32:31 +0000 00:00:00.03 aio1 ansible.builtin.file ansible-hardening : Set owner/group owner on /etc/cron.allow 5
SKIPPED 08 Dec 2025 13:32:30 +0000 00:00:00.04 aio1 ansible.builtin.debug ansible-hardening : V-72047 - All world-writable directories must be group-owned by root, sys, bin, or an application group. 4
SKIPPED 08 Dec 2025 13:32:30 +0000 00:00:00.02 aio1 ansible.builtin.shell ansible-hardening : Find all world-writable directories 2
SKIPPED 08 Dec 2025 13:32:30 +0000 00:00:00.07 aio1 ansible.builtin.file ansible-hardening : Set proper owner, group owner, and permissions on home directories 6
SKIPPED 08 Dec 2025 13:32:29 +0000 00:00:00.03 aio1 ansible.builtin.debug ansible-hardening : V-72009 - All files and directories must have a valid group owner. 4
SKIPPED 08 Dec 2025 13:32:29 +0000 00:00:00.02 aio1 ansible.builtin.command ansible-hardening : Search for files/directories with an invalid group owner 2
SKIPPED 08 Dec 2025 13:32:29 +0000 00:00:00.03 aio1 ansible.builtin.debug ansible-hardening : V-72007 - All files and directories must have a valid owner. 4
SKIPPED 08 Dec 2025 13:32:29 +0000 00:00:00.02 aio1 ansible.builtin.command ansible-hardening : Search for files/directories with an invalid owner 2
SKIPPED 08 Dec 2025 13:32:28 +0000 00:00:00.02 aio1 shell ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values 5
SKIPPED 08 Dec 2025 13:32:28 +0000 00:00:00.03 aio1 ansible.builtin.shell ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership 4
SKIPPED 08 Dec 2025 13:32:28 +0000 00:00:00.03 aio1 ansible.builtin.file ansible-hardening : Remove .shosts or shosts.equiv files 5
SKIPPED 08 Dec 2025 13:32:28 +0000 00:00:00.03 aio1 ansible.builtin.async_status ansible-hardening : Ensure .shosts find has finished 5
SKIPPED 08 Dec 2025 13:32:28 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : V-72275 - Display date/time of last logon after logon 4
SKIPPED 08 Dec 2025 13:32:27 +0000 00:00:00.04 aio1 ansible.builtin.blockinfile ansible-hardening : V-72217 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types 4
SKIPPED 08 Dec 2025 13:32:27 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Set CLASS for grub file 6
SKIPPED 08 Dec 2025 13:32:26 +0000 00:00:00.02 aio1 ansible.builtin.blockinfile ansible-hardening : Define password options for grub 6
SKIPPED 08 Dec 2025 13:32:25 +0000 00:00:00.03 aio1 debug ansible-hardening : V-71949 - Users must re-authenticate for privilege escalation 5
SKIPPED 08 Dec 2025 13:32:24 +0000 00:00:00.03 aio1 ansible.builtin.blockinfile ansible-hardening : Lock accounts after three failed login attempts a 15 minute period 5
SKIPPED 08 Dec 2025 13:32:24 +0000 00:00:00.06 aio1 ansible.builtin.lineinfile ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) 4
SKIPPED 08 Dec 2025 13:32:22 +0000 00:00:00.08 aio1 ansible.builtin.lineinfile ansible-hardening : Adjust auditd/audispd configurations 7
SKIPPED 08 Dec 2025 13:32:20 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited 4
SKIPPED 08 Dec 2025 13:32:19 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited 4
SKIPPED 08 Dec 2025 13:32:18 +0000 00:00:00.03 aio1 ansible.builtin.shell ansible-hardening : Initialize AIDE (this will take a few minutes) 4
SKIPPED 08 Dec 2025 13:32:15 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Use pwquality when passwords are changed or created 4
SKIPPED 08 Dec 2025 13:32:04 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Print warning for local interactive users without a home directory assigned 4
SKIPPED 08 Dec 2025 13:32:04 +0000 00:00:00.02 aio1 ansible.builtin.fail ansible-hardening : Print warnings for non-root users with UID 0 4
SKIPPED 08 Dec 2025 13:32:03 +0000 00:00:00.05 aio1 ansible.builtin.debug ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group 4
