ohlylo
commented
1 year ago The issue was having lines in inputs.yml that the script struggled to interpret; namely, comments outside of the first line. Once I removed all commented lines, the script ran completely as expected.
Non-working:
#ESXi
allesxi: true
adJoined: false
#syslogServer: 'tcp://log.test.local:514'
esxiNtpServers:
- 'time-a-g.nist.gov'
- 'time-b-g.nist.gov'
vMotionVlanId: '1'
mgtVlanId: '1'
exceptionUsers:
- root
- dcui
snmpEnabled: 'false'
esxiBuildNumber: '22088125'
#adAdminGroup: 'MyAdAdminGroup'Working:
#ESXi
allesxi: true
adJoined: false
esxiNtpServers:
- 'time-a-g.nist.gov'
- 'time-b-g.nist.gov'
vMotionVlanId: '1'
mgtVlanId: '1'
exceptionUsers:
- root
- dcui
snmpEnabled: 'false'
esxiBuildNumber: '22088125'
(This is a test environment so ignore the obviously not awesome configs :) )
Describe the bug
When running the Inspec Runner script or using inspec exec against vCenter, I'm often (but not always) getting back output with "No hosts found" and all items skipped. The json (and ckl, in the case of the runner script) are produced as expected, but show this all-items-skipped output. Repeated runs generate new json and ckl outputs that are content-identical to the previous ones.
Reproduction steps
C:\Temp\dod-compliance-and-automation\vsphere\8.0\vsphere\powercli> .\VMware_vSphere_8.0_STIG_ESXi_InSpec_Runner.ps1 -vcenter 1.2.3.4 -reportPath C:\Temp\reports -inspecPath C:\Temp\dod-compliance-and-automation\vsphere\8.0\vsphere\inspec\vmware-vsphere-8.0-stig-baseline\esxi -inputsfile .\inputs.ymlPass SSO admin credentials when prompted
Script runs as expected; CLI output indicates all asterisks for check results
Open generated CKL file in STIG Viewer, where all findings are Not Reviewed with the message "No hosts found!"
Expected behavior
The script should evaluate all the listed checks and return a result other than Not Reviewed.
Additional context
Windows 2022 PowerShell 7.3.6 Chef InSpec 5.22.3 MITRE SAF 1.2.27 vCenter 8.0.1.00300 ESXi 8.0.1 22088125