ara | Playbook #2: ...openstack/openstack-ansible/playbooks/setup-hosts.yml (316 tasks on 2 hosts)

/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml

Execution

Date 08 Dec 2025 13:27:39 +0000

Duration 00:05:33.94

Controller aio1.openstack.local

User root

Versions

Ansible 2.18.6

ara 1.7.4 / 1.7.4

Python 3.12.3

Summary

2 Hosts

316 Tasks

313 Results

18 Plays

136 Files

0 Records

check:False tags:all

Date
08 Dec 2025 13:27:39 +0000
Path
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml

Argument	Value
version	None
verbosity	0
private_key_file	None
remote_user	None
connection	openstack.osa.ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	True
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	8
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['setup-hosts.yml']

Hosts 2

aio1

161 60 106

localhost

36 21 11

Files 136

etc
- ansible
  - ansible_collections
    - openstack
      - osa
        
        playbooks
        
        certificate_authority.yml
        
        certificate_generate.yml
        
        certificate_ssh_authority.yml
        
        containers_deploy.yml
        
        containers_lxc_create.yml
        
        containers_lxc_host.yml
        
        hook_dummy.yml
        
        openstack_hosts_setup.yml
        
        security_hardening.yml
        
        setup_hosts.yml
        
        roles
        
        gather_extra_facts
        
        defaults
        
        main.yml
        
        tasks
        
        main.yml
        
        install_defaults
        
        defaults
        
        distro.yml
        
        platform_check
        
        tasks
        
        main.yml
        
        ssh_keypairs
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        tasks
        
        standalone
        
        create_keypair.yml
        
        main.yml
- openstack_deploy
  - host_vars
    - aio1
      - kernel.yml
      - networks.yml
  - user_openstackci.yml
  - user_secrets.yml
  - user_variables.yml
  - user_variables_zuulrepos.yml
home
- zuul
  - src
    - opendev.org
      - openstack
        
        ansible-hardening
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        rhel7stig
        
        accounts.yml
        
        aide.yml
        
        apt.yml
        
        async_tasks.yml
        
        auditd.yml
        
        auth.yml
        
        file_perms.yml
        
        graphical.yml
        
        kernel.yml
        
        lsm.yml
        
        main.yml
        
        misc.yml
        
        packages.yml
        
        sshd.yml
        
        main.yml
        
        vars
        
        main.yml
        
        ansible-role-pki
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        standalone
        
        create_ca.yml
        
        install_ca.yml
        
        main_ca.yml
        
        main_ca_install.yml
        
        main_certs.yml
        
        vars
        
        main.yml
        
        ansible-role-systemd_networkd
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        main.yml
        
        vars
        
        main.yml
        
        ansible-role-systemd_service
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        main.yml
        
        systemd_load.yml
        
        openstack-ansible
        
        inventory
        
        group_vars
        
        all
        
        all.yml
        
        ceph-rgw.yml
        
        ceph.yml
        
        cinder.yml
        
        designate.yml
        
        glance.yml
        
        haproxy.yml
        
        horizon.yml
        
        infra.yml
        
        ironic.yml
        
        keystone.yml
        
        nova.yml
        
        oslo-messaging.yml
        
        source_git.yml
        
        ssh.yml
        
        ssl.yml
        
        cinder_all
        
        defaults.yml
        
        haproxy_service.yml
        
        source_git.yml
        
        glance_all
        
        defaults.yml
        
        haproxy_service.yml
        
        source_git.yml
        
        haproxy
        
        haproxy.yml
        
        keepalived.yml
        
        horizon_all
        
        defaults.yml
        
        haproxy_service.yml
        
        source_git.yml
        
        keystone_all
        
        defaults.yml
        
        haproxy_service.yml
        
        source_git.yml
        
        neutron_all
        
        haproxy_service.yml
        
        source_git.yml
        
        nova_all
        
        defaults.yml
        
        haproxy_service.yml
        
        source_git.yml
        
        placement_all
        
        haproxy_service.yml
        
        source_git.yml
        
        utility_all
        
        defaults.yml
        
        source_git.yml
        
        cinder_volume.yml
        
        galera_all.yml
        
        hosts.yml
        
        memcached.yml
        
        network_hosts.yml
        
        neutron_agent.yml
        
        physical_hosts.yml
        
        rabbitmq_all.yml
        
        host_vars
        
        localhost
        
        cinder.yml
        
        unbound.yml
        
        playbooks
        
        setup-hosts.yml
        
        openstack-ansible-apt_package_pinning
        
        defaults
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        main.yml
        
        openstack-ansible-lxc_container_create
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        main.yml
        
        vars
        
        main.yml
        
        openstack-ansible-lxc_hosts
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        main.yml
        
        openstack-ansible-openstack_hosts
        
        defaults
        
        main.yml
        
        handlers
        
        main.yml
        
        meta
        
        main.yml
        
        tasks
        
        configure_metal_hosts.yml
        
        main.yml
        
        openstack_authorized_keys.yml
        
        openstack_gitconfig.yml
        
        openstack_hosts_configure_apt.yml
        
        openstack_hosts_systemd.yml
        
        openstack_release.yml
        
        openstack_sysstat.yml
        
        openstack_update_hosts_file.yml

Records

No saved records found.

Learn more about saving key/values with ara_record in the documentation.

Host name

Task name

Status:

FAILED

SKIPPED

UNREACHABLE

Changed:

CHANGED

Reset

Status	Date	Duration	Host	Action	Task	Tags
OK	08 Dec 2025 13:33:12 +0000	00:00:00.38	aio1	ansible.builtin.command	ansible-hardening : Generate auditd rules	1
CHANGED	08 Dec 2025 13:33:11 +0000	00:00:00.71	aio1	ansible.builtin.service	ansible-hardening : Restart ssh	1
OK	08 Dec 2025 13:33:11 +0000	00:00:00.34	aio1	ansible.builtin.file	ansible-hardening : Remove the temporary directory	2
CHANGED	08 Dec 2025 13:33:10 +0000	00:00:00.49	aio1	ansible.builtin.replace	ansible-hardening : Manage motd in pam.d	1
OK	08 Dec 2025 13:33:08 +0000	00:00:01.34	aio1	ansible.builtin.file	ansible-hardening : Private host key files must have mode 0600 or less	4
OK	08 Dec 2025 13:33:08 +0000	00:00:00.32	aio1	ansible.builtin.shell	ansible-hardening : Determine existing private ssh host keys	2
OK	08 Dec 2025 13:33:06 +0000	00:00:01.25	aio1	ansible.builtin.file	ansible-hardening : Public host key files must have mode 0644 or less	4
OK	08 Dec 2025 13:33:06 +0000	00:00:00.32	aio1	ansible.builtin.shell	ansible-hardening : Determine existing public ssh host keys	2
OK	08 Dec 2025 13:33:05 +0000	00:00:00.62	aio1	ansible.builtin.service	ansible-hardening : Ensure sshd is enabled at boot time	4
CHANGED	08 Dec 2025 13:33:05 +0000	00:00:00.38	aio1	ansible.builtin.blockinfile	ansible-hardening : Adjust ssh server configuration based on STIG requirements	21
CHANGED	08 Dec 2025 13:32:59 +0000	00:00:05.82	aio1	ansible.builtin.lineinfile	ansible-hardening : Drop options from SSH config that we manage	21
CHANGED	08 Dec 2025 13:32:58 +0000	00:00:00.76	aio1	ansible.builtin.copy	ansible-hardening : Copy login warning banner	5
OK	08 Dec 2025 13:32:57 +0000	00:00:00.35	aio1	ansible.builtin.command	ansible-hardening : Check to see if snmpd config contains public/private	2
OK	08 Dec 2025 13:32:56 +0000	00:00:00.33	aio1	ansible.builtin.stat	ansible-hardening : Check for TFTP server configuration file	2
OK	08 Dec 2025 13:32:55 +0000	00:00:00.32	aio1	ansible.builtin.stat	ansible-hardening : Check for postfix configuration file	2
OK	08 Dec 2025 13:32:55 +0000	00:00:00.32	aio1	ansible.builtin.shell	ansible-hardening : Check for interfaces in promiscuous mode	2
OK	08 Dec 2025 13:32:54 +0000	00:00:00.05	aio1	ansible.builtin.debug	ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured.	4
OK	08 Dec 2025 13:32:53 +0000	00:00:01.35	aio1	command	ansible-hardening : Count nameserver entries in /etc/resolv.conf	3
OK	08 Dec 2025 13:32:52 +0000	00:00:00.36	aio1	ansible.builtin.command	ansible-hardening : Check firewalld status	2
