Hi all,
I have written a role that converts our current Alma Linux VMs to RHEL. As the last step I wanted to add CIS Compliance policy to the role. However, it seems to be failing.
fatal: [TESTHOST01]: FAILED! => {
"changed": true,
"cmd": [
"insights-client",
"--compliance-assign",
"<ID>"
],
"delta": "0:00:00.604603",
"end": "2026-02-27 16:01:55.984529",
"invocation": {
"module_args": {
"_raw_params": "insights-client --compliance-assign <ID>",
"_uses_shell": false,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true
}
},
"msg": "non-zero return code",
"rc": 2,
"start": "2026-02-27 16:01:55.379926",
"stderr": "usage: insights-client [-h] [--ansible-host ANSIBLE_HOST] [--checkin]\n [--collector APP] [--manifest MANIFEST]\n [--build-packagecache] [--compliance] [--conf CONF]\n [--disable-schedule] [--display-name DISPLAY_NAME]\n [--enable-schedule] [--group GROUP] [--keep-archive]\n [--list-specs] [--logging-file LOGGING_FILE]\n [--net-debug] [--no-upload] [--offline]\n [--output-dir OUTPUT_DIR] [--output-file OUTPUT_FILE]\n [--quiet] [--register] [--retry RETRIES]\n [--show-results] [--silent] [--status] [--support]\n [--test-connection] [--unregister] [--validate]\n [--verbose] [--version] [--payload PAYLOAD]\n [--content-type CONTENT_TYPE] [--diagnosis [DIAGNOSIS]]\ninsights-client: error: unrecognized arguments: --compliance-assign 476229ee-d27b-4e0d-8f75-77bd4b40e43c",
"stderr_lines": [
"usage: insights-client [-h] [--ansible-host ANSIBLE_HOST] [--checkin]",
" [--collector APP] [--manifest MANIFEST]",
" [--build-packagecache] [--compliance] [--conf CONF]",
" [--disable-schedule] [--display-name DISPLAY_NAME]",
" [--enable-schedule] [--group GROUP] [--keep-archive]",
" [--list-specs] [--logging-file LOGGING_FILE]",
" [--net-debug] [--no-upload] [--offline]",
" [--output-dir OUTPUT_DIR] [--output-file OUTPUT_FILE]",
" [--quiet] [--register] [--retry RETRIES]",
" [--show-results] [--silent] [--status] [--support]",
" [--test-connection] [--unregister] [--validate]",
" [--verbose] [--version] [--payload PAYLOAD]",
" [--content-type CONTENT_TYPE] [--diagnosis [DIAGNOSIS]]",
"insights-client: error: unrecognized arguments: --compliance-assign <ID>"
],
"stdout": "",
"stdout_lines": []
}
The actual ID was reducted
I’ve already tried using the shell module and command module with cmd. However, I still get the same results.
Strangely enough when I write a separate play to apply just the policy, it works.
The playbook is executed with become and --compliance-assign only works with the elevated privledges when you try to execute it manually on a VM.
Thanks in advance