Describe the bug
When I run my playbooks it does not create my users and also in the /etc/ssh/sshd_config file the ALLOW USERS section does it as follows, the name separated by spaces. Example:
AllowUsers f e r n a n d o
Requirements
run command:
ansible-galaxy install -r requirements.yml
---
roles:
- name: robertdebock.bootstrap
- name: robertdebock.core_dependencies
- name: robertdebock.epel
- name: robertdebock.fail2ban
- name: robertdebock.firewall
- name: robertdebock.openssh
- name: robertdebock.selinux
- name: robertdebock.software
- name: robertdebock.sysctl
- name: robertdebock.users
- name: robertdebock.ntp
collections:
- name: community.general
- name: ansible.posix
Playbook 1
run command:
ansible-playbook -K create_user.yml
---
- hosts: localhost
become: yes
become_user: root
gather_facts: yes
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
- role: robertdebock.users
users_group_list:
- name: root
users_user_list:
- name: user_name
group: root
password: "{{'123456x' | password_hash('sha512')}}"
update_password: on_create
cron_allow: no
sudo_options: "ALL=(ALL) ALL"
authorized_keys:
- "https://gitlab.com/path/path/-/raw/master/playbooks/keys.pub"
Playbook 2
run command:
ansible-playbook -K site.yml
---
---
- hosts: localhost
become: yes
become_user: root
gather_facts: yes
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
- role: robertdebock.epel
- role: openpyme.ius
- role: robertdebock.selinux
selinux_reboot: false
selinux_state: enforcing
selinux_booleans:
- name: httpd_can_network_connect
state: true
persistent: true
- name: httpd_enable_homedirs
state: true
persistent: true
- name: httpd_read_user_content
state: true
persistent: true
- role: robertdebock.sysctl
sysctl_items:
- name: vm.swappiness
value: 10
- name: vm.vfs_cache_pressure
value: 50
- role: robertdebock.openssh
openssh_allow_users: user_name
openssh_permit_root_login: "no"
openssh_password_authentication: "no"
- role: robertdebock.firewall
firewall_services:
- name: ssh
- name: http
- name: https
- role: robertdebock.fail2ban
- role: robertdebock.ntp
ntp_timezone: America/Mexico_City
- role: robertdebock.software
software_packages:
- name: byobu
- role: robertdebock.users
users_group_list:
- name: no_root
users_user_list:
- name: user_name2
group: no_root
password: "{{'123456x' | password_hash('sha512')}}"
update_password: on_create
cron_allow: yes
Output playbook requirements.yml
[root@localhost playbooks]# ansible-galaxy install -r requirements.yml
Starting galaxy role install process
- changing role robertdebock.bootstrap from 6.2.4 to unspecified
- downloading role 'bootstrap', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-bootstrap/archive/6.2.4.tar.gz
- extracting robertdebock.bootstrap to /tmp/bench-master/playbooks/roles/robertdebock.bootstrap
- robertdebock.bootstrap (6.2.4) was installed successfully
- changing role robertdebock.core_dependencies from 2.2.10 to unspecified
- downloading role 'core_dependencies', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-core_dependencies/archive/2.2.10.tar.gz
- extracting robertdebock.core_dependencies to /tmp/bench-master/playbooks/roles/robertdebock.core_dependencies
- robertdebock.core_dependencies (2.2.10) was installed successfully
- changing role robertdebock.epel from 4.1.3 to unspecified
- downloading role 'epel', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-epel/archive/4.1.3.tar.gz
- extracting robertdebock.epel to /tmp/bench-master/playbooks/roles/robertdebock.epel
- robertdebock.epel (4.1.3) was installed successfully
- changing role robertdebock.fail2ban from 5.0.4 to unspecified
- downloading role 'fail2ban', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-fail2ban/archive/5.0.4.tar.gz
- extracting robertdebock.fail2ban to /tmp/bench-master/playbooks/roles/robertdebock.fail2ban
- robertdebock.fail2ban (5.0.4) was installed successfully
- changing role robertdebock.firewall from 5.1.9 to unspecified
- downloading role 'firewall', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-firewall/archive/5.1.9.tar.gz
- extracting robertdebock.firewall to /tmp/bench-master/playbooks/roles/robertdebock.firewall
- robertdebock.firewall (5.1.9) was installed successfully
- changing role robertdebock.openssh from 5.0.2 to unspecified
- downloading role 'openssh', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-openssh/archive/5.0.2.tar.gz
- extracting robertdebock.openssh to /tmp/bench-master/playbooks/roles/robertdebock.openssh
- robertdebock.openssh (5.0.2) was installed successfully
- changing role robertdebock.selinux from 3.1.10 to unspecified
- downloading role 'selinux', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-selinux/archive/3.1.10.tar.gz
- extracting robertdebock.selinux to /tmp/bench-master/playbooks/roles/robertdebock.selinux
- robertdebock.selinux (3.1.10) was installed successfully
- changing role robertdebock.software from 2.1.10 to unspecified
- downloading role 'software', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-software/archive/2.1.10.tar.gz
- extracting robertdebock.software to /tmp/bench-master/playbooks/roles/robertdebock.software
- robertdebock.software (2.1.10) was installed successfully
- changing role robertdebock.sysctl from 2.1.8 to unspecified
- downloading role 'sysctl', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-sysctl/archive/2.1.8.tar.gz
- extracting robertdebock.sysctl to /tmp/bench-master/playbooks/roles/robertdebock.sysctl
- robertdebock.sysctl (2.1.8) was installed successfully
- changing role robertdebock.users from 6.1.4 to unspecified
- downloading role 'users', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-users/archive/6.1.4.tar.gz
- extracting robertdebock.users to /tmp/bench-master/playbooks/roles/robertdebock.users
- robertdebock.users (6.1.4) was installed successfully
- changing role robertdebock.ntp from 3.1.6 to unspecified
- downloading role 'ntp', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-ntp/archive/3.1.6.tar.gz
- extracting robertdebock.ntp to /tmp/bench-master/playbooks/roles/robertdebock.ntp
- robertdebock.ntp (3.1.6) was installed successfully
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/ansible-posix-1.5.4.tar.gz to /root/.ansible/tmp/ansible-local-56772muwcayx9/tmpyi31ma13/ansible-posix-1.5.4-8phymkzz
Installing 'ansible.posix:1.5.4' to '/root/.ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.5.4 was installed successfully
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-general-8.2.0.tar.gz to /root/.ansible/tmp/ansible-local-56772muwcayx9/tmpyi31ma13/community-general-8.2.0-sdfq2z2b
Installing 'community.general:8.2.0' to '/root/.ansible/collections/ansible_collections/community/general'
community.general:8.2.0 was installed successfully
Output playbook create_user.yml
[root@localhost playbooks]# ansible-playbook -K create_user.yml