SKIPPED 08 Dec 2025 13:32:02 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure accounts are disabled if the password expires 4
SKIPPED 08 Dec 2025 13:32:02 +0000 00:00:00.03 aio1 ansible.builtin.lineinfile ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords 4
SKIPPED 08 Dec 2025 13:32:02 +0000 00:00:00.10 aio1 ansible.builtin.command ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts 4
SKIPPED 08 Dec 2025 13:32:01 +0000 00:00:00.10 aio1 ansible.builtin.command ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts 4
SKIPPED 08 Dec 2025 13:32:01 +0000 00:00:00.03 aio1 community.general.ini_file ansible-hardening : Ensure libuser is storing passwords using SHA512 4
SKIPPED 08 Dec 2025 13:31:59 +0000 00:00:00.03 aio1 ansible.builtin.copy ansible-hardening : Enable automatic package updates (apt) 4
SKIPPED 08 Dec 2025 13:31:59 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (dpkg) 4
SKIPPED 08 Dec 2025 13:31:58 +0000 00:00:00.02 aio1 ansible.builtin.debug ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (apt) 3
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.set_fact ansible-hardening : V-71855 - Create comma-separated list 3
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.shell ansible-hardening : V-71855 - Get files with invalid checksums (apt) 3
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.shell ansible-hardening : Gather debsums report 1
SKIPPED 08 Dec 2025 13:31:57 +0000 00:00:00.02 aio1 ansible.builtin.apt ansible-hardening : Ensure debsums is installed 1
SKIPPED 08 Dec 2025 13:31:02 +0000 00:00:00.02 aio1 ansible.builtin.dnf ansible-hardening : Install EPEL repository 2
SKIPPED 08 Dec 2025 13:31:01 +0000 00:00:00.02 aio1 ansible.builtin.find ansible-hardening : Check for .shosts or shosts.equiv files 5
SKIPPED 08 Dec 2025 13:31:01 +0000 00:00:00.02 aio1 ansible.builtin.find ansible-hardening : Locate top level directories to check for .shosts 5
SKIPPED 08 Dec 2025 13:31:01 +0000 00:00:00.03 aio1 shell ansible-hardening : Verify all installed RPM packages 5
SKIPPED 08 Dec 2025 13:30:53 +0000 00:00:00.05 aio1 ansible.builtin.include_tasks systemd_service : Restart changed services 4
SKIPPED 08 Dec 2025 13:30:51 +0000 00:00:00.02 aio1 ansible.builtin.include_role Run the systemd mount role 3
SKIPPED 08 Dec 2025 13:30:50 +0000 00:00:00.05 aio1 ansible.builtin.systemd systemd_service : Load socket 4
SKIPPED 08 Dec 2025 13:30:50 +0000 00:00:00.06 aio1 ansible.builtin.systemd systemd_service : Load timer networking-post-up 4
SKIPPED 08 Dec 2025 13:30:47 +0000 00:00:00.03 aio1 ansible.builtin.template systemd_service : Place the systemd socket 4
SKIPPED 08 Dec 2025 13:30:47 +0000 00:00:00.05 aio1 ansible.builtin.template systemd_service : Place the systemd timer 4
SKIPPED 08 Dec 2025 13:30:47 +0000 00:00:00.04 aio1 ansible.builtin.template systemd_service : Place the systemd override 4
SKIPPED 08 Dec 2025 13:30:45 +0000 00:00:00.04 aio1 ansible.builtin.file systemd_service : Create service.d overrides dir 4
SKIPPED 08 Dec 2025 13:30:43 +0000 00:00:00.14 aio1 ansible.posix.sysctl systemd_networkd : Add IP Forward for interface 3
SKIPPED 08 Dec 2025 13:30:25 +0000 00:00:00.06 aio1 ansible.builtin.template systemd_networkd : Place systemd-networkd network routes 3
SKIPPED 08 Dec 2025 13:30:24 +0000 00:00:00.06 aio1 ansible.builtin.template systemd_networkd : Place systemd-networkd routing policy rules 3
SKIPPED 08 Dec 2025 13:30:24 +0000 00:00:00.07 aio1 openstack.config_template.config_template systemd_networkd : Create overrides files for network_overrides_only networks 4
SKIPPED 08 Dec 2025 13:30:24 +0000 00:00:00.07 aio1 ansible.builtin.file systemd_networkd : Create systemd-networkd extra config folder 3
SKIPPED 08 Dec 2025 13:30:08 +0000 00:00:00.02 aio1 ansible.builtin.file systemd_networkd : Remove prefixed network files 4
