Playbooks to implement Center for Internet Security (CIS) controls for RHEL (7-9), RHEL Clones, Ubuntu (18.04-22.04), and Microsoft Windows (10, Server 2019)
Thanks for opening the issue. Can you provide the firewall section of stdout, the command line that you ran, and any variables you may have set outside of the --extra-vars at the command line?
I deployed a minimal RHEL9 images and ran the task against it. It fails here:
RUNNING HANDLER [cis : Reboot] *** changed: [rhel9base] RUNNING HANDLER [cis : Restart sshd] * changed: [rhel9base] RUNNING HANDLER [cis : Restart chronyd] **** changed: [rhel9base] RUNNING HANDLER [cis : Restart journald] * changed: [rhel9base] RUNNING HANDLER [cis : Start firewalld] **** fatal: [rhel9base]: FAILED! => {"changed": false, "msg": "Unable to start service firewalld: Failed to start firewalld.service: Unit firewalld.service is masked.\n"} PLAY RECAP *** rhel9base : ok=220 changed=100 unreachable=0 failed=1 skipped=87 rescued=0 ignored=0