OK	08 Dec 2025 13:32:51 +0000	00:00:00.35	aio1	ansible.builtin.stat	ansible-hardening : Check if chrony configuration file exists	2
CHANGED	08 Dec 2025 13:32:51 +0000	00:00:00.33	aio1	ansible.builtin.blockinfile	ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions	4
OK	08 Dec 2025 13:32:50 +0000	00:00:00.34	aio1	ansible.builtin.shell	ansible-hardening : Check if ClamAV update process is already running	2
OK	08 Dec 2025 13:32:48 +0000	00:00:00.33	aio1	ansible.builtin.stat	ansible-hardening : Check if ClamAV is installed	2
OK	08 Dec 2025 13:32:48 +0000	00:00:00.05	aio1	ansible.builtin.debug	ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server.	4
OK	08 Dec 2025 13:32:48 +0000	00:00:00.33	aio1	ansible.builtin.command	ansible-hardening : Check if syslog output is being sent to another server	2
OK	08 Dec 2025 13:32:47 +0000	00:00:00.05	aio1	ansible.builtin.debug	ansible-hardening : Check for /tmp on mounted filesystem	4
OK	08 Dec 2025 13:32:47 +0000	00:00:00.05	aio1	ansible.builtin.debug	ansible-hardening : Check for /var/log/audit on mounted filesystem	4
OK	08 Dec 2025 13:32:47 +0000	00:00:00.06	aio1	ansible.builtin.debug	ansible-hardening : Check for /var on mounted filesystem	4
OK	08 Dec 2025 13:32:47 +0000	00:00:00.06	aio1	ansible.builtin.debug	ansible-hardening : Check for /home on mounted filesystem	4
CHANGED	08 Dec 2025 13:32:45 +0000	00:00:01.41	aio1	ansible.builtin.systemd	ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled	4
OK	08 Dec 2025 13:32:44 +0000	00:00:00.65	aio1	ansible.builtin.systemd	ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled	4
OK	08 Dec 2025 13:32:44 +0000	00:00:00.34	aio1	ansible.builtin.command	ansible-hardening : Check autofs service	2
CHANGED	08 Dec 2025 13:32:42 +0000	00:00:00.78	aio1	ansible.builtin.service	ansible-hardening : Ensure AppArmor is running	3
OK	08 Dec 2025 13:32:41 +0000	00:00:00.66	aio1	ansible.builtin.service	ansible-hardening : Ensure AppArmor is enabled at boot time	3
OK	08 Dec 2025 13:32:40 +0000	00:00:00.36	aio1	ansible.builtin.command	ansible-hardening : Check if apparmor is running	3
OK	08 Dec 2025 13:32:40 +0000	00:00:00.37	aio1	ansible.builtin.command	ansible-hardening : Check apparmor_status output	3
CHANGED	08 Dec 2025 13:32:39 +0000	00:00:00.74	aio1	ansible.builtin.copy	ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled	4
OK	08 Dec 2025 13:32:38 +0000	00:00:00.34	aio1	ansible.builtin.command	ansible-hardening : Check kdump service	4
CHANGED	08 Dec 2025 13:32:34 +0000	00:00:03.67	aio1	ansible.posix.sysctl	ansible-hardening : Set sysctl configurations	13
CHANGED	08 Dec 2025 13:32:34 +0000	00:00:00.34	aio1	ansible.builtin.lineinfile	ansible-hardening : V-71983 - USB mass storage must be disabled.	4
OK	08 Dec 2025 13:32:32 +0000	00:00:00.33	aio1	ansible.builtin.stat	ansible-hardening : Check for dconf profiles	2
OK	08 Dec 2025 13:32:31 +0000	00:00:00.32	aio1	ansible.builtin.stat	ansible-hardening : Check if gdm is installed and configured	1
OK	08 Dec 2025 13:32:30 +0000	00:00:00.33	aio1	ansible.builtin.stat	ansible-hardening : Check if /etc/cron.allow exists	2
OK	08 Dec 2025 13:32:27 +0000	00:00:00.33	aio1	ansible.builtin.command	ansible-hardening : Check for pam_lastlog in PAM configuration	2
OK	08 Dec 2025 13:32:26 +0000	00:00:00.33	aio1	ansible.builtin.stat	ansible-hardening : Check if GRUB2 custom file exists	2
OK	08 Dec 2025 13:32:25 +0000	00:00:00.31	aio1	ansible.builtin.stat	ansible-hardening : Check if sssd.conf exists	2
OK	08 Dec 2025 13:32:25 +0000	00:00:00.34	aio1	ansible.builtin.shell	ansible-hardening : Check for '!authenticate' in sudoers files	4
