Hi,
We’ve been using ansible (combined with packer) to automatically provision a bunch of VMs to form a small company network usable for attack testing (in this little project).
This worked fine, until I upgraded one of the machines to a later OS version (IPFire 2.25 core141 → core 157), causing ansible to no longer reconnect after a reboot
task in this simple role:
- name: Copy suricata configuration files
copy:
src: "{{ item }}"
dest: "/var/ipfire/suricata/"
with_fileglob:
- "files/suricata/configs/*"
- name: Unarchive suricata rule files to cr
unarchive:
src: "files/suricata/rules.tar.xz"
dest: "/var/lib/suricata/"
- name: Add syslog output to /etc/suricata/suricata.yaml
lineinfile:
path: "/etc/suricata/suricata.yaml"
insertafter: "^outputs:"
line: " # Output alerts to syslog\n - syslog:\n enabled: yes\n facility: local5\n"
- name: Reboot after suricata config
reboot:
reboot_timeout: 180
What’s odd about this is that it also does not trigger the 180s timeout (i.e., the task runs forever until it’s eventually killed by the supervising script. I know that the timeout can potentially be double that number, but it also runs longer than that). When checking the VM in question manually, ssh is also up and running. I’m asking this here because I have absolutely no idea how to debug this - while the overall cause is obviously the version upgrade, I suspect that the actual reason is not a bug but rather some change I’m simply not aware of.