Troubleshooting Ansible Playbook Errors

Archives Ansible Project
1

Hey all, so I’m trying to run this playbook that I found on github for implementing DOD STIG’s on RHEL.

https://github.com/MindPointGroup/RHEL7-STIG

It works well but there are several that fail and while I’m very new to ansible and learning the troubleshooting processes, I’m trying to isolate these in how they can be remedied.

I’m running this command: ansible-playbook stig.yml -u tsg -vvvv --tag RHEL-07-010200 --ask-pass

And it is erroring out here:

failed: [stig-test-lx] (item={u’state’: u’args_absent’, u’args’: [u’md5’, u’bigcrypt’, u’sha256’, u’blowfish’]}) => {
“changed”: false,
“item”: {
“args”: [
“md5”,
“bigcrypt”,
“sha256”,
“blowfish”
],
“state”: “args_absent”
},
“module_stderr”: “OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 49: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 28682\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to stig-test-lx closed.\r\n”,
“module_stdout”: “\r\nTraceback (most recent call last):\r\n File "/tmp/ansible_PBwk05/ansible_module_pamd.py", line 785, in \r\n main()\r\n File "/tmp/ansible_PBwk05/ansible_module_pamd.py", line 752, in main\r\n valid, msg = service.validate()\r\n File "/tmp/ansible_PBwk05/ansible_module_pamd.py", line 656, in validate\r\n if not current_line.is_valid()[0]:\r\nTypeError: ‘bool’ object is not callable\r\n”,
“msg”: “MODULE FAILURE”,
“rc”: 1
}

Any help would be greatly appreciated. Also, when I don’t isolate to a specific tag, I get several other errors, but this should hopefully help me move forward.

2

I don’t see an inventory specified in your command line. Have you been able to run any other playbook against the host you ran with stig.ym?

Perhaps try running a simple playbook with a ping module to make sure the connection is working before running with more complex playbook?
Which type of connection are you using? ssh, local, paramiko?

3

Thanks for the quick response. I am able to do several other checks. Here is my playbook. Pretty simple:

  • hosts: stig-test-lx
    roles:
  • role: RHEL7-STIG
    when:
  • ansible_os_family == ‘RedHat’
  • ansible_distribution_major_version | version_compare(‘7’, ‘=’)
4

This is the specific check that it’s trying to check and perform:

  • name: “MEDIUM | RHEL-07-010200 | PATCH | The PAM system service must be configured to store only encrypted representations of passwords.”
    pamd:
    name: system-auth
    state: “{{ item.state }}”
    type: password
    control: sufficient
    module_path: pam_unix.so
    module_arguments: “{{ item.args }}”
    with_items:
  • state: args_present
    args:
  • “sha512”
  • state: args_absent
    args:
  • “md5”
  • “bigcrypt”
  • “sha256”
  • “blowfish”
    when: rhel_07_010200
    tags:
  • RHEL-07-010200
  • pamd
5

This looks like a bug in Ansible, have you search the issue tracker for this?

6

I have not. I will check on that and see if there is one and submit if need be. Thanks again!