BECOME password:
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ***********************************************************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Validating arguments against arg spec 'main' - Prepare a system to be managed by Ansible.] **************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : assert | Test bootstrap_wait_for_host] ******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : assert | Test bootstrap_timeout] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : assert | Test bootstrap_become] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Wait for port to be available] **************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.bootstrap : Test connection] ****************************************************************************************************************************************
[WARNING]: Reset is not implemented for this connection
ok: [localhost]
TASK [robertdebock.bootstrap : Test sudo] **********************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Gather ansible facts] ***********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Install bootstrap packages (package)] *******************************************************************************************************************
ok: [localhost] => (item=python3)
ok: [localhost] => (item=sudo)
TASK [robertdebock.core_dependencies : Remove conflicting packages] ********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.core_dependencies : Install packages] *******************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.core_dependencies : Flush handlers] *********************************************************************************************************************************
TASK [robertdebock.users : assert | Test users_ssh_key_directory] **********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_shell] **********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_cron_allow] *****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_create_home] ****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_groups] *********************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.name in users_groups] ********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.gid in users_groups] *********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.state in users_groups] *******************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.system in users_groups] ******************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.name in users] ***************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.cron_allow in users] *********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.uid in users] ****************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.authorized_keys in users] ****************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.manage_ssh_key in users] *****************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.update_password in users] ****************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.exipres in users] ************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.password_validity_days in users] *********************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.system in users] *************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Install required software] **********************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Loop over users_groups] *************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Ensure the /etc/sudoers.d directory is included] ************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : Loop over users] ********************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Manage cron permission] *************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : Check existence of /etc/cron.allow] *************************************************************************************************************************
skipping: [localhost]
PLAY RECAP *****************************************************************************************************************************************************************************
localhost : ok=17 changed=0 unreachable=0 failed=0 skipped=19 rescued=0 ignored=0
Output playbook site.yml
[root@localhost playbooks]# ansible-playbook -K site.yml
BECOME password:
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ***********************************************************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Validating arguments against arg spec 'main' - Prepare a system to be managed by Ansible.] **************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : assert | Test bootstrap_wait_for_host] ******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : assert | Test bootstrap_timeout] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : assert | Test bootstrap_become] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Wait for port to be available] **************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.bootstrap : Test connection] ****************************************************************************************************************************************
[WARNING]: Reset is not implemented for this connection
ok: [localhost]
TASK [robertdebock.bootstrap : Test sudo] **********************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Gather ansible facts] ***********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.bootstrap : Install bootstrap packages (package)] *******************************************************************************************************************
ok: [localhost] => (item=python3)
ok: [localhost] => (item=sudo)
TASK [robertdebock.core_dependencies : Remove conflicting packages] ********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.core_dependencies : Install packages] *******************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.core_dependencies : Flush handlers] *********************************************************************************************************************************
TASK [robertdebock.epel : Install epel gpg key] ****************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.epel : Install epel-release] ****************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.epel : Install epel-next-release] ***********************************************************************************************************************************
skipping: [localhost]
