Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible hardening fails on ubuntu 16.04 with msg": "ERROR! 'sysctl_rhel_config' is undefined #147

Closed
rreilly-edr opened this issue Oct 4, 2017 · 13 comments

Comments

@rreilly-edr
Copy link

Hi, when running the hardening against ubuntu 16.04 I get the below error, seems to think it is rhel ?

    c360-ubuntu: fatal: [127.0.0.1]: FAILED! =>
    c360-ubuntu:
    c360-ubuntu: {
    c360-ubuntu:    "_host": "127.0.0.1",
    c360-ubuntu:    "_result": {
    c360-ubuntu:       "failed": true,
    c360-ubuntu:       "msg": "ERROR! 'sysctl_rhel_config' is undefined"
    c360-ubuntu:    },
    c360-ubuntu:    "_task": "TASK: ansible-os-hardening : Change various sysctl-settings on rhel6-hosts or older, look at the sysctl-vars file for documentation"
    c360-ubuntu: }
    c360-ubuntu: 
    c360-ubuntu: fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "ERROR! 'sysctl_rhel_config' is undefined"}
    c360-ubuntu:
    c360-ubuntu: RUNNING HANDLER [nginx : restart nginx] ****************************************
    c360-ubuntu:
    c360-ubuntu: RUNNING HANDLER [nginx : reload nginx] *****************************************
    c360-ubuntu:
    c360-ubuntu: RUNNING HANDLER [php5 : restart php-fpm] ***************************************
    c360-ubuntu:
    c360-ubuntu: RUNNING HANDLER [codedeploy : start codedeploy-agent] **************************
    c360-ubuntu:
    c360-ubuntu: RUNNING HANDLER [postfix : restart postfix] ************************************
    c360-ubuntu:
    c360-ubuntu: PLAY RECAP *********************************************************************
    c360-ubuntu: 127.0.0.1                  : ok=76   changed=44   unreachable=0    failed=1
    c360-ubuntu:
==> c360-ubuntu: Terminating the source AWS instance...
==> c360-ubuntu: Cleaning up any extra volumes...
==> c360-ubuntu: No volumes to clean up, skipping
==> c360-ubuntu: Deleting temporary security group...
==> c360-ubuntu: Deleting temporary keypair...
Build 'c360-ubuntu' errored: Error executing Ansible: Non-zero exit status: 2

@rndmh3ro rndmh3ro added the bug label Oct 4, 2017
@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 4, 2017

That's strange!

Can you run ansible localhost -m setup -a 'filter=ansible_distribution' on the host and paste the output here?

@rreilly-edr
Copy link
Author

I will this is in a packer pipeline, need to spin one up and run the test, I will do this asap

@rreilly-edr
Copy link
Author

rreilly-edr commented Oct 4, 2017

Hi here is the output

localhost | SUCCESS => {
    "ansible_facts": {
        "ansible_distribution": "Ubuntu"
    }, 
    "changed": false, 
    "failed": false
}

@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 4, 2017

What kind of AMI is this? I'll try to reproduce it.

@rreilly-edr
Copy link
Author

ami-1d4e7a66

@rreilly-edr
Copy link
Author

now i cannot find that image.. but it was generic ubuntu 16.04

@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 4, 2017

I'll take a look tomorrow!

@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 5, 2017

So I just tried to replicate this issue, using the same AMI as you on AWS.
However for me it worked.
Is it possible that you provide your FULL playbook, so I can try to reproduce it?

@rj-reilly
Copy link

I will need to check, I did not write it and need to make sure there is nothing i need to redact.

@erickt
Copy link

erickt commented Oct 10, 2017

I just ran into this, and I figured out the problem. If you're like me, you just did an "apt install ansible" but that installs ansible 2.0.0. This needs 2.2.1 or higher.

@rj-reilly
Copy link

hmm, i think i did a pip install ansible but i will double check that ! thanks

@rj-reilly
Copy link

Yep it looks like the person who wrote the packer files used a bash script to install ansible from apt-get :( ok i will fix this to install from pip. thank you so much, i will report back

@rndmh3ro rndmh3ro removed the bug label Oct 23, 2017
@rndmh3ro
Copy link
Member

I checked the readme and meta-files and they already mention minimum ansible version 2.2.1., so I'm closing this now.

If you need further help, feel free to reopen!

rndmh3ro added a commit that referenced this issue Jul 24, 2020
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this issue Aug 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants