search

florianutz / ubuntu2004_cis

Ubuntu CIS Hardening Ansible Role
MIT License
108 stars 67 forks source link

Any Syntax Problem into /etc/ansible/roles/ubuntu2004_cis/tasks/prelim.yml? #46

Closed agnivgit closed 2 years ago

agnivgit commented 2 years ago

Hello @florianutz and all , Getting an issue recently however it was not there few days back --

Describe the bug We have created a harden.yml file within /etc/ansible like below -

    - name: Harden Server
      hosts: 127.0.0.1
      connection: local
      become: yes
      roles:
        - ubuntu2004_cis

While running the playbook using this yml getting error -

ansible-playbook /etc/ansible/harden.yml

ERROR! this task 'ansible.builtin.command' has extra params, which is only allowed in the following modules: group_by, meta, include_vars, import_tasks, include, shell, command, win_shell, win_command, include_tasks, add_host, script, raw, include_role, import_role, set_fact

The error appears to be in '/etc/ansible/roles/ubuntu2004_cis/tasks/prelim.yml': line 4, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

# List users in order to look files inside each home directory
- name: "PRELIM | List users accounts"
  ^ here

To Reproduce Steps to reproduce the behavior:

  1. Clone this repo to local
  2. Move 'ubuntu2004_cis' folder within /etc/ansible/roles/
  3. Run ansible playbook pointing to 'harden.yml' file created into '/etc/ansible' folder.

Expected behavior We should not receive any syntax error. This code worked on 15th Mar. So recently some changes happened to this repo.

Software

florianutz commented 2 years ago

Hello @agnivgit it looks like it is an compatibility issue with ansible 2.9.6 Ansible changed builtin names to fully-qualified collection name (FQCN) https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.10.html I updated all tasks to fqcn yesterday for future compatibility. I will have a look on it. As workaround for ansible 2.9 you can use Version 1.0.2 which does not contain fqcn names. git clone -b 1.0.2 https://github.com/florianutz/ubuntu2004_cis.git

florianutz commented 2 years ago

Hello @agnivgit I restored ansible 2.9 compatibility because Ubuntu 20.04 comes with this version. Can you please verify if main branch works for you again?

agnivgit commented 2 years ago

@florianutz Really appreciate your help on this. Yes , the main branch is working perfectly fine now

florianutz commented 2 years ago

@agnivgit thank you for reporting and retesting. I use Ansible from a central system and always install via pip. I had completely forgotten that the official Ubuntu package is still an older version. Of course, it makes no sense to be incompatible with the version supplied.