TASK [openpyme.ius : install ius] ******************************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.selinux : assert | Test selinux_state] ******************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.selinux : assert | Test selinux_policy] *****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.selinux : assert | Test selinux_reboot] *****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.selinux : assert | Test selinux_booleans] ***************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.selinux : assert | Test item.name in selinux_booleans] **************************************************************************************************************
ok: [localhost] => (item=httpd_can_network_connect)
ok: [localhost] => (item=httpd_enable_homedirs)
ok: [localhost] => (item=httpd_read_user_content)
TASK [robertdebock.selinux : assert | Test item.state in selinux_booleans] *************************************************************************************************************
ok: [localhost] => (item=httpd_can_network_connect)
ok: [localhost] => (item=httpd_enable_homedirs)
ok: [localhost] => (item=httpd_read_user_content)
TASK [robertdebock.selinux : assert | Test item.persistent in selinux_booleans] ********************************************************************************************************
ok: [localhost] => (item=httpd_can_network_connect)
ok: [localhost] => (item=httpd_enable_homedirs)
ok: [localhost] => (item=httpd_read_user_content)
TASK [robertdebock.selinux : Install required packages] ********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.selinux : Flush handlers] *******************************************************************************************************************************************
TASK [robertdebock.selinux : Manage selinux] *******************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.selinux : Manage selinux booleans] **********************************************************************************************************************************
ok: [localhost] => (item=httpd_can_network_connect)
ok: [localhost] => (item=httpd_enable_homedirs)
ok: [localhost] => (item=httpd_read_user_content)
TASK [robertdebock.sysctl : assert | Test sysctl_set] **********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.sysctl : assert | Test sysctl_reload] *******************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.sysctl : Install requirements] **************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.sysctl : Set sysctl setting] ****************************************************************************************************************************************
ok: [localhost] => (item=vm.swappiness)
ok: [localhost] => (item=vm.vfs_cache_pressure)
TASK [robertdebock.openssh : assert | Test ssh_port] ***********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_address_family] *********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_listen_addresses] *******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_host_keys] **************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_rekey_limit] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_syslog_facility] ********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_loglevel] ***************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_login_grace_time] *******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_permit_root_login] ******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_strict_modes] ***********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_max_auth_tries] *********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_max_sessions] ***********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_pub_key_authentication] *************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_authorized_key_file] ****************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_authorized_prinicpals_file] *********************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_authorized_keys_command] ************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_authorized_keys_command_user] *******************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_host_based_authentication] **********************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_ignore_user_known_hosts] ************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_ignore_rhosts] **********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_permit_empty_passwords] *************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_password_authentication] ************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_challenge_response_authentication] **************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_gssapi_authentication] **************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_gssapi_cleanup_credentials] *********************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_gssapi_strict_acceptor_check] *******************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_gssapi_key_exchange] ****************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_gssaip_enable_k5_users] *************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_use_pam] ****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_allow_agent_forwarding] *************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_allow_tcp_forwarding] ***************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_gateway_ports] **********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_x11_forwarding] *********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_x11_display_offset] *****************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_x11_use_localhost] ******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_permit_tty] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_print_motd] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_print_last_log] *********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_tcp_keep_alive] *********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_permit_user_environment] ************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_compression] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_client_alive_interval] **************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_client_alive_count_max] *************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_show_patch_level] *******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_use_dns] ****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_pid_file] ***************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_max_startups] ***********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_permit_tunnel] **********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_chroot_directory] *******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_version_addendum] *******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_banner] *****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_accept_envs] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_subsystem] **************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_trusted_user_ca_keys] ***************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_allow_users] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : assert | Test openssh_allow_groups] ***********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.openssh : Install openssh] ******************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : Configure selinux to allow openssh_port] ******************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : Generate host key] ****************************************************************************************************************************************
