search

ansible-lockdown / Windows-2019-CIS

CIS Baseline Ansible Role for Windows 2019
MIT License
136 stars 73 forks source link

Using tag (e.g. level1-memberserver) skips the prelim_tasks #67

Closed Igor-X closed 1 year ago

Igor-X commented 1 year ago

Describe the Issue

When executing the playbook with -t level1-memberserver, the file prelim.yml is skipped because the include task in main.yml it isn't tagged - always, but rather tagged prelim_tasks. 

- name: Include the preliminary tasks
  ansible.builtin.include_tasks: prelim.yml
  tags:
      - prelim_tasks

Skipping the tasks in this file, causes the variable windows_installation_type to not be defined and the playbook fails on 2.2.33 | PATCH | Ensure Increase scheduling priority is set to Administrators Window ManagerWindow Manager Group during a lookup of that variable.

The workaround for this is to run the playbook with -t level1-memberserver,prelim_tasks,untagged. It's necessary to add untagged because the tasks in the prelim.yml file are not tagged, so while -t level1-memberserver,prelim_tasks will include the file, it won't run any tasks within the file.

Expected Behavior

Using a tag in the playbook execution shouldn't exclude tasks in prelim.yml

Actual Behavior**

TASK [/home/user1/ansible/Windows-2019-CIS : 2.2.33 | PATCH | Ensure Increase scheduling priority is set to Administrators Window ManagerWindow Manager Group] *************************
fatal: [192.168.93.131]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {{ [\"Administrators\"] if (windows_installation_type==\"Server Core\") else ([\"Administrators\",\"Window Manager\\Window Manager Group\"]) }}: 'windows_installation_type' is undefined. 'windows_installation_type' is undefined. {{ [\"Administrators\"] if (windows_installation_type==\"Server Core\") else ([\"Administrators\",\"Window Manager\\Window Manager Group\"]) }}: 'windows_installation_type' is undefined. 'windows_installation_type' is undefined\n\nThe error appears to be in '/home/user1/ansible/Windows-2019-CIS/tasks/section02.yml': line 490, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: \"2.2.33 | PATCH | Ensure Increase scheduling priority is set to Administrators Window ManagerWindow Manager Group\"\n  ^ here\n"}

Environment (please complete the following information)

Additional Notes

Anything additional goes here

Possible Solution

Not sure if there are use cases where you wouldn't want the prelim tasks tasks to run, but if there aren't any, tasks in prelim.yml should be tagged - always

MrSteve81 commented 1 year ago

@Igor-X thanks for raising this bug. I am actually going over this repo today and will look at what you have found.

MrSteve81 commented 1 year ago

This has been merged To devel branch.