search

ansible-lockdown / Windows-2019-CIS

CIS Baseline Ansible Role for Windows 2019
MIT License
135 stars 73 forks source link

win2019cis_is_standalone is not defined #63

Closed murrahjm closed 1 year ago

murrahjm commented 2 years ago

Describe the Issue Task 2.3.6.1 fails on a domain joined server with the error that win2019cis_is_standalone is not defined. This variable is checked in the when clause for the task

Checking the prelim.yml file, the variable is set to true for workgroup machines, but does not appear to be set to false anywhere.

Expected Behavior The task should process correctly for a domain joined machine

Actual Behavior The conditional - not win2019cis_is_standalone fails with a not defined error message.

This variable is set in the prelim tasks but only for a stand-alone server.

This either needs to be set to false for a domain-joined machine, set to false in a defaults file, or set to false elsewhere, or the task needs to have a default value in the conditional.

Control(s) Affected 2019 playbook will not run to completion on a domain joined machine

Environment (please complete the following information):

Additional Notes Anything additional goes here

Possible Solution


      - name: set fact if domain member server
        set_fact:
            win2019cis_is_domain_member: true
            win2019cis_is_standalone: false
        when:
            - ansible_windows_domain_role == 'Member server'
georgenalen commented 2 years ago

@murrahjm, Thanks for letting me know. I have a different solution that I'm testing right now. Basically that prelim made how I handled the DC, DM, secondary DC, etc. not consistent. So I'm working on a more consistent way of dealing with that. I'm building my test setup to make sure it works, confirm no typos or anything. I should have fix for this in the devel branch at some point this morning. Thanks again for raising this one.

-George

georgenalen commented 2 years ago

@murrahjm, I have a fix in the issue_63_fix branch that fixed the issue on my side. Would you be able to run it from that branch and confirm it's fixed on your side? If it's fixed I'll merge it through.

-George

murrahjm commented 2 years ago

@georgenalen looks like you have a typo here:

https://github.com/ansible-lockdown/Windows-2019-CIS/blob/9e6b3986dae98cad563a344c23fa4a9de566ec59/tasks/section02.yml#L978

nansible instead of ansible

georgenalen commented 2 years ago

Bah, it's fixed. Thanks for catching that one.

-George

murrahjm commented 2 years ago

just ran a test on a 2019 domain joined server, finished with no errors.