Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Variable files: "-e @/etc/openstack_deploy/user_secrets.yml -e @/etc/openstack_deploy/user_variables.yml "
- PLAY [Basic host setup] ********************************************************
- TASK [setup] *******************************************************************
- ok: [controller00]
- ok: [controller01]
- ok: [compute00]
- ok: [compute01]
- ok: [controller02]
- TASK [Check for a supported Operating System] **********************************
- ok: [controller01] => {
- "changed": false,
- "msg": "All assertions passed"
- }
- ok: [controller02] => {
- "changed": false,
- "msg": "All assertions passed"
- }
- ok: [controller00] => {
- "changed": false,
- "msg": "All assertions passed"
- }
- ok: [compute00] => {
- "changed": false,
- "msg": "All assertions passed"
- }
- ok: [compute01] => {
- "changed": false,
- "msg": "All assertions passed"
- }
- TASK [apt_package_pinning : Add apt pin preferences] ***************************
- TASK [openstack_hosts : Gather variables for each operating system] ************
- ok: [controller01] => (item=/etc/ansible/roles/openstack_hosts/vars/ubuntu-16.04.yml)
- ok: [controller02] => (item=/etc/ansible/roles/openstack_hosts/vars/ubuntu-16.04.yml)
- ok: [controller00] => (item=/etc/ansible/roles/openstack_hosts/vars/ubuntu-16.04.yml)
- ok: [compute00] => (item=/etc/ansible/roles/openstack_hosts/vars/ubuntu-16.04.yml)
- ok: [compute01] => (item=/etc/ansible/roles/openstack_hosts/vars/ubuntu-16.04.yml)
- TASK [openstack_hosts : Check Kernel Version] **********************************
- TASK [openstack_hosts : Install host proxy settings] ***************************
- changed: [controller00]
- changed: [controller02]
- changed: [compute00]
- changed: [controller01]
- changed: [compute01]
- TASK [openstack_hosts : include] ***********************************************
- included: /etc/ansible/roles/openstack_hosts/tasks/openstack_host_install_apt.yml for controller00, controller02, controller01, compute00, compute01
- TASK [openstack_hosts : Install host packages] *********************************
- changed: [compute01] => (item=[u'apparmor-utils', u'apt-transport-https', u'bridge-utils', u'build-essential', u'cgroup-lite', u'curl', u'dmeventd', u'dstat', u'ebtables', u'htop', u'iptables', u'irqbalance', u'libkmod-dev', u'libkmod2', u'linux-image-extra-4.4.0-59-generic', u'lvm2', u'python-software-properties', u'python-dev', u'rsync', u'rsyslog', u'sshpass', u'sysstat', u'time', u'vlan', u'wget'])
- changed: [controller00] => (item=[u'apparmor-utils', u'apt-transport-https', u'bridge-utils', u'build-essential', u'cgroup-lite', u'curl', u'dmeventd', u'dstat', u'ebtables', u'htop', u'iptables', u'irqbalance', u'libkmod-dev', u'libkmod2', u'linux-image-extra-4.4.0-59-generic', u'lvm2', u'python-software-properties', u'python-dev', u'rsync', u'rsyslog', u'sshpass', u'sysstat', u'time', u'vlan', u'wget'])
- changed: [compute00] => (item=[u'apparmor-utils', u'apt-transport-https', u'bridge-utils', u'build-essential', u'cgroup-lite', u'curl', u'dmeventd', u'dstat', u'ebtables', u'htop', u'iptables', u'irqbalance', u'libkmod-dev', u'libkmod2', u'linux-image-extra-4.4.0-59-generic', u'lvm2', u'python-software-properties', u'python-dev', u'rsync', u'rsyslog', u'sshpass', u'sysstat', u'time', u'vlan', u'wget'])
- changed: [controller02] => (item=[u'apparmor-utils', u'apt-transport-https', u'bridge-utils', u'build-essential', u'cgroup-lite', u'curl', u'dmeventd', u'dstat', u'ebtables', u'htop', u'iptables', u'irqbalance', u'libkmod-dev', u'libkmod2', u'linux-image-extra-4.4.0-59-generic', u'lvm2', u'python-software-properties', u'python-dev', u'rsync', u'rsyslog', u'sshpass', u'sysstat', u'time', u'vlan', u'wget'])
- changed: [controller01] => (item=[u'apparmor-utils', u'apt-transport-https', u'bridge-utils', u'build-essential', u'cgroup-lite', u'curl', u'dmeventd', u'dstat', u'ebtables', u'htop', u'iptables', u'irqbalance', u'libkmod-dev', u'libkmod2', u'linux-image-extra-4.4.0-59-generic', u'lvm2', u'python-software-properties', u'python-dev', u'rsync', u'rsyslog', u'sshpass', u'sysstat', u'time', u'vlan', u'wget'])
- TASK [openstack_hosts : include] ***********************************************
- TASK [openstack_hosts : Enable sysstat config] *********************************
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack_hosts : Enable sysstat cron] ***********************************
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack_hosts : include] ***********************************************
- included: /etc/ansible/roles/openstack_hosts/tasks/openstack_update_hosts_file.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack_hosts : Drop hosts file entries script locally] ****************
- changed: [controller00 -> localhost]
- TASK [openstack_hosts : Copy templated hosts file entries script] **************
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack_hosts : Stat host file] ****************************************
- ok: [controller01]
- ok: [controller00]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack_hosts : Update hosts file] *************************************
- changed: [controller00]
- changed: [controller01]
- changed: [compute00]
- changed: [controller02]
- changed: [compute01]
- TASK [openstack_hosts : Ensure kernel module(s)] *******************************
- ok: [controller00] => (item=8021q)
- ok: [compute01] => (item=8021q)
- ok: [controller01] => (item=8021q)
- ok: [compute00] => (item=8021q)
- ok: [controller02] => (item=8021q)
- changed: [controller01] => (item=br_netfilter)
- changed: [controller00] => (item=br_netfilter)
- changed: [compute01] => (item=br_netfilter)
- changed: [compute00] => (item=br_netfilter)
- changed: [controller02] => (item=br_netfilter)
- changed: [controller01] => (item=dm_multipath)
- changed: [controller00] => (item=dm_multipath)
- changed: [compute01] => (item=dm_multipath)
- changed: [controller02] => (item=dm_multipath)
- changed: [compute00] => (item=dm_multipath)
- changed: [controller01] => (item=dm_snapshot)
- changed: [controller00] => (item=dm_snapshot)
- changed: [compute01] => (item=dm_snapshot)
- changed: [compute00] => (item=dm_snapshot)
- changed: [controller02] => (item=dm_snapshot)
- changed: [controller01] => (item=ebtables)
- changed: [compute01] => (item=ebtables)
- changed: [controller00] => (item=ebtables)
- changed: [compute00] => (item=ebtables)
- changed: [controller02] => (item=ebtables)
- changed: [compute01] => (item=ip6table_filter)
- changed: [controller00] => (item=ip6table_filter)
- changed: [controller01] => (item=ip6table_filter)
- changed: [compute00] => (item=ip6table_filter)
- changed: [controller02] => (item=ip6table_filter)
- ok: [compute01] => (item=ip6_tables)
- ok: [controller00] => (item=ip6_tables)
- ok: [controller01] => (item=ip6_tables)
- ok: [compute00] => (item=ip6_tables)
- ok: [controller02] => (item=ip6_tables)
- changed: [compute01] => (item=ip_tables)
- changed: [controller01] => (item=ip_tables)
- changed: [controller00] => (item=ip_tables)
- changed: [compute00] => (item=ip_tables)
- changed: [controller02] => (item=ip_tables)
- changed: [compute01] => (item=ipt_MASQUERADE)
- changed: [controller01] => (item=ipt_MASQUERADE)
- changed: [controller00] => (item=ipt_MASQUERADE)
- changed: [controller02] => (item=ipt_MASQUERADE)
- changed: [compute00] => (item=ipt_MASQUERADE)
- changed: [compute01] => (item=ipt_REJECT)
- changed: [controller01] => (item=ipt_REJECT)
- changed: [controller00] => (item=ipt_REJECT)
- changed: [compute00] => (item=ipt_REJECT)
- changed: [controller02] => (item=ipt_REJECT)
- changed: [compute01] => (item=iptable_filter)
- changed: [controller01] => (item=iptable_filter)
- changed: [controller00] => (item=iptable_filter)
- changed: [compute00] => (item=iptable_filter)
- changed: [controller02] => (item=iptable_filter)
- changed: [compute01] => (item=iptable_mangle)
- changed: [controller01] => (item=iptable_mangle)
- changed: [controller00] => (item=iptable_mangle)
- changed: [compute00] => (item=iptable_mangle)
- changed: [controller02] => (item=iptable_mangle)
- changed: [compute01] => (item=iptable_nat)
- changed: [controller01] => (item=iptable_nat)
- changed: [controller00] => (item=iptable_nat)
- changed: [compute00] => (item=iptable_nat)
- changed: [controller02] => (item=iptable_nat)
- changed: [compute01] => (item=ip_vs)
- changed: [controller01] => (item=ip_vs)
- changed: [controller00] => (item=ip_vs)
- changed: [compute00] => (item=ip_vs)
- changed: [controller02] => (item=ip_vs)
- ok: [compute01] => (item=iscsi_tcp)
- ok: [controller01] => (item=iscsi_tcp)
- ok: [controller00] => (item=iscsi_tcp)
- ok: [compute00] => (item=iscsi_tcp)
- ok: [controller02] => (item=iscsi_tcp)
- changed: [compute01] => (item=nbd)
- changed: [controller01] => (item=nbd)
- changed: [controller00] => (item=nbd)
- changed: [compute00] => (item=nbd)
- changed: [controller02] => (item=nbd)
- ok: [compute01] => (item=nf_conntrack)
- ok: [controller01] => (item=nf_conntrack)
- ok: [controller00] => (item=nf_conntrack)
- ok: [compute00] => (item=nf_conntrack)
- ok: [controller02] => (item=nf_conntrack)
- ok: [compute01] => (item=nf_conntrack_ipv4)
- ok: [controller01] => (item=nf_conntrack_ipv4)
- ok: [controller00] => (item=nf_conntrack_ipv4)
- ok: [compute00] => (item=nf_conntrack_ipv4)
- ok: [controller02] => (item=nf_conntrack_ipv4)
- ok: [compute01] => (item=nf_defrag_ipv4)
- ok: [controller01] => (item=nf_defrag_ipv4)
- ok: [compute00] => (item=nf_defrag_ipv4)
- ok: [controller00] => (item=nf_defrag_ipv4)
- ok: [controller02] => (item=nf_defrag_ipv4)
- ok: [compute01] => (item=nf_nat)
- ok: [controller01] => (item=nf_nat)
- ok: [compute00] => (item=nf_nat)
- ok: [controller00] => (item=nf_nat)
- ok: [controller02] => (item=nf_nat)
- ok: [compute01] => (item=nf_nat_ipv4)
- ok: [controller01] => (item=nf_nat_ipv4)
- ok: [controller00] => (item=nf_nat_ipv4)
- ok: [compute00] => (item=nf_nat_ipv4)
- ok: [controller02] => (item=nf_nat_ipv4)
- changed: [compute01] => (item=vhost_net)
- changed: [controller01] => (item=vhost_net)
- changed: [controller00] => (item=vhost_net)
- changed: [compute00] => (item=vhost_net)
- changed: [controller02] => (item=vhost_net)
- ok: [compute01] => (item=x_tables)
- ok: [controller01] => (item=x_tables)
- ok: [controller00] => (item=x_tables)
- ok: [compute00] => (item=x_tables)
- ok: [controller02] => (item=x_tables)
- TASK [openstack_hosts : Ensure kernel module(s) loaded at boot] ****************
- ok: [controller01] => (item=8021q)
- ok: [compute00] => (item=8021q)
- ok: [controller02] => (item=8021q)
- ok: [compute01] => (item=8021q)
- ok: [controller00] => (item=8021q)
- changed: [controller01] => (item=br_netfilter)
- changed: [controller02] => (item=br_netfilter)
- changed: [compute00] => (item=br_netfilter)
- changed: [compute01] => (item=br_netfilter)
- changed: [controller00] => (item=br_netfilter)
- changed: [controller02] => (item=dm_multipath)
- changed: [controller01] => (item=dm_multipath)
- changed: [compute01] => (item=dm_multipath)
- changed: [compute00] => (item=dm_multipath)
- changed: [controller00] => (item=dm_multipath)
- changed: [controller02] => (item=dm_snapshot)
- changed: [controller01] => (item=dm_snapshot)
- changed: [compute00] => (item=dm_snapshot)
- changed: [controller00] => (item=dm_snapshot)
- changed: [compute01] => (item=dm_snapshot)
- changed: [controller01] => (item=ebtables)
- changed: [controller02] => (item=ebtables)
- changed: [compute00] => (item=ebtables)
- changed: [controller00] => (item=ebtables)
- changed: [compute01] => (item=ebtables)
- changed: [controller01] => (item=ip6table_filter)
- changed: [controller02] => (item=ip6table_filter)
- changed: [compute00] => (item=ip6table_filter)
- changed: [controller00] => (item=ip6table_filter)
- changed: [compute01] => (item=ip6table_filter)
- changed: [controller01] => (item=ip6_tables)
- changed: [controller02] => (item=ip6_tables)
- changed: [compute00] => (item=ip6_tables)
- changed: [controller00] => (item=ip6_tables)
- changed: [compute01] => (item=ip6_tables)
- changed: [controller01] => (item=ip_tables)
- changed: [controller02] => (item=ip_tables)
- changed: [compute00] => (item=ip_tables)
- changed: [controller00] => (item=ip_tables)
- changed: [compute01] => (item=ip_tables)
- changed: [controller01] => (item=ipt_MASQUERADE)
- changed: [compute00] => (item=ipt_MASQUERADE)
- changed: [controller02] => (item=ipt_MASQUERADE)
- changed: [controller00] => (item=ipt_MASQUERADE)
- changed: [compute01] => (item=ipt_MASQUERADE)
- changed: [controller01] => (item=ipt_REJECT)
- changed: [compute00] => (item=ipt_REJECT)
- changed: [controller02] => (item=ipt_REJECT)
- changed: [controller00] => (item=ipt_REJECT)
- changed: [compute01] => (item=ipt_REJECT)
- changed: [controller01] => (item=iptable_filter)
- changed: [compute00] => (item=iptable_filter)
- changed: [controller00] => (item=iptable_filter)
- changed: [controller02] => (item=iptable_filter)
- changed: [compute01] => (item=iptable_filter)
- changed: [controller01] => (item=iptable_mangle)
- changed: [compute00] => (item=iptable_mangle)
- changed: [controller02] => (item=iptable_mangle)
- changed: [controller00] => (item=iptable_mangle)
- changed: [compute01] => (item=iptable_mangle)
- changed: [controller01] => (item=iptable_nat)
- changed: [controller02] => (item=iptable_nat)
- changed: [compute00] => (item=iptable_nat)
- changed: [controller00] => (item=iptable_nat)
- changed: [compute01] => (item=iptable_nat)
- changed: [controller01] => (item=ip_vs)
- changed: [controller02] => (item=ip_vs)
- changed: [compute00] => (item=ip_vs)
- changed: [controller00] => (item=ip_vs)
- changed: [compute01] => (item=ip_vs)
- changed: [controller01] => (item=iscsi_tcp)
- changed: [controller02] => (item=iscsi_tcp)
- changed: [compute00] => (item=iscsi_tcp)
- changed: [controller00] => (item=iscsi_tcp)