OK	08 Dec 2025 13:32:25 +0000	00:00:00.05	aio1	debug	ansible-hardening : V-71947 - Users must provide a password for privilege escalation	5
OK	08 Dec 2025 13:32:24 +0000	00:00:00.35	aio1	ansible.builtin.shell	ansible-hardening : Check for 'nopasswd' in sudoers files	4
OK	08 Dec 2025 13:32:23 +0000	00:00:00.36	aio1	ansible.builtin.lineinfile	ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu)	4
CHANGED	08 Dec 2025 13:32:23 +0000	00:00:00.37	aio1	ansible.builtin.lineinfile	ansible-hardening : Set pam_faildelay configuration on Ubuntu	4
OK	08 Dec 2025 13:32:22 +0000	00:00:00.64	aio1	ansible.builtin.service	ansible-hardening : Ensure auditd is running and enabled at boot time	4
CHANGED	08 Dec 2025 13:32:20 +0000	00:00:00.89	aio1	ansible.builtin.template	ansible-hardening : Deploy rules for auditd based on STIG requirements	56
CHANGED	08 Dec 2025 13:32:20 +0000	00:00:00.34	aio1	ansible.builtin.file	ansible-hardening : Remove system default audit.rules file	2
OK	08 Dec 2025 13:32:20 +0000	00:00:00.04	aio1	ansible.builtin.set_fact	ansible-hardening : Get valid system architectures for audit rules	2
OK	08 Dec 2025 13:32:19 +0000	00:00:00.32	aio1	ansible.builtin.stat	ansible-hardening : Verify that audisp-remote.conf exists	2
OK	08 Dec 2025 13:32:18 +0000	00:00:00.36	aio1	ansible.builtin.stat	ansible-hardening : Verify that auditd.conf exists	2
OK	08 Dec 2025 13:32:18 +0000	00:00:00.33	aio1	ansible.builtin.stat	ansible-hardening : Check to see if AIDE database is already in place	2
CHANGED	08 Dec 2025 13:32:17 +0000	00:00:00.34	aio1	ansible.builtin.blockinfile	ansible-hardening : Configure AIDE to verify additional properties (Ubuntu)	6
CHANGED	08 Dec 2025 13:32:16 +0000	00:00:00.76	aio1	ansible.builtin.template	ansible-hardening : Exclude certain directories from AIDE	4
OK	08 Dec 2025 13:32:15 +0000	00:00:00.65	aio1	ansible.builtin.stat	ansible-hardening : Verify that AIDE configuration directory exists	2
OK	08 Dec 2025 13:32:15 +0000	00:00:00.07	aio1	ansible.builtin.debug	ansible-hardening : Print warning for users with an assigned home directory that does not exist	4
OK	08 Dec 2025 13:32:04 +0000	00:00:10.39	aio1	ansible.builtin.stat	ansible-hardening : Check each user to see if its home directory exists on the filesystem	4
OK	08 Dec 2025 13:32:03 +0000	00:00:00.34	aio1	shell	ansible-hardening : Get all accounts with UID 0	5
CHANGED	08 Dec 2025 13:32:02 +0000	00:00:00.71	aio1	ansible.builtin.lineinfile	ansible-hardening : Apply shadow-utils configurations	9
OK	08 Dec 2025 13:32:01 +0000	00:00:00.05	aio1	ansible.builtin.debug	ansible-hardening : Print warning if PAM is not using SHA512 for password storage	4
OK	08 Dec 2025 13:32:01 +0000	00:00:00.33	aio1	ansible.builtin.command	ansible-hardening : Check for SHA512 password storage in PAM	2
CHANGED	08 Dec 2025 13:32:00 +0000	00:00:00.47	aio1	ansible.builtin.blockinfile	ansible-hardening : Set password quality requirements	12
OK	08 Dec 2025 13:31:59 +0000	00:00:00.35	aio1	ansible.builtin.stat	ansible-hardening : Check if /etc/security/pwquality.conf exists	2
CHANGED	08 Dec 2025 13:31:58 +0000	00:00:00.34	aio1	ansible.builtin.lineinfile	ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages	3
OK	08 Dec 2025 13:31:58 +0000	00:00:00.04	aio1	ansible.builtin.debug	ansible-hardening : V-71977 - Package management tool must verify authenticity of packages	3
OK	08 Dec 2025 13:31:58 +0000	00:00:00.33	aio1	ansible.builtin.command	ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/	1