ok: [localhost] => (item=rsa)
ok: [localhost] => (item=ecdsa)
ok: [localhost] => (item=ed25519)
TASK [robertdebock.openssh : Make run directory] ***************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.openssh : Configure openssh] ****************************************************************************************************************************************
changed: [localhost]
TASK [robertdebock.openssh : Start and enable openssh] *********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.openssh : Flush handlers] *******************************************************************************************************************************************
RUNNING HANDLER [robertdebock.openssh : Restart openssh] *******************************************************************************************************************************
changed: [localhost]
TASK [robertdebock.firewall : assert | Test firewall_default_protocol] *****************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : assert | Test firewall_default_rule] *********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : assert | Test firewall_services] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : assert | Test non-numeric item in firewall_services] *****************************************************************************************************
ok: [localhost] => (item=ssh)
ok: [localhost] => (item=http)
ok: [localhost] => (item=https)
TASK [robertdebock.firewall : assert | Test numeric item in firewall_services] *********************************************************************************************************
skipping: [localhost] => (item=ssh)
skipping: [localhost] => (item=http)
skipping: [localhost] => (item=https)
skipping: [localhost]
TASK [robertdebock.firewall : assert | Test item with state in firewall_services] ******************************************************************************************************
skipping: [localhost] => (item=unset)
skipping: [localhost] => (item=unset)
skipping: [localhost] => (item=unset)
skipping: [localhost]
TASK [robertdebock.firewall : Remove conflicting software] *****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : Install required software] *******************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : Start and enable firewall service] ***********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : Open ports (ufw)] ****************************************************************************************************************************************
ok: [localhost] => (item=ssh)
ok: [localhost] => (item=http)
ok: [localhost] => (item=https)
TASK [robertdebock.firewall : Close ports (ufw)] ***************************************************************************************************************************************
skipping: [localhost] => (item=ssh)
skipping: [localhost] => (item=http)
skipping: [localhost] => (item=https)
skipping: [localhost]
TASK [robertdebock.firewall : Open ports (firewalld-port)] *****************************************************************************************************************************
skipping: [localhost] => (item=ssh)
skipping: [localhost] => (item=http)
skipping: [localhost] => (item=https)
skipping: [localhost]
TASK [robertdebock.firewall : Close ports (firewalld-port)] ****************************************************************************************************************************
skipping: [localhost] => (item=ssh)
skipping: [localhost] => (item=http)
skipping: [localhost] => (item=https)
skipping: [localhost]
TASK [robertdebock.firewall : Open ports (firewalld-service)] **************************************************************************************************************************
skipping: [localhost] => (item=ssh)
skipping: [localhost] => (item=http)
skipping: [localhost] => (item=https)
skipping: [localhost]
TASK [robertdebock.firewall : Close ports (firewalld-service)] *************************************************************************************************************************
skipping: [localhost] => (item=ssh)
skipping: [localhost] => (item=http)
skipping: [localhost] => (item=https)
skipping: [localhost]
TASK [robertdebock.firewall : Enable ufw] **********************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.firewall : Configure iptables] **************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_loglevel] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_logtarget] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_ignoreself] ***********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_ignoreips] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_bantime] **************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_findtime] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_maxretry] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_destemail] ************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_sender] ***************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_configuration] ********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : assert | Test item in fail2ban_configuration] ************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.fail2ban : assert | Test fail2ban_jail_configuration] ***************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.fail2ban : assert | Test item in fail2ban_filterd_path] *************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.fail2ban : Install fail2ban] ****************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : Copy filters in filter.d] ********************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.fail2ban : Configure fail2ban.local] ********************************************************************************************************************************
ok: [localhost] => (item=loglevel)
ok: [localhost] => (item=logtarget)
ok: [localhost] => (item=ignoreip)