- changed: [compute01] => (item=iscsi_tcp)
- changed: [controller01] => (item=nbd)
- changed: [controller02] => (item=nbd)
- changed: [controller00] => (item=nbd)
- changed: [compute00] => (item=nbd)
- changed: [compute01] => (item=nbd)
- changed: [controller01] => (item=nf_conntrack)
- changed: [controller02] => (item=nf_conntrack)
- changed: [compute00] => (item=nf_conntrack)
- changed: [controller00] => (item=nf_conntrack)
- changed: [compute01] => (item=nf_conntrack)
- changed: [controller01] => (item=nf_conntrack_ipv4)
- changed: [controller02] => (item=nf_conntrack_ipv4)
- changed: [compute00] => (item=nf_conntrack_ipv4)
- changed: [controller00] => (item=nf_conntrack_ipv4)
- changed: [compute01] => (item=nf_conntrack_ipv4)
- changed: [controller01] => (item=nf_defrag_ipv4)
- changed: [controller02] => (item=nf_defrag_ipv4)
- changed: [compute00] => (item=nf_defrag_ipv4)
- changed: [controller00] => (item=nf_defrag_ipv4)
- changed: [compute01] => (item=nf_defrag_ipv4)
- changed: [controller01] => (item=nf_nat)
- changed: [controller02] => (item=nf_nat)
- changed: [compute00] => (item=nf_nat)
- changed: [controller00] => (item=nf_nat)
- changed: [compute01] => (item=nf_nat)
- changed: [controller01] => (item=nf_nat_ipv4)
- changed: [controller02] => (item=nf_nat_ipv4)
- changed: [compute00] => (item=nf_nat_ipv4)
- changed: [controller00] => (item=nf_nat_ipv4)
- changed: [compute01] => (item=nf_nat_ipv4)
- changed: [controller01] => (item=vhost_net)
- changed: [controller02] => (item=vhost_net)
- changed: [compute00] => (item=vhost_net)
- changed: [controller00] => (item=vhost_net)
- changed: [compute01] => (item=vhost_net)
- changed: [controller01] => (item=x_tables)
- changed: [controller02] => (item=x_tables)
- changed: [compute00] => (item=x_tables)
- changed: [compute01] => (item=x_tables)
- changed: [controller00] => (item=x_tables)
- TASK [openstack_hosts : get kernel release] ************************************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack_hosts : check how kernel modules are implemented (statically builtin, dynamic, not set)] ***
- skipping: [compute00] => (item={u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'})
- skipping: [compute01] => (item={u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'})
- changed: [controller00] => (item={u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'})
- changed: [controller01] => (item={u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'})
- changed: [controller02] => (item={u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'})
- TASK [openstack_hosts : fail if a specific kernel module is not set] ***********
- skipping: [compute00] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- skipping: [controller02] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.265816', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002468', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.263348', u'warnings': [], u'failed': False})
- skipping: [controller01] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.244080', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002541', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.241539', u'warnings': [], u'failed': False})
- skipping: [controller00] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.248015', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002609', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.245406', u'warnings': [], u'failed': False})
- skipping: [compute01] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- TASK [openstack_hosts : fail if a specific pattern is not valid] ***************
- skipping: [controller01] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.244080', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002541', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.241539', u'warnings': [], u'failed': False})
- skipping: [compute00] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- skipping: [compute01] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- skipping: [controller02] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.265816', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002468', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.263348', u'warnings': [], u'failed': False})
- skipping: [controller00] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.248015', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002609', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.245406', u'warnings': [], u'failed': False})
- TASK [openstack_hosts : Ensure dynamic specific kernel module(s) are loaded] ***
- skipping: [compute00] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- skipping: [compute01] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- ok: [controller00] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.248015', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002609', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.245406', u'warnings': [], u'failed': False})
- ok: [controller01] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.244080', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002541', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.241539', u'warnings': [], u'failed': False})
- ok: [controller02] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.265816', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002468', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.263348', u'warnings': [], u'failed': False})
- TASK [openstack_hosts : Ensure dynamic specific kernel module(s) loaded at boot] ***
- skipping: [compute00] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- skipping: [compute01] => (item={'skipped': True, '_ansible_no_log': False, 'skip_reason': u'Conditional check failed', '_ansible_item_result': True, 'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, 'changed': False})
- ok: [controller00] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.248015', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002609', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.245406', u'warnings': [], u'failed': False})
- ok: [controller01] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.244080', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002541', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.241539', u'warnings': [], u'failed': False})
- ok: [controller02] => (item={u'_ansible_parsed': True, u'cmd': [u'grep', u'CONFIG_BRIDGE_NF_EBTABLES', u'/boot/config-4.4.0-59-generic'], u'end': u'2017-01-21 02:03:35.265816', u'_ansible_no_log': False, u'stdout': u'CONFIG_BRIDGE_NF_EBTABLES=m', u'_ansible_item_result': True, u'rc': 0, u'item': {u'pattern': u'CONFIG_BRIDGE_NF_EBTABLES', u'group': u'network_hosts', u'name': u'ebtables'}, u'delta': u'0:00:00.002468', u'stderr': u'', u'changed': True, u'invocation': {u'module_name': u'command', u'module_args': {u'warn': True, u'executable': None, u'_uses_shell': False, u'_raw_params': u'grep CONFIG_BRIDGE_NF_EBTABLES /boot/config-4.4.0-59-generic', u'removes': None, u'creates': None, u'chdir': None}}, u'stdout_lines': [u'CONFIG_BRIDGE_NF_EBTABLES=m'], u'failed_when_result': False, u'start': u'2017-01-21 02:03:35.263348', u'warnings': [], u'failed': False})
- TASK [openstack_hosts : Adding new system tuning] ******************************
- changed: [controller00] => (item={u'key': u'fs.inotify.max_user_watches', u'value': 36864})
- changed: [compute01] => (item={u'key': u'fs.inotify.max_user_watches', u'value': 36864})
- changed: [compute00] => (item={u'key': u'fs.inotify.max_user_watches', u'value': 36864})
- changed: [controller02] => (item={u'key': u'fs.inotify.max_user_watches', u'value': 36864})
- changed: [controller01] => (item={u'key': u'fs.inotify.max_user_watches', u'value': 36864})
- changed: [controller00] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 0})
- changed: [compute01] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 0})
- changed: [compute00] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 0})
- changed: [controller02] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv4.conf.default.rp_filter', u'value': 0})
- changed: [compute01] => (item={u'key': u'net.ipv4.conf.default.rp_filter', u'value': 0})
- changed: [controller02] => (item={u'key': u'net.ipv4.conf.default.rp_filter', u'value': 0})
- changed: [compute00] => (item={u'key': u'net.ipv4.conf.default.rp_filter', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv4.ip_forward', u'value': 1})
- changed: [controller02] => (item={u'key': u'net.ipv4.ip_forward', u'value': 1})
- changed: [compute01] => (item={u'key': u'net.ipv4.ip_forward', u'value': 1})
- changed: [compute00] => (item={u'key': u'net.ipv4.ip_forward', u'value': 1})
- changed: [controller01] => (item={u'key': u'net.netfilter.nf_conntrack_max', u'value': 262144})
- changed: [controller02] => (item={u'key': u'net.netfilter.nf_conntrack_max', u'value': 262144})
- changed: [compute00] => (item={u'key': u'net.netfilter.nf_conntrack_max', u'value': 262144})
- changed: [compute01] => (item={u'key': u'net.netfilter.nf_conntrack_max', u'value': 262144})
- changed: [controller01] => (item={u'key': u'vm.dirty_background_ratio', u'value': 5})
- changed: [controller02] => (item={u'key': u'vm.dirty_background_ratio', u'value': 5})
- changed: [compute00] => (item={u'key': u'vm.dirty_background_ratio', u'value': 5})
- changed: [compute01] => (item={u'key': u'vm.dirty_background_ratio', u'value': 5})
- changed: [controller01] => (item={u'key': u'vm.dirty_ratio', u'value': 10})
- changed: [controller02] => (item={u'key': u'vm.dirty_ratio', u'value': 10})
- changed: [compute00] => (item={u'key': u'vm.dirty_ratio', u'value': 10})
- changed: [compute01] => (item={u'key': u'vm.dirty_ratio', u'value': 10})
- changed: [controller01] => (item={u'key': u'vm.swappiness', u'value': 5})
- changed: [controller02] => (item={u'key': u'vm.swappiness', u'value': 5})
- changed: [compute01] => (item={u'key': u'vm.swappiness', u'value': 5})
- changed: [compute00] => (item={u'key': u'vm.swappiness', u'value': 5})
- changed: [controller01] => (item={u'key': u'net.bridge.bridge-nf-call-ip6tables', u'value': 0})
- changed: [controller02] => (item={u'key': u'net.bridge.bridge-nf-call-ip6tables', u'value': 0})
- changed: [compute00] => (item={u'key': u'net.bridge.bridge-nf-call-ip6tables', u'value': 0})
- changed: [compute01] => (item={u'key': u'net.bridge.bridge-nf-call-ip6tables', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.bridge.bridge-nf-call-iptables', u'value': 0})
- changed: [controller02] => (item={u'key': u'net.bridge.bridge-nf-call-iptables', u'value': 0})
- changed: [compute00] => (item={u'key': u'net.bridge.bridge-nf-call-iptables', u'value': 0})
- changed: [compute01] => (item={u'key': u'net.bridge.bridge-nf-call-iptables', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.bridge.bridge-nf-call-arptables', u'value': 0})
- changed: [controller02] => (item={u'key': u'net.bridge.bridge-nf-call-arptables', u'value': 0})
- changed: [compute01] => (item={u'key': u'net.bridge.bridge-nf-call-arptables', u'value': 0})
- changed: [compute00] => (item={u'key': u'net.bridge.bridge-nf-call-arptables', u'value': 0})
- changed: [controller00] => (item={u'key': u'net.ipv4.conf.default.rp_filter', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [controller02] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [compute01] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [compute00] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [controller00] => (item={u'key': u'net.ipv4.ip_forward', u'value': 1})
- changed: [controller01] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [controller02] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [compute01] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [compute00] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [controller00] => (item={u'key': u'net.netfilter.nf_conntrack_max', u'value': 262144})
- changed: [controller01] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [controller02] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [compute01] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [compute00] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [controller00] => (item={u'key': u'vm.dirty_background_ratio', u'value': 5})
- changed: [controller01] => (item={u'key': u'net.ipv4.route.gc_thresh', u'value': u'16384'})
- changed: [controller02] => (item={u'key': u'net.ipv4.route.gc_thresh', u'value': u'16384'})
- changed: [compute01] => (item={u'key': u'net.ipv4.route.gc_thresh', u'value': u'16384'})
- changed: [compute00] => (item={u'key': u'net.ipv4.route.gc_thresh', u'value': u'16384'})
- changed: [controller00] => (item={u'key': u'vm.dirty_ratio', u'value': 10})
- changed: [controller01] => (item={u'key': u'net.ipv4.neigh.default.gc_interval', u'value': 60})
- changed: [controller02] => (item={u'key': u'net.ipv4.neigh.default.gc_interval', u'value': 60})
- changed: [compute01] => (item={u'key': u'net.ipv4.neigh.default.gc_interval', u'value': 60})
- changed: [compute00] => (item={u'key': u'net.ipv4.neigh.default.gc_interval', u'value': 60})
- changed: [controller00] => (item={u'key': u'vm.swappiness', u'value': 5})
- changed: [controller01] => (item={u'key': u'net.ipv4.neigh.default.gc_stale_time', u'value': 120})
- changed: [controller02] => (item={u'key': u'net.ipv4.neigh.default.gc_stale_time', u'value': 120})
- changed: [compute01] => (item={u'key': u'net.ipv4.neigh.default.gc_stale_time', u'value': 120})
- changed: [compute00] => (item={u'key': u'net.ipv4.neigh.default.gc_stale_time', u'value': 120})
- changed: [controller00] => (item={u'key': u'net.bridge.bridge-nf-call-ip6tables', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [controller02] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [compute01] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [compute00] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [controller00] => (item={u'key': u'net.bridge.bridge-nf-call-iptables', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [controller02] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [compute01] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [compute00] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [controller00] => (item={u'key': u'net.bridge.bridge-nf-call-arptables', u'value': 0})