OK	08 Dec 2025 13:31:56 +0000	00:00:00.02	aio1	ansible.builtin.include_tasks	ansible-hardening : Including OS-specific tasks	1
OK	08 Dec 2025 13:31:55 +0000	00:00:01.02	aio1	ansible.builtin.package	ansible-hardening : Remove packages based on STIG requirements	17
CHANGED	08 Dec 2025 13:31:03 +0000	00:00:52.33	aio1	ansible.builtin.package	ansible-hardening : Add packages based on STIG requirements	17
OK	08 Dec 2025 13:31:02 +0000	00:00:00.33	aio1	get_users	ansible-hardening : Get user data for all interactive users on the system	2
OK	08 Dec 2025 13:31:01 +0000	00:00:00.50	aio1	get_users	ansible-hardening : Get user data for all users on the system	2
OK	08 Dec 2025 13:31:00 +0000	00:00:00.03	aio1	ansible.builtin.set_fact	ansible-hardening : Set a fact for the temporary directory	2
CHANGED	08 Dec 2025 13:31:00 +0000	00:00:00.50	aio1	ansible.builtin.tempfile	ansible-hardening : Create temporary directory to hold any temporary files	2
OK	08 Dec 2025 13:30:59 +0000	00:00:00.35	aio1	ansible.builtin.stat	ansible-hardening : Check if grub is present on the remote node	2
OK	08 Dec 2025 13:30:59 +0000	00:00:00.05	aio1	ansible.builtin.set_fact	ansible-hardening : Set facts	2
OK	08 Dec 2025 13:30:59 +0000	00:00:00.05	aio1	ansible.builtin.set_fact	ansible-hardening : Check to see if we are booting with EFI or UEFI	2
OK	08 Dec 2025 13:30:58 +0000	00:00:00.51	aio1	ansible.builtin.command	ansible-hardening : Check for check/audit mode	2
OK	08 Dec 2025 13:30:58 +0000	00:00:00.07	aio1	ansible.builtin.include_vars	ansible-hardening : Gather variables for each operating system	2
OK	08 Dec 2025 13:30:57 +0000	00:00:00.02	aio1	ansible.builtin.include_role	Include security hardening role	1
OK	08 Dec 2025 13:30:55 +0000	00:00:01.19	aio1	ansible.builtin.setup	openstack.osa.gather_extra_facts : Gather additional facts	1
OK	08 Dec 2025 13:30:55 +0000	00:00:00.02	aio1	ansible.builtin.include_role	Gather additional facts	1
CHANGED	08 Dec 2025 13:30:52 +0000	00:00:00.83	aio1	ansible.builtin.service	openstack_hosts : Restart systemd-journald	1
CHANGED	08 Dec 2025 13:30:51 +0000	00:00:00.82	aio1	ansible.builtin.copy	openstack_hosts : Define journald configuration	3
CHANGED	08 Dec 2025 13:30:51 +0000	00:00:00.46	aio1	ansible.builtin.file	openstack_hosts : Create /etc/systemd/journald.conf.d directory	3
CHANGED	08 Dec 2025 13:30:49 +0000	00:00:01.28	aio1	ansible.builtin.systemd	systemd_service : Load service networking-post-up	4
OK	08 Dec 2025 13:30:48 +0000	00:00:00.04	aio1	ansible.builtin.include_tasks	systemd_service : Including systemd_load tasks	4
OK	08 Dec 2025 13:30:47 +0000	00:00:01.10	aio1	ansible.builtin.systemd	systemd_service : Reload systemd on unit change	3
CHANGED	08 Dec 2025 13:30:46 +0000	00:00:00.61	aio1	openstack.config_template.config_template	systemd_service : Place the systemd service	4
CHANGED	08 Dec 2025 13:30:45 +0000	00:00:00.88	aio1	ansible.builtin.template	systemd_service : Create tmpfiles.d entry	4
CHANGED	08 Dec 2025 13:30:44 +0000	00:00:00.47	aio1	ansible.builtin.file	systemd_service : Create TEMP service lock dir	4
CHANGED	08 Dec 2025 13:30:43 +0000	00:00:00.48	aio1	ansible.builtin.file	systemd_service : Create TEMP run dir	4
OK	08 Dec 2025 13:30:43 +0000	00:00:00.03	aio1	ansible.builtin.include_role	Run the systemd-service role	3
CHANGED	08 Dec 2025 13:30:34 +0000	00:00:08.70	aio1	ansible.builtin.command	systemd_networkd : Update initramfs	3
OK	08 Dec 2025 13:30:31 +0000	00:00:02.16	aio1	ansible.builtin.setup	systemd_networkd : (RE)Gather facts post setup	3

Playbook #2

Task results

Search and filter task results