search

ansible-lockdown / RHEL7-CIS

Ansible role for Red Hat 7 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
472 stars 305 forks source link

ERROR! 'notify' is not a valid attribute for a Block #343

Closed achebib closed 1 week ago

achebib commented 1 month ago

Question Someone facing this issue?

ERROR! 'notify' is not a valid attribute for a Block

The error appears to be in '/home/cis_rhel7/roles/RHEL7-CIS/tasks/prelim.yml': line 204, colum n 3, but may be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

**Environment: ansible 2.10.8 config file = /home/ansible/cis_rhel7/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]

Bert-Schuurman commented 1 month ago

We also run to this error,

Error:

ERROR! 'notify' is not a valid attribute for a Block

Full output:

# ansible-playbook -vvvv site.yml -i invent.ini | tee /var/log/log_cis_$(date +%s).txt                                                                        ansible-playbook 2.9.27
  config file = /root/first_boot/RHEL7-CIS/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules', u'/root/first_boot/RHEL7-CIS/library']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible-playbook
  python version = 2.7.5 (default, Oct  6 2023, 09:53:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /root/first_boot/RHEL7-CIS/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /root/first_boot/RHEL7-CIS/invent.ini as it did not pass its verify_file() method
script declined parsing /root/first_boot/RHEL7-CIS/invent.ini as it did not pass its verify_file() method
auto declined parsing /root/first_boot/RHEL7-CIS/invent.ini as it did not pass its verify_file() method
yaml declined parsing /root/first_boot/RHEL7-CIS/invent.ini as it did not pass its verify_file() method
Set default localhost to localhost
Parsed /root/first_boot/RHEL7-CIS/invent.ini inventory source with ini plugin
statically imported: /root/first_boot/RHEL7-CIS/tasks/check_prereqs.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/prelim.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/parse_etc_password.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/pre_remediation_audit.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/audit_only.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/main.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.1.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.1.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.2.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.3.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.4.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.5.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.6.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.1.2.7.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.2.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.3.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.4.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.5.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/warning_facts.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.6.x.yml
statically imported: /root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.7.x.yml
ERROR! 'notify' is not a valid attribute for a Block

The error appears to be in '/root/first_boot/RHEL7-CIS/tasks/section_1/cis_1.7.x.yml': line 65, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

- name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle"
  ^ here
uk-bolly commented 1 month ago

hi @achebib

Thank you for taking the time to raise the issue and providing this most helpful information. Unfortunately it didn't get a chance to run to show that the minimal version of ansible is 2.11.1 that is supported. It failed while loading the content hence why you have the error. 2.10 is now quite old it went EOL May 2022. We do try and keep it as backwardly compatible as possible but unfortunately this is not possible in this case for the version you are using.

It maybe just a matter of moving it to the task for the one control, but other items may then fail.

kindest

uk-bolly

uk-bolly commented 1 week ago

hi @achebib

I will close this issue, for reference i have managed to run a newer version of python on a rhel7 control node using virtual environment, which may help you.

many thanks

uk-bolly