- changed: [controller01] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [compute00] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [compute01] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [controller00] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [controller01] => (item={u'key': u'net.ipv6.route.gc_thresh', u'value': u'16384'})
- changed: [compute00] => (item={u'key': u'net.ipv6.route.gc_thresh', u'value': u'16384'})
- changed: [compute01] => (item={u'key': u'net.ipv6.route.gc_thresh', u'value': u'16384'})
- changed: [controller00] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [controller01] => (item={u'key': u'net.ipv6.neigh.default.gc_interval', u'value': 60})
- changed: [compute00] => (item={u'key': u'net.ipv6.neigh.default.gc_interval', u'value': 60})
- changed: [compute01] => (item={u'key': u'net.ipv6.neigh.default.gc_interval', u'value': 60})
- changed: [controller00] => (item={u'key': u'net.ipv4.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [controller01] => (item={u'key': u'net.ipv6.neigh.default.gc_stale_time', u'value': 120})
- changed: [compute00] => (item={u'key': u'net.ipv6.neigh.default.gc_stale_time', u'value': 120})
- changed: [compute01] => (item={u'key': u'net.ipv6.neigh.default.gc_stale_time', u'value': 120})
- changed: [controller00] => (item={u'key': u'net.ipv4.route.gc_thresh', u'value': u'16384'})
- changed: [controller01] => (item={u'key': u'fs.aio-max-nr', u'value': 131072})
- changed: [compute00] => (item={u'key': u'fs.aio-max-nr', u'value': 131072})
- changed: [compute01] => (item={u'key': u'fs.aio-max-nr', u'value': 131072})
- changed: [controller00] => (item={u'key': u'net.ipv4.neigh.default.gc_interval', u'value': 60})
- changed: [controller00] => (item={u'key': u'net.ipv4.neigh.default.gc_stale_time', u'value': 120})
- changed: [controller00] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh1', u'value': u'4096'})
- changed: [controller00] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh2', u'value': u'8192'})
- changed: [controller00] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [controller02] => (item={u'key': u'net.ipv6.neigh.default.gc_thresh3', u'value': u'16384'})
- changed: [controller00] => (item={u'key': u'net.ipv6.route.gc_thresh', u'value': u'16384'})
- changed: [controller02] => (item={u'key': u'net.ipv6.route.gc_thresh', u'value': u'16384'})
- changed: [controller00] => (item={u'key': u'net.ipv6.neigh.default.gc_interval', u'value': 60})
- changed: [controller02] => (item={u'key': u'net.ipv6.neigh.default.gc_interval', u'value': 60})
- changed: [controller00] => (item={u'key': u'net.ipv6.neigh.default.gc_stale_time', u'value': 120})
- changed: [controller02] => (item={u'key': u'net.ipv6.neigh.default.gc_stale_time', u'value': 120})
- changed: [controller00] => (item={u'key': u'fs.aio-max-nr', u'value': 131072})
- changed: [controller02] => (item={u'key': u'fs.aio-max-nr', u'value': 131072})
- TASK [openstack_hosts : Ensure ssh directory] **********************************
- changed: [controller02]
- changed: [controller00]
- changed: [compute01]
- changed: [compute00]
- changed: [controller01]
- TASK [openstack_hosts : Update SSH keys] ***************************************
- TASK [openstack_hosts : Ensure all keys in authorized_keys] ********************
- TASK [openstack_hosts : Drop openstack release file] ***************************
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack_hosts : Remove legacy openstack release file] ******************
- RUNNING HANDLER [openstack_hosts : Restart sysstat] ****************************
- changed: [controller00]
- changed: [compute00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute01]
- PLAY [Apply security hardening configurations] *********************************
- TASK [openstack-ansible-security : Gather variables for each operating system] *
- ok: [controller00] => (item=/etc/ansible/roles/openstack-ansible-security/vars/ubuntu.yml)
- ok: [controller01] => (item=/etc/ansible/roles/openstack-ansible-security/vars/ubuntu.yml)
- ok: [controller02] => (item=/etc/ansible/roles/openstack-ansible-security/vars/ubuntu.yml)
- ok: [compute00] => (item=/etc/ansible/roles/openstack-ansible-security/vars/ubuntu.yml)
- ok: [compute01] => (item=/etc/ansible/roles/openstack-ansible-security/vars/ubuntu.yml)
- TASK [openstack-ansible-security : Gather variables that apply to all operating systems] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Check for check/audit mode] *****************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Check to see if we're booting with EFI/UEFI]
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Set facts] **********************************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/main.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Create temporary directory to hold any temporary files] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Set a fact for the temporary directory] *****
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/packages.yml for controller00, controller02, controller01, compute00, compute01
- TASK [openstack-ansible-security : Add or remove packages based on STIG requirements] ***
- ok: [controller01] => (item=absent)
- ok: [controller02] => (item=absent)
- ok: [controller00] => (item=absent)
- ok: [compute00] => (item=absent)
- ok: [compute01] => (item=absent)
- changed: [compute00] => (item=latest)
- changed: [controller00] => (item=latest)
- changed: [controller02] => (item=latest)
- changed: [controller01] => (item=latest)
- changed: [compute01] => (item=latest)
- TASK [openstack-ansible-security : RHEL-07-020200 - Clean requirements/dependencies when removing packages (rpm)] ***
- TASK [openstack-ansible-security : RHEL-07-020200 - Clean requirements/dependencies when removing packages (dpkg)] ***
- TASK [openstack-ansible-security : RHEL-07-020250 - System security patches and updates must be installed and up to date. (yum)] ***
- TASK [openstack-ansible-security : RHEL-07-020250 - System security patches and updates must be installed and up to date. (apt)] ***
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/apt.yml for controller00, controller02, controller01, compute00, compute01
- TASK [openstack-ansible-security : Ensure debsums is installed] ****************
- changed: [controller02]
- changed: [controller00]
- changed: [compute01]
- changed: [compute00]
- changed: [controller01]
- TASK [openstack-ansible-security : Gather debsums report] **********************
- ok: [controller01]
- ok: [controller00]
- ok: [compute00]
- ok: [controller02]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010020 - Get files with invalid checksums (apt)] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010020 - Create comma-separated list] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010020 - The cryptographic hash of system files and commands must match vendor values (apt)] ***
- ok: [controller00] => {
- "msg": "The following files have checksums that differ from the checksum provided with their package. Each of these should be verified manually to ensure they have not been modified by an unauthorized user: /sbin/start-stop-daemon, /usr/share/locale-langpack/en/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/xdiagnose.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/kdesudo.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/devscripts.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/elfutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/fwupd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gutenprint.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lxd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/mcs.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sssd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subdomain_parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subversion.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/systemd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/xdiagnose.mo\n"
- }
- ok: [controller01] => {
- "msg": "The following files have checksums that differ from the checksum provided with their package. Each of these should be verified manually to ensure they have not been modified by an unauthorized user: /sbin/start-stop-daemon, /usr/share/locale-langpack/en/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/xdiagnose.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/kdesudo.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/devscripts.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/elfutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/fwupd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gutenprint.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lxd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/mcs.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sssd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subdomain_parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subversion.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/systemd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/xdiagnose.mo\n"
- }
- ok: [controller02] => {
- "msg": "The following files have checksums that differ from the checksum provided with their package. Each of these should be verified manually to ensure they have not been modified by an unauthorized user: /sbin/start-stop-daemon, /usr/share/locale-langpack/en/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/xdiagnose.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/kdesudo.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/devscripts.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/elfutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/fwupd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gutenprint.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lxd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/mcs.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sssd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subdomain_parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subversion.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/systemd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/xdiagnose.mo\n"
- }
- ok: [compute00] => {
- "msg": "The following files have checksums that differ from the checksum provided with their package. Each of these should be verified manually to ensure they have not been modified by an unauthorized user: /sbin/start-stop-daemon, /usr/share/locale-langpack/en/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/xdiagnose.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/kdesudo.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/devscripts.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/elfutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/fwupd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gutenprint.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lxd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/mcs.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sssd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subdomain_parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subversion.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/systemd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/xdiagnose.mo\n"
- }
- ok: [compute01] => {
- "msg": "The following files have checksums that differ from the checksum provided with their package. Each of these should be verified manually to ensure they have not been modified by an unauthorized user: /sbin/start-stop-daemon, /usr/share/locale-langpack/en/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/xdiagnose.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/kdesudo.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/devscripts.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/elfutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/fwupd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gutenprint.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lxd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/mcs.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sssd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subdomain_parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subversion.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/systemd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/xdiagnose.mo\n"
- }
- TASK [openstack-ansible-security : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/] ***
- [DEPRECATION WARNING]: always_run is deprecated. Use check_mode = no instead..
- This feature will be removed in version 2.4. Deprecation warnings can be
- disabled by setting deprecation_warnings=False in ansible.cfg.
- [DEPRECATION WARNING]: always_run is deprecated. Use check_mode = no instead..
- This feature will be removed in version 2.4. Deprecation warnings can be
- disabled by setting deprecation_warnings=False in ansible.cfg.
- [DEPRECATION WARNING]: always_run is deprecated. Use check_mode = no instead..
- This feature will be removed in version 2.4. Deprecation warnings can be
- disabled by setting deprecation_warnings=False in ansible.cfg.
- [DEPRECATION WARNING]: always_run is deprecated. Use check_mode = no instead..
- This feature will be removed in version 2.4. Deprecation warnings can be
- disabled by setting deprecation_warnings=False in ansible.cfg.
- [DEPRECATION WARNING]: always_run is deprecated. Use check_mode = no instead..
- This feature will be removed in version 2.4. Deprecation warnings can be
- disabled by setting deprecation_warnings=False in ansible.cfg.
- ok: [controller01]
- ok: [controller00]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-020150 - Package management tool must verify authenticity of packages] ***
- TASK [openstack-ansible-security : RHEL-07-020151 - Package management tool must verify authenticity of locally-installed packages] ***
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : include] ************************************
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/aide.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Verify that AIDE configuration directory exists] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Exclude certain directories from AIDE] ******
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : Check to see if AIDE database is already in place] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Initialize AIDE (this will take a few minutes)] ***
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : Move AIDE database into place] **************
- TASK [openstack-ansible-security : Create AIDE cron job] ***********************
- TASK [openstack-ansible-security : Configure AIDE to verify additional properties] ***
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/auditd.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Verify that auditd.conf exists] *************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Verify that audisp-remote.conf exists] ******
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-030330 - The operating system must off-load audit records onto a different system or media from the system being audited] ***
- TASK [openstack-ansible-security : RHEL-07-030331 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited] ***
- TASK [openstack-ansible-security : Get valid system architectures for audit rules] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Remove system default audit.rules file] *****
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : Remove old RHEL 6 audit rules file] *********
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Deploy rules for auditd based on STIG requirements] ***
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : Adjust auditd/audispd configurations] *******
- changed: [controller00] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'disk_full_action', u'value': u'syslog'})
- changed: [controller01] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'disk_full_action', u'value': u'syslog'})
- changed: [controller02] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'disk_full_action', u'value': u'syslog'})
- changed: [compute00] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'disk_full_action', u'value': u'syslog'})
- changed: [compute01] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'disk_full_action', u'value': u'syslog'})
- changed: [controller00] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'network_failure_action', u'value': u'syslog'})
- changed: [controller02] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'network_failure_action', u'value': u'syslog'})
- changed: [controller01] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'network_failure_action', u'value': u'syslog'})
- changed: [compute00] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'network_failure_action', u'value': u'syslog'})
- changed: [compute01] => (item={u'config': u'/etc/audisp/audisp-remote.conf', u'parameter': u'network_failure_action', u'value': u'syslog'})
- changed: [controller00] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left', u'value': u'14632'})
- changed: [controller01] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left', u'value': u'14632'})
- changed: [compute00] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left', u'value': u'14632'})
- changed: [controller02] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left', u'value': u'14632'})
- changed: [compute01] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left', u'value': u'14632'})
- changed: [controller00] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left_action', u'value': u'email'})
- changed: [controller01] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left_action', u'value': u'email'})
- changed: [compute00] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left_action', u'value': u'email'})
- changed: [controller02] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left_action', u'value': u'email'})
- changed: [compute01] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'space_left_action', u'value': u'email'})
- ok: [controller00] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'action_mail_acct', u'value': u'root'})
- ok: [controller01] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'action_mail_acct', u'value': u'root'})
- ok: [compute00] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'action_mail_acct', u'value': u'root'})
- ok: [controller02] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'action_mail_acct', u'value': u'root'})
- ok: [compute01] => (item={u'config': u'/etc/audit/auditd.conf', u'parameter': u'action_mail_acct', u'value': u'root'})
- TASK [openstack-ansible-security : Ensure auditd is running and enabled at boot time] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/auth.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Get a list of users on the system to use throughout the auth tasks] ***
- ok: [controller01]
- ok: [controller00]
- ok: [compute00]
- ok: [controller02]
- ok: [compute01]
- TASK [openstack-ansible-security : Check if /etc/security/pwquality.conf exists] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Set password quality requirements] **********
- changed: [controller01]
- changed: [controller00]
- changed: [compute01]
- changed: [controller02]
- changed: [compute00]
- TASK [openstack-ansible-security : Check for SHA512 password storage in PAM] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010170 - The PAM system service must be configured to store only encrypted representations of passwords.] ***
- TASK [openstack-ansible-security : Configure shadow-utils configuration] *******
- ok: [controller01] => (item={u'stig_id': u'RHEL-07-010180', u'parameter': u'ENCRYPT_METHOD', u'value': u'SHA512'})
- ok: [controller00] => (item={u'stig_id': u'RHEL-07-010180', u'parameter': u'ENCRYPT_METHOD', u'value': u'SHA512'})
- skipping: [controller01] => (item={u'stig_id': u'RHEL-07-010200', u'parameter': u'PASS_MIN_DAYS', u'value': u''})
- skipping: [controller00] => (item={u'stig_id': u'RHEL-07-010200', u'parameter': u'PASS_MIN_DAYS', u'value': u''})
- skipping: [controller01] => (item={u'stig_id': u'RHEL-07-010220', u'parameter': u'PASS_MAX_DAYS', u'value': u''})
- skipping: [controller00] => (item={u'stig_id': u'RHEL-07-010220', u'parameter': u'PASS_MAX_DAYS', u'value': u''})
- ok: [controller02] => (item={u'stig_id': u'RHEL-07-010180', u'parameter': u'ENCRYPT_METHOD', u'value': u'SHA512'})
- ok: [compute01] => (item={u'stig_id': u'RHEL-07-010180', u'parameter': u'ENCRYPT_METHOD', u'value': u'SHA512'})
- ok: [compute00] => (item={u'stig_id': u'RHEL-07-010180', u'parameter': u'ENCRYPT_METHOD', u'value': u'SHA512'})
- skipping: [compute01] => (item={u'stig_id': u'RHEL-07-010200', u'parameter': u'PASS_MIN_DAYS', u'value': u''})
- skipping: [controller02] => (item={u'stig_id': u'RHEL-07-010200', u'parameter': u'PASS_MIN_DAYS', u'value': u''})
- skipping: [compute00] => (item={u'stig_id': u'RHEL-07-010200', u'parameter': u'PASS_MIN_DAYS', u'value': u''})
- skipping: [compute01] => (item={u'stig_id': u'RHEL-07-010220', u'parameter': u'PASS_MAX_DAYS', u'value': u''})
- skipping: [controller02] => (item={u'stig_id': u'RHEL-07-010220', u'parameter': u'PASS_MAX_DAYS', u'value': u''})
- skipping: [compute00] => (item={u'stig_id': u'RHEL-07-010220', u'parameter': u'PASS_MAX_DAYS', u'value': u''})
- changed: [controller01] => (item={u'stig_id': u'RHEL-07-010420', u'parameter': u'FAIL_DELAY', u'value': u'4'})
- changed: [controller00] => (item={u'stig_id': u'RHEL-07-010420', u'parameter': u'FAIL_DELAY', u'value': u'4'})
- skipping: [controller01] => (item={u'stig_id': u'RHEL-07-020230', u'parameter': u'UMASK', u'value': u''})
- skipping: [controller00] => (item={u'stig_id': u'RHEL-07-020230', u'parameter': u'UMASK', u'value': u''})
- changed: [compute01] => (item={u'stig_id': u'RHEL-07-010420', u'parameter': u'FAIL_DELAY', u'value': u'4'})
- skipping: [compute01] => (item={u'stig_id': u'RHEL-07-020230', u'parameter': u'UMASK', u'value': u''})
- changed: [controller02] => (item={u'stig_id': u'RHEL-07-010420', u'parameter': u'FAIL_DELAY', u'value': u'4'})
- changed: [compute00] => (item={u'stig_id': u'RHEL-07-010420', u'parameter': u'FAIL_DELAY', u'value': u'4'})
- skipping: [controller02] => (item={u'stig_id': u'RHEL-07-020230', u'parameter': u'UMASK', u'value': u''})
- skipping: [compute00] => (item={u'stig_id': u'RHEL-07-020230', u'parameter': u'UMASK', u'value': u''})
- changed: [controller01] => (item={u'stig_id': u'RHEL-07-020630', u'parameter': u'CREATE_HOME', u'value': True})
- changed: [controller00] => (item={u'stig_id': u'RHEL-07-020630', u'parameter': u'CREATE_HOME', u'value': True})
- changed: [compute01] => (item={u'stig_id': u'RHEL-07-020630', u'parameter': u'CREATE_HOME', u'value': True})
- changed: [controller02] => (item={u'stig_id': u'RHEL-07-020630', u'parameter': u'CREATE_HOME', u'value': True})
- changed: [compute00] => (item={u'stig_id': u'RHEL-07-020630', u'parameter': u'CREATE_HOME', u'value': True})
- TASK [openstack-ansible-security : RHEL-07-010190 - User and group account administration utilities must be configured to store only encrypted representations of passwords.] ***
- TASK [openstack-ansible-security : Get all user accounts with a password lifetime limit under 24 hours] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010210 - Passwords must be restricted to a 24 hours/1 day minimum lifetime.] ***
- ok: [controller00] => {
- "msg": "Accounts were found with a minimum password lifetime limit under 24 hours:\nroot, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, nobody, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy, _apt, ntp, syslog, sshd, puppet, devuser, postfix\n"
- }
- ok: [controller01] => {
- "msg": "Accounts were found with a minimum password lifetime limit under 24 hours:\nroot, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, nobody, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy, _apt, ntp, syslog, sshd, puppet, devuser, postfix\n"
- }
- ok: [controller02] => {
- "msg": "Accounts were found with a minimum password lifetime limit under 24 hours:\nroot, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, nobody, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy, _apt, ntp, syslog, sshd, puppet, devuser, postfix\n"
- }
- ok: [compute00] => {
- "msg": "Accounts were found with a minimum password lifetime limit under 24 hours:\nroot, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, nobody, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy, _apt, ntp, syslog, sshd, puppet, devuser, postfix\n"
- }
- ok: [compute01] => {
- "msg": "Accounts were found with a minimum password lifetime limit under 24 hours:\nroot, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, nobody, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy, _apt, ntp, syslog, sshd, puppet, devuser, statd, postfix\n"
- }
- TASK [openstack-ansible-security : RHEL-07-010240 - Passwords must be prohibited from reuse for a minimum of five generations.] ***
- TASK [openstack-ansible-security : RHEL-07-010230 - Existing passwords must be restricted to a 60-day maximum lifetime.] ***
- ok: [controller00] => {
- "msg": "The following user accounts have an existing password with a lifetime of\ngreater than 60 days: root has an expiration of 99999 days\n daemon has an expiration of 99999 days\n bin has an expiration of 99999 days\n sys has an expiration of 99999 days\n sync has an expiration of 99999 days\n games has an expiration of 99999 days\n man has an expiration of 99999 days\n lp has an expiration of 99999 days\n mail has an expiration of 99999 days\n news has an expiration of 99999 days\n uucp has an expiration of 99999 days\n proxy has an expiration of 99999 days\n www-data has an expiration of 99999 days\n backup has an expiration of 99999 days\n list has an expiration of 99999 days\n irc has an expiration of 99999 days\n gnats has an expiration of 99999 days\n nobody has an expiration of 99999 days\n systemd-timesync has an expiration of 99999 days\n systemd-network has an expiration of 99999 days\n systemd-resolve has an expiration of 99999 days\n systemd-bus-proxy has an expiration of 99999 days\n _apt has an expiration of 99999 days\n ntp has an expiration of 99999 days\n syslog has an expiration of 99999 days\n sshd has an expiration of 99999 days\n puppet has an expiration of 99999 days\n devuser has an expiration of 99999 days\n postfix has an expiration of 99999 days\n"
- }
- ok: [controller01] => {
- "msg": "The following user accounts have an existing password with a lifetime of\ngreater than 60 days: root has an expiration of 99999 days\n daemon has an expiration of 99999 days\n bin has an expiration of 99999 days\n sys has an expiration of 99999 days\n sync has an expiration of 99999 days\n games has an expiration of 99999 days\n man has an expiration of 99999 days\n lp has an expiration of 99999 days\n mail has an expiration of 99999 days\n news has an expiration of 99999 days\n uucp has an expiration of 99999 days\n proxy has an expiration of 99999 days\n www-data has an expiration of 99999 days\n backup has an expiration of 99999 days\n list has an expiration of 99999 days\n irc has an expiration of 99999 days\n gnats has an expiration of 99999 days\n nobody has an expiration of 99999 days\n systemd-timesync has an expiration of 99999 days\n systemd-network has an expiration of 99999 days\n systemd-resolve has an expiration of 99999 days\n systemd-bus-proxy has an expiration of 99999 days\n _apt has an expiration of 99999 days\n ntp has an expiration of 99999 days\n syslog has an expiration of 99999 days\n sshd has an expiration of 99999 days\n puppet has an expiration of 99999 days\n devuser has an expiration of 99999 days\n postfix has an expiration of 99999 days\n"
- }
- ok: [controller02] => {
- "msg": "The following user accounts have an existing password with a lifetime of\ngreater than 60 days: root has an expiration of 99999 days\n daemon has an expiration of 99999 days\n bin has an expiration of 99999 days\n sys has an expiration of 99999 days\n sync has an expiration of 99999 days\n games has an expiration of 99999 days\n man has an expiration of 99999 days\n lp has an expiration of 99999 days\n mail has an expiration of 99999 days\n news has an expiration of 99999 days\n uucp has an expiration of 99999 days\n proxy has an expiration of 99999 days\n www-data has an expiration of 99999 days\n backup has an expiration of 99999 days\n list has an expiration of 99999 days\n irc has an expiration of 99999 days\n gnats has an expiration of 99999 days\n nobody has an expiration of 99999 days\n systemd-timesync has an expiration of 99999 days\n systemd-network has an expiration of 99999 days\n systemd-resolve has an expiration of 99999 days\n systemd-bus-proxy has an expiration of 99999 days\n _apt has an expiration of 99999 days\n ntp has an expiration of 99999 days\n syslog has an expiration of 99999 days\n sshd has an expiration of 99999 days\n puppet has an expiration of 99999 days\n devuser has an expiration of 99999 days\n postfix has an expiration of 99999 days\n"
- }
- ok: [compute00] => {