TASK [robertdebock.fail2ban : Configure jail.local] ************************************************************************************************************************************
ok: [localhost] => (item=ignoreself)
ok: [localhost] => (item=bantime)
ok: [localhost] => (item=findtime)
ok: [localhost] => (item=maxretry)
ok: [localhost] => (item=destemail)
ok: [localhost] => (item=sender)
TASK [robertdebock.fail2ban : Stat auth log file] **************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.fail2ban : Touch auth log file] *************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.fail2ban : Start and enable fail2ban] *******************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : Validating arguments against arg spec 'main' - Install and configure ntp on your system.] *********************************************************************
ok: [localhost]
TASK [robertdebock.ntp : assert | Test ntp_state] **************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : assert | Test ntp_enabled] ************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : assert | Test ntp_interfaces] *********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : assert | Test item in ntp_interfaces] *************************************************************************************************************************
ok: [localhost] => (item=127.0.0.1)
TASK [robertdebock.ntp : assert | Test ntp_pool] ***************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : assert | Test item in ntp_pool] *******************************************************************************************************************************
ok: [localhost] => (item=0.pool.ntp.org iburst)
ok: [localhost] => (item=1.pool.ntp.org iburst)
ok: [localhost] => (item=2.pool.ntp.org iburst)
ok: [localhost] => (item=3.pool.ntp.org iburst)
TASK [robertdebock.ntp : assert | Test ntp_server] *************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.ntp : assert | Test item in ntp_server] *****************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.ntp : assert | Test ntp_timezone] ***********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : Install packages] *********************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : Configure /etc/chrony.conf] ***********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : Install timezone information] *********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : Configure timezone] *******************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.ntp : Manage chronyd] ***********************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.software : assert | Test software_packages] *************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.software : assert | Test item.name in software_packages] ************************************************************************************************************
ok: [localhost] => (item=byobu)
TASK [robertdebock.software : assert | Test item.state in software_packages] ***********************************************************************************************************
skipping: [localhost] => (item=byobu)
skipping: [localhost]
TASK [robertdebock.software : Install packages] ****************************************************************************************************************************************
ok: [localhost] => (item=byobu)
TASK [robertdebock.users : assert | Test users_ssh_key_directory] **********************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_shell] **********************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_cron_allow] *****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_create_home] ****************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : assert | Test users_groups] *********************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.name in users_groups] ********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.gid in users_groups] *********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.state in users_groups] *******************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.system in users_groups] ******************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.name in users] ***************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.cron_allow in users] *********************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.uid in users] ****************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.authorized_keys in users] ****************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.manage_ssh_key in users] *****************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.update_password in users] ****************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.exipres in users] ************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.password_validity_days in users] *********************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : assert | Test item.system in users] *************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Install required software] **********************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Loop over users_groups] *************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Ensure the /etc/sudoers.d directory is included] ************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : Loop over users] ********************************************************************************************************************************************
skipping: [localhost]
TASK [robertdebock.users : Manage cron permission] *************************************************************************************************************************************
ok: [localhost]
TASK [robertdebock.users : Check existence of /etc/cron.allow] *************************************************************************************************************************
skipping: [localhost]
TASK [openpyme.nginx : create symbolic link for openssl] *******************************************************************************************************************************
skipping: [localhost]
TASK [openpyme.nginx : allow openperp reload nginx] ************************************************************************************************************************************
skipping: [localhost]
PLAY RECAP *****************************************************************************************************************************************************************************
localhost : ok=134 changed=2 unreachable=0 failed=0 skipped=41 rescued=0 ignored=0
Environment
- Control node Ansible version: 2.15.8
- OS: Rocky Linux 9.3 (Blue Onyx)
Please consider @robertdebock