SKIPPED 08 Dec 2025 13:30:08 +0000 00:00:00.02 aio1 ansible.builtin.template systemd_networkd : Create systemd-resolved config 4
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.02 aio1 ansible.builtin.yum_repository systemd_networkd : Install the EPEL repository 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.04 aio1 ansible.builtin.rpm_key systemd_networkd : Install gpg keys 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.03 aio1 ansible.builtin.command systemd_networkd : Ensure GPG keys have the correct SELinux contexts applied 3
SKIPPED 08 Dec 2025 13:30:05 +0000 00:00:00.04 aio1 ansible.builtin.copy systemd_networkd : If a keyfile is provided, copy the gpg keyfile to the key location 3
SKIPPED 08 Dec 2025 13:30:03 +0000 00:00:00.02 aio1 ansible.builtin.template openstack_hosts : Write git config when git is not installed 2
SKIPPED 08 Dec 2025 13:29:57 +0000 00:00:00.03 aio1 ansible.posix.authorized_key openstack_hosts : Update SSH keys 2
SKIPPED 08 Dec 2025 13:29:56 +0000 00:00:00.03 aio1 ansible.builtin.package openstack_hosts : Install user defined extra distro packages 1
SKIPPED 08 Dec 2025 13:29:50 +0000 00:00:00.02 aio1 ansible.builtin.lineinfile openstack_hosts : Ensure environment is applied during sudo 1
SKIPPED 08 Dec 2025 13:29:50 +0000 00:00:00.03 aio1 command openstack_hosts : Create tmpfiles structure in journald directory 3
SKIPPED 08 Dec 2025 13:29:49 +0000 00:00:00.02 aio1 ansible.builtin.service openstack_hosts : Start and enable the sysstat service 2
SKIPPED 08 Dec 2025 13:29:46 +0000 00:00:00.02 aio1 ansible.builtin.include_tasks openstack_hosts : Configure GRUB 2
SKIPPED 08 Dec 2025 13:29:15 +0000 00:00:00.06 aio1 ansible.builtin.fail openstack_hosts : Fail fast if we can't load a module 2
SKIPPED 08 Dec 2025 13:29:14 +0000 00:00:00.02 aio1 ansible.builtin.package openstack_hosts : Install user defined extra distro packages for bare metal nodes 2
SKIPPED 08 Dec 2025 13:29:00 +0000 00:00:00.03 aio1 ansible.builtin.fail openstack_hosts : Check Kernel Version 2
SKIPPED 08 Dec 2025 13:28:42 +0000 00:00:00.02 aio1 ansible.builtin.file openstack_hosts : Remove legacy openstack release file 2
SKIPPED 08 Dec 2025 13:28:39 +0000 00:00:00.02 aio1 ansible.builtin.file apt_package_pinning : Remove apt pin preferences 1
SKIPPED 08 Dec 2025 13:28:35 +0000 00:00:00.03 localhost ansible.builtin.include_tasks pki : Install server certificates 1
SKIPPED 08 Dec 2025 13:28:34 +0000 00:00:00.03 localhost ansible.builtin.include_tasks pki : Sign server certificates 1
SKIPPED 08 Dec 2025 13:28:34 +0000 00:00:00.02 localhost ansible.builtin.include_tasks openstack.osa.ssh_keypairs : Install ssh keys 4
SKIPPED 08 Dec 2025 13:28:33 +0000 00:00:00.02 localhost ansible.builtin.include_tasks openstack.osa.ssh_keypairs : Install ssh server certificate authorities 4
SKIPPED 08 Dec 2025 13:28:33 +0000 00:00:00.05 localhost ansible.builtin.copy openstack.osa.ssh_keypairs : Save certificate info for signed key OpenStack-Ansible-SSH-Signing-Key 6
SKIPPED 08 Dec 2025 13:28:33 +0000 00:00:00.04 localhost community.crypto.openssh_cert openstack.osa.ssh_keypairs : Generate an OpenSSH user certificate for OpenStack-Ansible-SSH-Signing-Key 6
SKIPPED 08 Dec 2025 13:28:24 +0000 00:00:00.04 localhost ansible.builtin.file pki : Symlink cert path to the chain file for selfsigned CA 1
SKIPPED 08 Dec 2025 13:28:21 +0000 00:00:00.04 localhost community.crypto.x509_certificate pki : Sign the selfsigned Root CA CSR for ExampleCorpIntermediate 1
SKIPPED 08 Dec 2025 13:28:07 +0000 00:00:00.05 localhost ansible.builtin.shell pki : Create intermediate certificate chain 1
SKIPPED 08 Dec 2025 13:28:06 +0000 00:00:00.03 localhost ansible.builtin.stat pki : Check if intermediate certificate chain exists 1
SKIPPED 08 Dec 2025 13:28:02 +0000 00:00:00.03 localhost community.crypto.x509_certificate pki : Sign the intermediate CA CSR for ExampleCorpRoot 1