- "msg": "The following user accounts have an existing password with a lifetime of\ngreater than 60 days: root has an expiration of 99999 days\n daemon has an expiration of 99999 days\n bin has an expiration of 99999 days\n sys has an expiration of 99999 days\n sync has an expiration of 99999 days\n games has an expiration of 99999 days\n man has an expiration of 99999 days\n lp has an expiration of 99999 days\n mail has an expiration of 99999 days\n news has an expiration of 99999 days\n uucp has an expiration of 99999 days\n proxy has an expiration of 99999 days\n www-data has an expiration of 99999 days\n backup has an expiration of 99999 days\n list has an expiration of 99999 days\n irc has an expiration of 99999 days\n gnats has an expiration of 99999 days\n nobody has an expiration of 99999 days\n systemd-timesync has an expiration of 99999 days\n systemd-network has an expiration of 99999 days\n systemd-resolve has an expiration of 99999 days\n systemd-bus-proxy has an expiration of 99999 days\n _apt has an expiration of 99999 days\n ntp has an expiration of 99999 days\n syslog has an expiration of 99999 days\n sshd has an expiration of 99999 days\n puppet has an expiration of 99999 days\n devuser has an expiration of 99999 days\n postfix has an expiration of 99999 days\n"
- }
- ok: [compute01] => {
- "msg": "The following user accounts have an existing password with a lifetime of\ngreater than 60 days: root has an expiration of 99999 days\n daemon has an expiration of 99999 days\n bin has an expiration of 99999 days\n sys has an expiration of 99999 days\n sync has an expiration of 99999 days\n games has an expiration of 99999 days\n man has an expiration of 99999 days\n lp has an expiration of 99999 days\n mail has an expiration of 99999 days\n news has an expiration of 99999 days\n uucp has an expiration of 99999 days\n proxy has an expiration of 99999 days\n www-data has an expiration of 99999 days\n backup has an expiration of 99999 days\n list has an expiration of 99999 days\n irc has an expiration of 99999 days\n gnats has an expiration of 99999 days\n nobody has an expiration of 99999 days\n systemd-timesync has an expiration of 99999 days\n systemd-network has an expiration of 99999 days\n systemd-resolve has an expiration of 99999 days\n systemd-bus-proxy has an expiration of 99999 days\n _apt has an expiration of 99999 days\n ntp has an expiration of 99999 days\n syslog has an expiration of 99999 days\n sshd has an expiration of 99999 days\n puppet has an expiration of 99999 days\n devuser has an expiration of 99999 days\n statd has an expiration of 99999 days\n postfix has an expiration of 99999 days\n"
- }
- TASK [openstack-ansible-security : RHEL-07-010260 - The system must not have accounts configured with blank or null passwords] ***
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010260 - The system must not have accounts configured with blank or null passwords] ***
- skipping: [controller02] => (item=auth)
- skipping: [compute00] => (item=auth)
- skipping: [controller02] => (item=password)
- skipping: [compute00] => (item=password)
- skipping: [compute01] => (item=auth)
- skipping: [controller01] => (item=password)
- skipping: [compute01] => (item=password)
- skipping: [controller01] => (item=auth)
- skipping: [controller00] => (item=password)
- skipping: [controller00] => (item=auth)
- TASK [openstack-ansible-security : RHEL-07-010280 - The operating system must disable account identifiers if the password expires.] ***
- TASK [openstack-ansible-security : RHEL-07-010371 - If three unsuccessful logon attempts within 15 minutes occur the associated account must be locked.] ***
- TASK [openstack-ansible-security : Check for 'nopasswd' in sudoers files] ******
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010380 - Users must provide a password for privilege escalation.] ***
- ok: [controller00] => {
- "msg": "The 'NOPASSWD' directive was found in the sudoers configuration files. Remove the directive to ensure that all users must provide a password to run commands as the root user.\n"
- }
- ok: [controller01] => {
- "msg": "The 'NOPASSWD' directive was found in the sudoers configuration files. Remove the directive to ensure that all users must provide a password to run commands as the root user.\n"
- }
- ok: [controller02] => {
- "msg": "The 'NOPASSWD' directive was found in the sudoers configuration files. Remove the directive to ensure that all users must provide a password to run commands as the root user.\n"
- }
- ok: [compute00] => {
- "msg": "The 'NOPASSWD' directive was found in the sudoers configuration files. Remove the directive to ensure that all users must provide a password to run commands as the root user.\n"
- }
- ok: [compute01] => {
- "msg": "The 'NOPASSWD' directive was found in the sudoers configuration files. Remove the directive to ensure that all users must provide a password to run commands as the root user.\n"
- }
- TASK [openstack-ansible-security : Check for '!authenticate' in sudoers files] *
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010381 - Users must re-authenticate for privilege escalation.] ***
- TASK [openstack-ansible-security : Check if sssd.conf exists] ******************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010400 - The operating system must prohibit the use of cached nss authenticators after one day.] ***
- TASK [openstack-ansible-security : RHEL-07-010401 - The operating system must prohibit the use of cached PAM authenticators after one day.] ***
- TASK [openstack-ansible-security : Set a GRUB 2 password for single-user/maintenance modes] ***
- TASK [openstack-ansible-security : Get all accounts with UID 0] ****************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Check for groups in /etc/passwd that are not in /etc/group] ***
- TASK [openstack-ansible-security : RHEL-07-020310 - The root account must be the only account having unrestricted access to the system] ***
- TASK [openstack-ansible-security : RHEL-07-020620 - All local interactive users must have a home directory assigned in the /etc/passwd file.] ***
- TASK [openstack-ansible-security : Check each user to see if its home directory exists on the filesystem] ***
- ok: [controller00] => (item={u'shell': u'/bin/bash', u'group': {u'passwd': u'x', u'gid': 0, u'name': u'root'}, u'name': u'root', u'gid': 0, u'gecos': u'root', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/root', u'uid': 0})
- ok: [controller01] => (item={u'shell': u'/bin/bash', u'group': {u'passwd': u'x', u'gid': 0, u'name': u'root'}, u'name': u'root', u'gid': 0, u'gecos': u'root', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/root', u'uid': 0})
- ok: [controller02] => (item={u'shell': u'/bin/bash', u'group': {u'passwd': u'x', u'gid': 0, u'name': u'root'}, u'name': u'root', u'gid': 0, u'gecos': u'root', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/root', u'uid': 0})
- ok: [compute00] => (item={u'shell': u'/bin/bash', u'group': {u'passwd': u'x', u'gid': 0, u'name': u'root'}, u'name': u'root', u'gid': 0, u'gecos': u'root', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/root', u'uid': 0})
- ok: [compute01] => (item={u'shell': u'/bin/bash', u'group': {u'passwd': u'x', u'gid': 0, u'name': u'root'}, u'name': u'root', u'gid': 0, u'gecos': u'root', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/root', u'uid': 0})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 1, u'name': u'daemon'}, u'name': u'daemon', u'gid': 1, u'gecos': u'daemon', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/sbin', u'uid': 1})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 1, u'name': u'daemon'}, u'name': u'daemon', u'gid': 1, u'gecos': u'daemon', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/sbin', u'uid': 1})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 1, u'name': u'daemon'}, u'name': u'daemon', u'gid': 1, u'gecos': u'daemon', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/sbin', u'uid': 1})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 1, u'name': u'daemon'}, u'name': u'daemon', u'gid': 1, u'gecos': u'daemon', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/sbin', u'uid': 1})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 1, u'name': u'daemon'}, u'name': u'daemon', u'gid': 1, u'gecos': u'daemon', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/sbin', u'uid': 1})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 2, u'name': u'bin'}, u'name': u'bin', u'gid': 2, u'gecos': u'bin', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 2})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 2, u'name': u'bin'}, u'name': u'bin', u'gid': 2, u'gecos': u'bin', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 2})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 2, u'name': u'bin'}, u'name': u'bin', u'gid': 2, u'gecos': u'bin', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 2})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 2, u'name': u'bin'}, u'name': u'bin', u'gid': 2, u'gecos': u'bin', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 2})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 2, u'name': u'bin'}, u'name': u'bin', u'gid': 2, u'gecos': u'bin', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 2})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 3, u'name': u'sys'}, u'name': u'sys', u'gid': 3, u'gecos': u'sys', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/dev', u'uid': 3})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 3, u'name': u'sys'}, u'name': u'sys', u'gid': 3, u'gecos': u'sys', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/dev', u'uid': 3})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 3, u'name': u'sys'}, u'name': u'sys', u'gid': 3, u'gecos': u'sys', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/dev', u'uid': 3})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 3, u'name': u'sys'}, u'name': u'sys', u'gid': 3, u'gecos': u'sys', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/dev', u'uid': 3})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 3, u'name': u'sys'}, u'name': u'sys', u'gid': 3, u'gecos': u'sys', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/dev', u'uid': 3})
- ok: [controller00] => (item={u'shell': u'/bin/sync', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sync', u'gid': 65534, u'gecos': u'sync', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 4})
- ok: [controller01] => (item={u'shell': u'/bin/sync', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sync', u'gid': 65534, u'gecos': u'sync', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 4})
- ok: [controller02] => (item={u'shell': u'/bin/sync', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sync', u'gid': 65534, u'gecos': u'sync', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 4})
- ok: [compute00] => (item={u'shell': u'/bin/sync', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sync', u'gid': 65534, u'gecos': u'sync', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 4})
- ok: [compute01] => (item={u'shell': u'/bin/sync', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sync', u'gid': 65534, u'gecos': u'sync', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 4})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 60, u'name': u'games'}, u'name': u'games', u'gid': 60, u'gecos': u'games', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/games', u'uid': 5})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 60, u'name': u'games'}, u'name': u'games', u'gid': 60, u'gecos': u'games', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/games', u'uid': 5})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 60, u'name': u'games'}, u'name': u'games', u'gid': 60, u'gecos': u'games', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/games', u'uid': 5})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 60, u'name': u'games'}, u'name': u'games', u'gid': 60, u'gecos': u'games', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/games', u'uid': 5})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 60, u'name': u'games'}, u'name': u'games', u'gid': 60, u'gecos': u'games', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/usr/games', u'uid': 5})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 12, u'name': u'man'}, u'name': u'man', u'gid': 12, u'gecos': u'man', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/cache/man', u'uid': 6})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 12, u'name': u'man'}, u'name': u'man', u'gid': 12, u'gecos': u'man', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/cache/man', u'uid': 6})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 12, u'name': u'man'}, u'name': u'man', u'gid': 12, u'gecos': u'man', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/cache/man', u'uid': 6})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 12, u'name': u'man'}, u'name': u'man', u'gid': 12, u'gecos': u'man', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/cache/man', u'uid': 6})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 12, u'name': u'man'}, u'name': u'man', u'gid': 12, u'gecos': u'man', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/cache/man', u'uid': 6})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 7, u'name': u'lp'}, u'name': u'lp', u'gid': 7, u'gecos': u'lp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/lpd', u'uid': 7})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 7, u'name': u'lp'}, u'name': u'lp', u'gid': 7, u'gecos': u'lp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/lpd', u'uid': 7})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 7, u'name': u'lp'}, u'name': u'lp', u'gid': 7, u'gecos': u'lp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/lpd', u'uid': 7})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 7, u'name': u'lp'}, u'name': u'lp', u'gid': 7, u'gecos': u'lp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/lpd', u'uid': 7})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 7, u'name': u'lp'}, u'name': u'lp', u'gid': 7, u'gecos': u'lp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/lpd', u'uid': 7})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 8, u'name': u'mail'}, u'name': u'mail', u'gid': 8, u'gecos': u'mail', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/mail', u'uid': 8})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 8, u'name': u'mail'}, u'name': u'mail', u'gid': 8, u'gecos': u'mail', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/mail', u'uid': 8})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 8, u'name': u'mail'}, u'name': u'mail', u'gid': 8, u'gecos': u'mail', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/mail', u'uid': 8})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 8, u'name': u'mail'}, u'name': u'mail', u'gid': 8, u'gecos': u'mail', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/mail', u'uid': 8})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 8, u'name': u'mail'}, u'name': u'mail', u'gid': 8, u'gecos': u'mail', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/mail', u'uid': 8})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 9, u'name': u'news'}, u'name': u'news', u'gid': 9, u'gecos': u'news', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/news', u'uid': 9})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 9, u'name': u'news'}, u'name': u'news', u'gid': 9, u'gecos': u'news', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/news', u'uid': 9})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 9, u'name': u'news'}, u'name': u'news', u'gid': 9, u'gecos': u'news', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/news', u'uid': 9})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 9, u'name': u'news'}, u'name': u'news', u'gid': 9, u'gecos': u'news', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/news', u'uid': 9})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 9, u'name': u'news'}, u'name': u'news', u'gid': 9, u'gecos': u'news', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/news', u'uid': 9})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 10, u'name': u'uucp'}, u'name': u'uucp', u'gid': 10, u'gecos': u'uucp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/uucp', u'uid': 10})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 10, u'name': u'uucp'}, u'name': u'uucp', u'gid': 10, u'gecos': u'uucp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/uucp', u'uid': 10})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 10, u'name': u'uucp'}, u'name': u'uucp', u'gid': 10, u'gecos': u'uucp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/uucp', u'uid': 10})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 10, u'name': u'uucp'}, u'name': u'uucp', u'gid': 10, u'gecos': u'uucp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/uucp', u'uid': 10})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 10, u'name': u'uucp'}, u'name': u'uucp', u'gid': 10, u'gecos': u'uucp', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/uucp', u'uid': 10})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 13, u'name': u'proxy'}, u'name': u'proxy', u'gid': 13, u'gecos': u'proxy', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 13})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 13, u'name': u'proxy'}, u'name': u'proxy', u'gid': 13, u'gecos': u'proxy', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 13})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 13, u'name': u'proxy'}, u'name': u'proxy', u'gid': 13, u'gecos': u'proxy', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 13})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 13, u'name': u'proxy'}, u'name': u'proxy', u'gid': 13, u'gecos': u'proxy', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 13})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 13, u'name': u'proxy'}, u'name': u'proxy', u'gid': 13, u'gecos': u'proxy', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/bin', u'uid': 13})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 33, u'name': u'www-data'}, u'name': u'www-data', u'gid': 33, u'gecos': u'www-data', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/www', u'uid': 33})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 33, u'name': u'www-data'}, u'name': u'www-data', u'gid': 33, u'gecos': u'www-data', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/www', u'uid': 33})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 33, u'name': u'www-data'}, u'name': u'www-data', u'gid': 33, u'gecos': u'www-data', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/www', u'uid': 33})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 33, u'name': u'www-data'}, u'name': u'www-data', u'gid': 33, u'gecos': u'www-data', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/www', u'uid': 33})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 33, u'name': u'www-data'}, u'name': u'www-data', u'gid': 33, u'gecos': u'www-data', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/www', u'uid': 33})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 34, u'name': u'backup'}, u'name': u'backup', u'gid': 34, u'gecos': u'backup', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/backups', u'uid': 34})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 34, u'name': u'backup'}, u'name': u'backup', u'gid': 34, u'gecos': u'backup', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/backups', u'uid': 34})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 34, u'name': u'backup'}, u'name': u'backup', u'gid': 34, u'gecos': u'backup', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/backups', u'uid': 34})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 34, u'name': u'backup'}, u'name': u'backup', u'gid': 34, u'gecos': u'backup', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/backups', u'uid': 34})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 34, u'name': u'backup'}, u'name': u'backup', u'gid': 34, u'gecos': u'backup', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/backups', u'uid': 34})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 38, u'name': u'list'}, u'name': u'list', u'gid': 38, u'gecos': u'Mailing List Manager', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/list', u'uid': 38})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 38, u'name': u'list'}, u'name': u'list', u'gid': 38, u'gecos': u'Mailing List Manager', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/list', u'uid': 38})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 38, u'name': u'list'}, u'name': u'list', u'gid': 38, u'gecos': u'Mailing List Manager', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/list', u'uid': 38})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 38, u'name': u'list'}, u'name': u'list', u'gid': 38, u'gecos': u'Mailing List Manager', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/list', u'uid': 38})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 38, u'name': u'list'}, u'name': u'list', u'gid': 38, u'gecos': u'Mailing List Manager', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/list', u'uid': 38})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 39, u'name': u'irc'}, u'name': u'irc', u'gid': 39, u'gecos': u'ircd', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/ircd', u'uid': 39})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 39, u'name': u'irc'}, u'name': u'irc', u'gid': 39, u'gecos': u'ircd', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/ircd', u'uid': 39})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 39, u'name': u'irc'}, u'name': u'irc', u'gid': 39, u'gecos': u'ircd', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/ircd', u'uid': 39})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 39, u'name': u'irc'}, u'name': u'irc', u'gid': 39, u'gecos': u'ircd', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/ircd', u'uid': 39})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 39, u'name': u'irc'}, u'name': u'irc', u'gid': 39, u'gecos': u'ircd', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/ircd', u'uid': 39})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 41, u'name': u'gnats'}, u'name': u'gnats', u'gid': 41, u'gecos': u'Gnats Bug-Reporting System (admin)', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/gnats', u'uid': 41})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 41, u'name': u'gnats'}, u'name': u'gnats', u'gid': 41, u'gecos': u'Gnats Bug-Reporting System (admin)', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/gnats', u'uid': 41})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 41, u'name': u'gnats'}, u'name': u'gnats', u'gid': 41, u'gecos': u'Gnats Bug-Reporting System (admin)', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/gnats', u'uid': 41})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 41, u'name': u'gnats'}, u'name': u'gnats', u'gid': 41, u'gecos': u'Gnats Bug-Reporting System (admin)', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/gnats', u'uid': 41})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 41, u'name': u'gnats'}, u'name': u'gnats', u'gid': 41, u'gecos': u'Gnats Bug-Reporting System (admin)', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/gnats', u'uid': 41})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 102, u'name': u'systemd-timesync'}, u'name': u'systemd-timesync', u'gid': 102, u'gecos': u'systemd Time Synchronization,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 100})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 102, u'name': u'systemd-timesync'}, u'name': u'systemd-timesync', u'gid': 102, u'gecos': u'systemd Time Synchronization,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 100})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 102, u'name': u'systemd-timesync'}, u'name': u'systemd-timesync', u'gid': 102, u'gecos': u'systemd Time Synchronization,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 100})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 102, u'name': u'systemd-timesync'}, u'name': u'systemd-timesync', u'gid': 102, u'gecos': u'systemd Time Synchronization,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 100})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 102, u'name': u'systemd-timesync'}, u'name': u'systemd-timesync', u'gid': 102, u'gecos': u'systemd Time Synchronization,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 100})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 103, u'name': u'systemd-network'}, u'name': u'systemd-network', u'gid': 103, u'gecos': u'systemd Network Management,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/netif', u'uid': 101})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 103, u'name': u'systemd-network'}, u'name': u'systemd-network', u'gid': 103, u'gecos': u'systemd Network Management,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/netif', u'uid': 101})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 103, u'name': u'systemd-network'}, u'name': u'systemd-network', u'gid': 103, u'gecos': u'systemd Network Management,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/netif', u'uid': 101})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 103, u'name': u'systemd-network'}, u'name': u'systemd-network', u'gid': 103, u'gecos': u'systemd Network Management,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/netif', u'uid': 101})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 103, u'name': u'systemd-network'}, u'name': u'systemd-network', u'gid': 103, u'gecos': u'systemd Network Management,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/netif', u'uid': 101})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 104, u'name': u'systemd-resolve'}, u'name': u'systemd-resolve', u'gid': 104, u'gecos': u'systemd Resolver,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/resolve', u'uid': 102})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 104, u'name': u'systemd-resolve'}, u'name': u'systemd-resolve', u'gid': 104, u'gecos': u'systemd Resolver,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/resolve', u'uid': 102})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 104, u'name': u'systemd-resolve'}, u'name': u'systemd-resolve', u'gid': 104, u'gecos': u'systemd Resolver,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/resolve', u'uid': 102})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 104, u'name': u'systemd-resolve'}, u'name': u'systemd-resolve', u'gid': 104, u'gecos': u'systemd Resolver,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/resolve', u'uid': 102})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 104, u'name': u'systemd-resolve'}, u'name': u'systemd-resolve', u'gid': 104, u'gecos': u'systemd Resolver,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd/resolve', u'uid': 102})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 105, u'name': u'systemd-bus-proxy'}, u'name': u'systemd-bus-proxy', u'gid': 105, u'gecos': u'systemd Bus Proxy,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 103})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 105, u'name': u'systemd-bus-proxy'}, u'name': u'systemd-bus-proxy', u'gid': 105, u'gecos': u'systemd Bus Proxy,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 103})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 105, u'name': u'systemd-bus-proxy'}, u'name': u'systemd-bus-proxy', u'gid': 105, u'gecos': u'systemd Bus Proxy,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 103})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 105, u'name': u'systemd-bus-proxy'}, u'name': u'systemd-bus-proxy', u'gid': 105, u'gecos': u'systemd Bus Proxy,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 103})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 105, u'name': u'systemd-bus-proxy'}, u'name': u'systemd-bus-proxy', u'gid': 105, u'gecos': u'systemd Bus Proxy,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/run/systemd', u'uid': 103})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'_apt', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 104})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'_apt', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 104})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'_apt', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 104})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'_apt', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 104})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'_apt', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 104})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 107, u'name': u'ntp'}, u'name': u'ntp', u'gid': 107, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/ntp', u'uid': 105})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 107, u'name': u'ntp'}, u'name': u'ntp', u'gid': 107, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/ntp', u'uid': 105})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 107, u'name': u'ntp'}, u'name': u'ntp', u'gid': 107, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/ntp', u'uid': 105})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 107, u'name': u'ntp'}, u'name': u'ntp', u'gid': 107, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/ntp', u'uid': 105})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 107, u'name': u'ntp'}, u'name': u'ntp', u'gid': 107, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/ntp', u'uid': 105})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 109, u'name': u'syslog'}, u'name': u'syslog', u'gid': 109, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/syslog', u'uid': 106})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 109, u'name': u'syslog'}, u'name': u'syslog', u'gid': 109, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/syslog', u'uid': 106})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 109, u'name': u'syslog'}, u'name': u'syslog', u'gid': 109, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/syslog', u'uid': 106})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 109, u'name': u'syslog'}, u'name': u'syslog', u'gid': 109, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/syslog', u'uid': 106})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 109, u'name': u'syslog'}, u'name': u'syslog', u'gid': 109, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/syslog', u'uid': 106})
- ok: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sshd', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/sshd', u'uid': 107})
- ok: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sshd', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/sshd', u'uid': 107})
- ok: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sshd', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/sshd', u'uid': 107})
- ok: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sshd', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/sshd', u'uid': 107})
- ok: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'sshd', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/run/sshd', u'uid': 107})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 111, u'name': u'puppet'}, u'name': u'puppet', u'gid': 111, u'gecos': u'Puppet configuration management daemon,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/puppet', u'uid': 108})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 111, u'name': u'puppet'}, u'name': u'puppet', u'gid': 111, u'gecos': u'Puppet configuration management daemon,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/puppet', u'uid': 108})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 111, u'name': u'puppet'}, u'name': u'puppet', u'gid': 111, u'gecos': u'Puppet configuration management daemon,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/puppet', u'uid': 108})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 111, u'name': u'puppet'}, u'name': u'puppet', u'gid': 111, u'gecos': u'Puppet configuration management daemon,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/puppet', u'uid': 108})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 111, u'name': u'puppet'}, u'name': u'puppet', u'gid': 111, u'gecos': u'Puppet configuration management daemon,,,', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/puppet', u'uid': 108})
- ok: [compute00] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- ok: [controller00] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- ok: [controller01] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- ok: [compute01] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- ok: [controller02] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- ok: [compute00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 113, u'name': u'postfix'}, u'name': u'postfix', u'gid': 113, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17187, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/postfix', u'uid': 109})
- ok: [controller00] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 113, u'name': u'postfix'}, u'name': u'postfix', u'gid': 113, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17187, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/postfix', u'uid': 109})
- ok: [controller01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 113, u'name': u'postfix'}, u'name': u'postfix', u'gid': 113, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17187, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/postfix', u'uid': 109})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'statd', u'gid': 65534, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17187, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/lib/nfs', u'uid': 109})
- ok: [controller02] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 113, u'name': u'postfix'}, u'name': u'postfix', u'gid': 113, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17187, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/postfix', u'uid': 109})
- ok: [compute01] => (item={u'shell': u'/bin/false', u'group': {u'passwd': u'x', u'gid': 113, u'name': u'postfix'}, u'name': u'postfix', u'gid': 113, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17187, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/var/spool/postfix', u'uid': 110})
- TASK [openstack-ansible-security : RHEL-07-020640 - All local interactive user home directories defined in the /etc/passwd file must exist.] ***
- ok: [controller00] => {
- "msg": "These users have a home directory assigned, but the directory does not exist:\nman (/var/cache/man does not exist)\nlp (/var/spool/lpd does not exist)\nnews (/var/spool/news does not exist)\nuucp (/var/spool/uucp does not exist)\nwww-data (/var/www does not exist)\nlist (/var/list does not exist)\nirc (/var/run/ircd does not exist)\ngnats (/var/lib/gnats does not exist)\nnobody (/nonexistent does not exist)\nsystemd-resolve (/run/systemd/resolve does not exist)\n_apt (/nonexistent does not exist)\nntp (/home/ntp does not exist)\nsyslog (/home/syslog does not exist)\n"
- }
- ok: [controller01] => {
- "msg": "These users have a home directory assigned, but the directory does not exist:\nman (/var/cache/man does not exist)\nlp (/var/spool/lpd does not exist)\nnews (/var/spool/news does not exist)\nuucp (/var/spool/uucp does not exist)\nwww-data (/var/www does not exist)\nlist (/var/list does not exist)\nirc (/var/run/ircd does not exist)\ngnats (/var/lib/gnats does not exist)\nnobody (/nonexistent does not exist)\nsystemd-resolve (/run/systemd/resolve does not exist)\n_apt (/nonexistent does not exist)\nntp (/home/ntp does not exist)\nsyslog (/home/syslog does not exist)\n"
- }
- ok: [controller02] => {
- "msg": "These users have a home directory assigned, but the directory does not exist:\nman (/var/cache/man does not exist)\nlp (/var/spool/lpd does not exist)\nnews (/var/spool/news does not exist)\nuucp (/var/spool/uucp does not exist)\nwww-data (/var/www does not exist)\nlist (/var/list does not exist)\nirc (/var/run/ircd does not exist)\ngnats (/var/lib/gnats does not exist)\nnobody (/nonexistent does not exist)\nsystemd-resolve (/run/systemd/resolve does not exist)\n_apt (/nonexistent does not exist)\nntp (/home/ntp does not exist)\nsyslog (/home/syslog does not exist)\n"
- }
- ok: [compute00] => {
- "msg": "These users have a home directory assigned, but the directory does not exist:\nman (/var/cache/man does not exist)\nlp (/var/spool/lpd does not exist)\nnews (/var/spool/news does not exist)\nuucp (/var/spool/uucp does not exist)\nwww-data (/var/www does not exist)\nlist (/var/list does not exist)\nirc (/var/run/ircd does not exist)\ngnats (/var/lib/gnats does not exist)\nnobody (/nonexistent does not exist)\nsystemd-resolve (/run/systemd/resolve does not exist)\n_apt (/nonexistent does not exist)\nntp (/home/ntp does not exist)\nsyslog (/home/syslog does not exist)\n"
- }
- ok: [compute01] => {
- "msg": "These users have a home directory assigned, but the directory does not exist:\nman (/var/cache/man does not exist)\nlp (/var/spool/lpd does not exist)\nnews (/var/spool/news does not exist)\nuucp (/var/spool/uucp does not exist)\nwww-data (/var/www does not exist)\nlist (/var/list does not exist)\nirc (/var/run/ircd does not exist)\ngnats (/var/lib/gnats does not exist)\nnobody (/nonexistent does not exist)\nsystemd-resolve (/run/systemd/resolve does not exist)\n_apt (/nonexistent does not exist)\nntp (/home/ntp does not exist)\nsyslog (/home/syslog does not exist)\n"
- }
- TASK [openstack-ansible-security : RHEL-07-040010 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.] ***
- TASK [openstack-ansible-security : Check for PAM PKCS 11 authentication configuration] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Check for ocsp_on in PAM PKCS 11 auth configuration] ***
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : RHEL-07-040030 - Must Validate PKI-based auth attempts with OCSP] ***
- TASK [openstack-ansible-security : Check for cackey or coolkey in the PAM PKCS11 auth configuration] ***
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [controller00]
- skipping: [compute01]
- TASK [openstack-ansible-security : RHEL-07-040040 - Must use cackey/cookey for PKCS 11 auth] ***
- TASK [openstack-ansible-security : Check for pam_lastlog in PAM configuration] *
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-040300 - Display date/time of last logon after logon] ***
- TASK [openstack-ansible-security : Check for .shosts or shosts.equiv files] ****
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [controller00]
- ok: [compute01]
- TASK [openstack-ansible-security : Remove .shosts or shosts.equiv files] *******
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/file_perms.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : RHEL-07-010010 - Get packages with incorrect file permissions or ownership] ***
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010010 - Reset file permissions/ownership to vendor values] ***
- TASK [openstack-ansible-security : Search for files/directories with an invalid owner] ***
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : RHEL-07-020360 - All files and directories must have a valid owner.] ***
- TASK [openstack-ansible-security : Search for files/directories with an invalid group owner] ***
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [controller00]
- skipping: [compute01]
- TASK [openstack-ansible-security : RHEL-07-020370 - All files and directories must have a valid group owner.] ***
- TASK [openstack-ansible-security : Set proper owner, group owner, and permissions on home directories] ***
- skipping: [controller00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- skipping: [controller01] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- skipping: [controller02] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- skipping: [controller02] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- skipping: [compute00] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- skipping: [controller00] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- skipping: [compute00] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- skipping: [compute01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- skipping: [controller01] => (item={u'shell': u'/usr/sbin/nologin', u'group': {u'passwd': u'x', u'gid': 65534, u'name': u'nogroup'}, u'name': u'nobody', u'gid': 65534, u'gecos': u'nobody', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/nonexistent', u'uid': 65534})
- skipping: [compute01] => (item={u'shell': u'', u'group': {u'passwd': u'x', u'gid': 1000, u'name': u'devuser'}, u'name': u'devuser', u'gid': 1000, u'gecos': u'', u'shadow': {u'expire_days': -1, u'min_days': 0, u'last_changed': 17186, u'max_days': 99999, u'warn_days': 7, u'inact_days': -1}, u'dir': u'/home/devuser', u'uid': 1000})
- TASK [openstack-ansible-security : Find all world-writable directories] ********
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-021050 - All world-writable directories must be group-owned by root, sys, bin, or an application group.] ***
- ok: [controller00] => {
- "msg": "The group owners on the following world-writable directories should be examined:\n"
- }
- ok: [controller01] => {
- "msg": "The group owners on the following world-writable directories should be examined:\n"
- }
- ok: [controller02] => {
- "msg": "The group owners on the following world-writable directories should be examined:\n"
- }
- ok: [compute00] => {
- "msg": "The group owners on the following world-writable directories should be examined:\n"
- }
- ok: [compute01] => {
- "msg": "The group owners on the following world-writable directories should be examined:\n"
- }
- TASK [openstack-ansible-security : Check if /etc/cron.allow exists] ************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Set owner/group owner on /etc/cron.allow] ***
- TASK [openstack-ansible-security : Check if cn_map file is present] ************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Set file permissions on cn_map file] ********
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/graphical.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Check if gdm is installed and configured] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-010430 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface] ***
- TASK [openstack-ansible-security : RHEL-07-010431 - The operating system must not allow guest logon to the system.] ***
- TASK [openstack-ansible-security : Check for dconf profiles] *******************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Create a user profile in dconf] *************
- TASK [openstack-ansible-security : Create dconf directories] *******************
- skipping: [controller00] => (item=/etc/dconf/db/local.d/)
- skipping: [controller00] => (item=/etc/dconf/db/gdm.d/)
- skipping: [controller02] => (item=/etc/dconf/db/local.d/)
- skipping: [controller02] => (item=/etc/dconf/db/local.d/locks)
- skipping: [compute00] => (item=/etc/dconf/db/local.d/)
- skipping: [compute00] => (item=/etc/dconf/db/local.d/locks)
- skipping: [controller02] => (item=/etc/dconf/db/gdm.d/)
- skipping: [controller01] => (item=/etc/dconf/db/gdm.d/)
- skipping: [controller01] => (item=/etc/dconf/db/local.d/locks)
- skipping: [compute00] => (item=/etc/dconf/db/gdm.d/)
- skipping: [compute01] => (item=/etc/dconf/db/local.d/)
- skipping: [controller01] => (item=/etc/dconf/db/local.d/)
- skipping: [compute01] => (item=/etc/dconf/db/local.d/locks)
- skipping: [compute01] => (item=/etc/dconf/db/gdm.d/)
- skipping: [controller00] => (item=/etc/dconf/db/local.d/locks)
- TASK [openstack-ansible-security : Configure graphical session locking] ********
- TASK [openstack-ansible-security : Prevent users from changing graphical session locking configurations] ***
- TASK [openstack-ansible-security : Create a GDM profile for displaying a login banner] ***
- TASK [openstack-ansible-security : Create a GDM keyfile for machine-wide settings] ***
- skipping: [controller00] => (item=/etc/dconf/db/gdm.d/01-banner-message)
- skipping: [controller01] => (item=/etc/dconf/db/gdm.d/01-banner-message)
- skipping: [compute00] => (item=/etc/dconf/db/gdm.d/01-banner-message)
- skipping: [compute00] => (item=/etc/dconf/db/local.d/01-banner-message)
- skipping: [controller02] => (item=/etc/dconf/db/local.d/01-banner-message)
- skipping: [controller02] => (item=/etc/dconf/db/gdm.d/01-banner-message)
- skipping: [compute01] => (item=/etc/dconf/db/gdm.d/01-banner-message)
- skipping: [controller01] => (item=/etc/dconf/db/local.d/01-banner-message)
- skipping: [controller00] => (item=/etc/dconf/db/local.d/01-banner-message)
- skipping: [compute01] => (item=/etc/dconf/db/local.d/01-banner-message)
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/kernel.yml for controller00, controller02, controller01, compute00, compute01
- TASK [openstack-ansible-security : RHEL-07-020160 - USB mass storage must be disabled.] ***
- changed: [controller00]
- changed: [controller01]
- changed: [compute00]
- changed: [controller02]
- changed: [compute01]
- TASK [openstack-ansible-security : Set sysctl configurations] ******************
- changed: [controller00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.accept_source_route', u'value': 0})
- changed: [controller01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.accept_source_route', u'value': 0})
- changed: [controller02] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.accept_source_route', u'value': 0})
- changed: [compute01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.accept_source_route', u'value': 0})
- changed: [compute00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.accept_source_route', u'value': 0})
- changed: [controller00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.accept_source_route', u'value': 0})
- changed: [controller01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.accept_source_route', u'value': 0})
- changed: [controller02] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.accept_source_route', u'value': 0})
- changed: [compute01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.accept_source_route', u'value': 0})
- changed: [compute00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.accept_source_route', u'value': 0})
- changed: [controller01] => (item={u'enabled': True, u'name': u'net.ipv4.icmp_echo_ignore_broadcasts', u'value': 1})
- changed: [controller00] => (item={u'enabled': True, u'name': u'net.ipv4.icmp_echo_ignore_broadcasts', u'value': 1})
- changed: [controller02] => (item={u'enabled': True, u'name': u'net.ipv4.icmp_echo_ignore_broadcasts', u'value': 1})
- changed: [compute01] => (item={u'enabled': True, u'name': u'net.ipv4.icmp_echo_ignore_broadcasts', u'value': 1})
- changed: [compute00] => (item={u'enabled': True, u'name': u'net.ipv4.icmp_echo_ignore_broadcasts', u'value': 1})
- changed: [controller01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.send_redirects', u'value': 0})
- changed: [controller00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.send_redirects', u'value': 0})
- changed: [controller02] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.send_redirects', u'value': 0})
- changed: [compute01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.send_redirects', u'value': 0})
- changed: [compute00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.all.send_redirects', u'value': 0})
- changed: [controller01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.send_redirects', u'value': 0})
- changed: [controller00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.send_redirects', u'value': 0})
- changed: [controller02] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.send_redirects', u'value': 0})
- changed: [compute01] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.send_redirects', u'value': 0})
- changed: [compute00] => (item={u'enabled': True, u'name': u'net.ipv4.conf.default.send_redirects', u'value': 0})
- changed: [controller01] => (item={u'enabled': False, u'name': u'net.ipv4.ip_forward', u'value': 0})
- changed: [controller00] => (item={u'enabled': False, u'name': u'net.ipv4.ip_forward', u'value': 0})
- changed: [controller02] => (item={u'enabled': False, u'name': u'net.ipv4.ip_forward', u'value': 0})
- changed: [compute01] => (item={u'enabled': False, u'name': u'net.ipv4.ip_forward', u'value': 0})
- changed: [compute00] => (item={u'enabled': False, u'name': u'net.ipv4.ip_forward', u'value': 0})
- changed: [controller01] => (item={u'enabled': True, u'name': u'net.ipv6.conf.all.accept_source_route', u'value': 0})
- changed: [controller00] => (item={u'enabled': True, u'name': u'net.ipv6.conf.all.accept_source_route', u'value': 0})
- changed: [compute01] => (item={u'enabled': True, u'name': u'net.ipv6.conf.all.accept_source_route', u'value': 0})
- changed: [controller02] => (item={u'enabled': True, u'name': u'net.ipv6.conf.all.accept_source_route', u'value': 0})
- changed: [compute00] => (item={u'enabled': True, u'name': u'net.ipv6.conf.all.accept_source_route', u'value': 0})
- TASK [openstack-ansible-security : Check kdump service] ************************
- ok: [controller01]
- ok: [controller00]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-021230 - Kernel core dumps must be disabled unless needed.] ***
- TASK [openstack-ansible-security : Check if FIPS is enabled] *******************
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : Print a warning if FIPS isn't enabled] ******
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/lsm.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Ensure AppArmor is running] *****************
- changed: [controller01]
- changed: [controller00]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : Ensure SELinux is in enforcing mode on the next reboot] ***
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : Relabel files on next boot if SELinux mode changed] ***
- TASK [openstack-ansible-security : Check for unlabeled device files] ***********
- skipping: [controller00]
- skipping: [controller01]
- skipping: [controller02]
- skipping: [compute00]
- skipping: [compute01]
- TASK [openstack-ansible-security : RHEL-07-020940 - All system device files must be correctly labeled to prevent unauthorized modification.] ***
- TASK [openstack-ansible-security : include] ************************************
- included: /etc/ansible/roles/openstack-ansible-security/tasks/rhel7stig/misc.yml for controller00, controller01, controller02, compute00, compute01
- TASK [openstack-ansible-security : Check autofs service] ***********************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-020161 - File system automounter must be disabled unless required.] ***
- TASK [openstack-ansible-security : Check if ctrl-alt-del.target is already masked] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-020220 - The x86 Ctrl-Alt-Delete key sequence must be disabled] ***
- TASK [openstack-ansible-security : Check for /home on mounted filesystem] ******
- ok: [controller00] => {
- "msg": "The STIG requires that /home is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller01] => {
- "msg": "The STIG requires that /home is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller02] => {
- "msg": "The STIG requires that /home is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute00] => {
- "msg": "The STIG requires that /home is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute01] => {
- "msg": "The STIG requires that /home is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- TASK [openstack-ansible-security : Check for /var on mounted filesystem] *******
- ok: [controller00] => {
- "msg": "The STIG requires that /var is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller02] => {
- "msg": "The STIG requires that /var is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute00] => {
- "msg": "The STIG requires that /var is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller01] => {
- "msg": "The STIG requires that /var is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute01] => {
- "msg": "The STIG requires that /var is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- TASK [openstack-ansible-security : Check for /var/log/audit on mounted filesystem] ***
- ok: [controller00] => {
- "msg": "The STIG requires that /var/log/audit is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller01] => {
- "msg": "The STIG requires that /var/log/audit is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller02] => {
- "msg": "The STIG requires that /var/log/audit is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute00] => {
- "msg": "The STIG requires that /var/log/audit is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute01] => {
- "msg": "The STIG requires that /var/log/audit is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- TASK [openstack-ansible-security : Check for /tmp on mounted filesystem] *******
- ok: [controller01] => {
- "msg": "The STIG requires that /tmp is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller02] => {
- "msg": "The STIG requires that /tmp is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute00] => {
- "msg": "The STIG requires that /tmp is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [controller00] => {
- "msg": "The STIG requires that /tmp is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- ok: [compute01] => {
- "msg": "The STIG requires that /tmp is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
- }
- TASK [openstack-ansible-security : Check if syslog output is being sent to another server] ***
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : RHEL-07-030770 - The system must send rsyslog output to a log aggregation server.] ***
- ok: [controller00] => {
- "msg": "Output from syslog must be sent to another server."
- }
- ok: [controller01] => {
- "msg": "Output from syslog must be sent to another server."
- }
- ok: [controller02] => {
- "msg": "Output from syslog must be sent to another server."
- }
- ok: [compute00] => {
- "msg": "Output from syslog must be sent to another server."
- }
- ok: [compute01] => {
- "msg": "Output from syslog must be sent to another server."
- }
- TASK [openstack-ansible-security : Check if ClamAV is installed] ***************
- ok: [controller00]
- ok: [controller01]
- ok: [controller02]
- ok: [compute00]
- ok: [compute01]
- TASK [openstack-ansible-security : Remove 'Example' line from ClamAV configuration files] ***
- skipping: [controller00] => (item=/etc/freshclam.conf)
- skipping: [controller01] => (item=/etc/freshclam.conf)
- skipping: [controller02] => (item=/etc/clamd.d/scan.conf)
- skipping: [compute00] => (item=/etc/freshclam.conf)
- skipping: [controller02] => (item=/etc/freshclam.conf)
- skipping: [compute00] => (item=/etc/clamd.d/scan.conf)
- skipping: [compute01] => (item=/etc/freshclam.conf)
- skipping: [controller01] => (item=/etc/clamd.d/scan.conf)
- skipping: [controller00] => (item=/etc/clamd.d/scan.conf)
- skipping: [compute01] => (item=/etc/clamd.d/scan.conf)
- TASK [openstack-ansible-security : Set ClamAV server type as socket] ***********
- TASK [openstack-ansible-security : Allow automatic freshclam updates] **********
- TASK [openstack-ansible-security : Update ClamAV database] *********************
- TASK [openstack-ansible-security : Ensure ClamAV is running] *******************
- TASK [openstack-ansible-security : RHEL-07-040160 - Set 10 minute timeout on communication sessions] ***
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- TASK [openstack-ansible-security : Start and enable chrony] ********************
- fatal: [controller00]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service chrony: cannot enable"}
- fatal: [controller01]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service chrony: cannot enable"}
- fatal: [controller02]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service chrony: cannot enable"}
- fatal: [compute00]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service chrony: cannot enable"}
- fatal: [compute01]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service chrony: cannot enable"}
- RUNNING HANDLER [openstack-ansible-security : restart auditd] ******************
- changed: [controller00]
- changed: [controller01]
- changed: [compute00]
- changed: [controller02]
- changed: [compute01]
- RUNNING HANDLER [openstack-ansible-security : generate auditd rules] ***********
- changed: [controller00]
- changed: [controller01]
- changed: [controller02]
- changed: [compute00]
- changed: [compute01]
- PLAY RECAP *********************************************************************
- compute00 : ok=97 changed=28 unreachable=0 failed=1
- compute01 : ok=97 changed=28 unreachable=0 failed=1
- controller00 : ok=101 changed=30 unreachable=0 failed=1
- controller01 : ok=100 changed=29 unreachable=0 failed=1
- controller02 : ok=100 changed=29 unreachable=0 failed=1
- DEBUG MESSAGE RECAP ************************************************************
- DEBUG: [RHEL-07-010020 - The cryptographic hash of system files and commands must match vendor values (apt)]
- The following files have checksums that differ from the checksum provided with their package. Each of these should be verified manually to ensure they have not been modified by an unauthorized user: /sbin/start-stop-daemon, /usr/share/locale-langpack/en/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@boldquot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en@quot/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_AU/LC_MESSAGES/xdiagnose.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/kdesudo.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_CA/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/NetworkManager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apparmor-parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/apt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bfd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/binutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/bzr.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/command-not-found.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/devscripts.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ecryptfs-utils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/elfutils.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/fwupd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gas.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gnupg.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gold.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gprof.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/grub.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gst-plugins-good-1.0.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/gutenprint.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/kbd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/keystone.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/language-selector.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ld.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libidn.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/libvirt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lightdm.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/lxd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/mcs.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/opcodes.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/oxide-qt.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/p11-kit.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/software-properties.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sssd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subdomain_parser.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/subversion.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sudoers.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/sysstat.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/systemd.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/ubuntu-help.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/update-manager.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/upower.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/webbrowser-app.mo, /usr/share/locale-langpack/en_GB/LC_MESSAGES/xdiagnose.mo
- DEBUG: [RHEL-07-010210 - Passwords must be restricted to a 24 hours/1 day minimum lifetime.]
- Accounts were found with a minimum password lifetime limit under 24 hours:
- root, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, nobody, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy, _apt, ntp, syslog, sshd, puppet, devuser, statd, postfix
- DEBUG: [RHEL-07-010230 - Existing passwords must be restricted to a 60-day maximum lifetime.]
- The following user accounts have an existing password with a lifetime of
- greater than 60 days: root has an expiration of 99999 days
- daemon has an expiration of 99999 days
- bin has an expiration of 99999 days
- sys has an expiration of 99999 days
- sync has an expiration of 99999 days
- games has an expiration of 99999 days
- man has an expiration of 99999 days
- lp has an expiration of 99999 days
- mail has an expiration of 99999 days
- news has an expiration of 99999 days
- uucp has an expiration of 99999 days
- proxy has an expiration of 99999 days
- www-data has an expiration of 99999 days
- backup has an expiration of 99999 days
- list has an expiration of 99999 days
- irc has an expiration of 99999 days
- gnats has an expiration of 99999 days
- nobody has an expiration of 99999 days
- systemd-timesync has an expiration of 99999 days
- systemd-network has an expiration of 99999 days
- systemd-resolve has an expiration of 99999 days
- systemd-bus-proxy has an expiration of 99999 days
- _apt has an expiration of 99999 days
- ntp has an expiration of 99999 days
- syslog has an expiration of 99999 days
- sshd has an expiration of 99999 days
- puppet has an expiration of 99999 days
- devuser has an expiration of 99999 days
- statd has an expiration of 99999 days
- postfix has an expiration of 99999 days
- DEBUG: [RHEL-07-010380 - Users must provide a password for privilege escalation.]
- The 'NOPASSWD' directive was found in the sudoers configuration files. Remove the directive to ensure that all users must provide a password to run commands as the root user.
- DEBUG: [RHEL-07-020640 - All local interactive user home directories defined in the /etc/passwd file must exist.]
- These users have a home directory assigned, but the directory does not exist:
- man (/var/cache/man does not exist)
- lp (/var/spool/lpd does not exist)
- news (/var/spool/news does not exist)
- uucp (/var/spool/uucp does not exist)
- www-data (/var/www does not exist)
- list (/var/list does not exist)
- irc (/var/run/ircd does not exist)
- gnats (/var/lib/gnats does not exist)
- nobody (/nonexistent does not exist)
- systemd-resolve (/run/systemd/resolve does not exist)
- _apt (/nonexistent does not exist)
- ntp (/home/ntp does not exist)
- syslog (/home/syslog does not exist)
- DEBUG: [RHEL-07-021050 - All world-writable directories must be group-owned by root, sys, bin, or an application group.]
- The group owners on the following world-writable directories should be examined:
- DEBUG: [Check for /home on mounted filesystem] *********************************
- The STIG requires that /home is on its own filesystem, but this system
- does not appear to be following the requirement.
- DEBUG: [Check for /var on mounted filesystem] **********************************
- The STIG requires that /var is on its own filesystem, but this system
- does not appear to be following the requirement.
- DEBUG: [Check for /var/log/audit on mounted filesystem] ************************
- The STIG requires that /var/log/audit is on its own filesystem, but this system
- does not appear to be following the requirement.
- DEBUG: [Check for /tmp on mounted filesystem] **********************************
- The STIG requires that /tmp is on its own filesystem, but this system
- does not appear to be following the requirement.
- DEBUG: [RHEL-07-030770 - The system must send rsyslog output to a log aggregation server.]
- Output from syslog must be sent to another server.
- TASK: openstack_hosts : Install host packages ------------------------- 119.96s
- TASK: openstack-ansible-security : Add or remove packages based on STIG requirements -- 35.14s
- TASK: openstack_hosts : Drop hosts file entries script locally --------- 21.79s
- TASK: openstack-ansible-security : Gather debsums report ---------------- 5.56s
- TASK: openstack_hosts : Adding new system tuning ------------------------ 3.92s
- TASK: openstack-ansible-security : Check each user to see if its home directory exists on the filesystem --- 3.46s
- TASK: openstack_hosts : Ensure kernel module(s) loaded at boot ---------- 3.37s
- TASK: openstack_hosts : Ensure kernel module(s) ------------------------- 3.33s
- TASK: openstack-ansible-security : Check for .shosts or shosts.equiv files --- 3.23s
- TASK: openstack-ansible-security : Ensure debsums is installed ---------- 3.16s
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement