Skip to content

Instantly share code, notes, and snippets.

@strarsis
Created February 28, 2017 16:45
Show Gist options
  • Save strarsis/93f470fc9a374e82f009802c0924c59c to your computer and use it in GitHub Desktop.
Save strarsis/93f470fc9a374e82f009802c0924c59c to your computer and use it in GitHub Desktop.
ansible playbook log
2017-02-28 17:27:41,215 p=23611 u=build | Using <redacted project folder path>/trellis/ansible.cfg as config file
2017-02-28 17:27:41,338 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/common/tasks/disable_challenge_sites.yml
2017-02-28 17:27:41,345 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/common/tasks/reload_nginx.yml
2017-02-28 17:27:41,470 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/users/tasks/connection-warnings.yml
2017-02-28 17:27:41,611 p=23611 u=build | statically included: <redacted project folder path>/trellis/vendor/roles/composer/tasks/global-require.yml
2017-02-28 17:27:41,653 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/letsencrypt/tasks/setup.yml
2017-02-28 17:27:41,668 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/letsencrypt/tasks/nginx.yml
2017-02-28 17:27:41,679 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/letsencrypt/tasks/certificates.yml
2017-02-28 17:27:41,701 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/wordpress-setup/tasks/database.yml
2017-02-28 17:27:41,708 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/wordpress-setup/tasks/self-signed-certificate.yml
2017-02-28 17:27:41,716 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/wordpress-setup/tasks/nginx-includes.yml
2017-02-28 17:27:41,724 p=23611 u=build | statically included: <redacted project folder path>/trellis/roles/wordpress-setup/tasks/nginx.yml
2017-02-28 17:27:41,798 p=23611 u=build | Loading callback plugin output of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/__init__.pyc
2017-02-28 17:27:41,820 p=23611 u=build | PLAYBOOK: server.yml ***********************************************************
2017-02-28 17:27:41,821 p=23611 u=build | 4 plays in server.yml
2017-02-28 17:27:41,823 p=23611 u=build | PLAY [Ensure necessary variables are defined] **********************************
2017-02-28 17:27:41,850 p=23611 u=build | TASK [Ensure environment is defined] *******************************************
2017-02-28 17:27:41,851 p=23611 u=build | task path: <redacted project folder path>/trellis/variable-check.yml:8
2017-02-28 17:27:41,880 p=23611 u=build | skipping: [localhost] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:41,894 p=23611 u=build | PLAY [Determine Remote User] ***************************************************
2017-02-28 17:27:41,899 p=23611 u=build | TASK [remote-user : Require manual definition of remote-user] ******************
2017-02-28 17:27:41,899 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/remote-user/tasks/main.yml:2
2017-02-28 17:27:41,915 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:41,916 p=23611 u=build | TASK [remote-user : Check whether Ansible can connect as root] *****************
2017-02-28 17:27:41,917 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/remote-user/tasks/main.yml:9
2017-02-28 17:27:42,025 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/commands/command.py
2017-02-28 17:27:48,263 p=23644 u=build | <redacted host> | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
"unreachable": true
}
2017-02-28 17:27:48,343 p=23611 u=build | ok: [<redacted host> -> localhost] => {
"changed": false,
"cmd": [
"ansible",
"<redacted host>",
"-m",
"raw",
"-a",
"whoami",
"-u",
"root",
"--connection=smart",
"--timeout=10",
"--inventory-file=hosts"
],
"delta": "0:00:06.209958",
"end": "2017-02-28 17:27:48.330934",
"failed": false,
"failed_when_result": false,
"invocation": {
"module_args": {
"_raw_params": "ansible <redacted host> -m raw -a whoami -u root --connection='smart' --timeout='10' --inventory-file='hosts'",
"_uses_shell": false,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"warn": true
},
"module_name": "command"
},
"rc": 4,
"start": "2017-02-28 17:27:42.120976",
"stderr": "",
"stdout": "\u001b[1;31m<redacted host> | UNREACHABLE! => {\n \"changed\": false, \n \"msg\": \"Failed to connect to the host via ssh: Permission denied (publickey).\\r\\n\", \n \"unreachable\": true\n}\u001b[0m",
"stdout_lines": [
"\u001b[1;31m<redacted host> | UNREACHABLE! => {",
" \"changed\": false, ",
" \"msg\": \"Failed to connect to the host via ssh: Permission denied (publickey).\\r\\n\", ",
" \"unreachable\": true",
"}\u001b[0m"
],
"warnings": []
}
2017-02-28 17:27:48,345 p=23611 u=build | TASK [remote-user : Set remote user for each host] *****************************
2017-02-28 17:27:48,346 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/remote-user/tasks/main.yml:16
2017-02-28 17:27:48,369 p=23611 u=build | ok: [<redacted host>] => {
"ansible_facts": {
"ansible_user": "admin"
},
"changed": false,
"invocation": {
"module_args": {
"ansible_user": "admin"
},
"module_name": "set_fact"
}
}
2017-02-28 17:27:48,370 p=23611 u=build | TASK [remote-user : Announce which user was selected] **************************
2017-02-28 17:27:48,371 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/remote-user/tasks/main.yml:21
2017-02-28 17:27:48,391 p=23611 u=build | Note: Ansible will attempt connections as user = admin
2017-02-28 17:27:48,392 p=23611 u=build | ok: [<redacted host>] => {}
2017-02-28 17:27:48,393 p=23611 u=build | TASK [remote-user : Load become password] **************************************
2017-02-28 17:27:48,393 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/remote-user/tasks/main.yml:25
2017-02-28 17:27:48,415 p=23611 u=build | ok: [<redacted host>] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
2017-02-28 17:27:48,420 p=23611 u=build | PLAY [Install prerequisites] ***************************************************
2017-02-28 17:27:48,424 p=23611 u=build | TASK [Install Python 2.x] ******************************************************
2017-02-28 17:27:48,424 p=23611 u=build | task path: <redacted project folder path>/trellis/server.yml:17
2017-02-28 17:27:49,665 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"invocation": {
"module_args": {
"_raw_params": "which python || sudo apt-get update && sudo apt-get install -qq -y python-simplejson"
},
"module_name": "raw"
},
"rc": 0,
"stderr": "OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /home/build/.ssh/config\r\ndebug1: /home/build/.ssh/config line 7: Applying options for <redacted host>\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/build/.ansible/cp/ansible-ssh-<redacted ip>-22-admin\" does not exist\r\ndebug2: resolving \"<redacted ip>\" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to <redacted ip> [<redacted ip>] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9953 ms remain after connect\r\ndebug1: identity file /home/build/.ssh/admin_id_ed25519 type 4\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /home/build/.ssh/admin_id_ed25519-cert type -1\r\ndebug1: identity file /home/build/.ssh/web_id_ed25519 type 4\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /home/build/.ssh/web_id_ed25519-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2\r\ndebug1: match: OpenSSH_7.2p2 pat OpenSSH* compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to <redacted ip>:22 as 'admin'\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: [email protected],[email protected],ssh-ed25519,ssh-rsa\r\ndebug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,[email protected],zlib\r\ndebug2: compression stoc: none,[email protected],zlib\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: [email protected],diffie-hellman-group-exchange-sha256\r\ndebug2: host key algorithms: ssh-ed25519,ssh-rsa,rsa-sha2-512,rsa-sha2-256\r\ndebug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr\r\ndebug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr\r\ndebug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160\r\ndebug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160\r\ndebug2: compression ctos: none,[email protected]\r\ndebug2: compression stoc: none,[email protected]\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: [email protected]\r\ndebug1: kex: host key algorithm: ssh-ed25519\r\ndebug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none\r\ndebug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ssh-ed25519 SHA256:<redacted fingerprint 2>\r\ndebug3: hostkeys_foreach: reading file \"/home/build/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ED25519 in file /home/build/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from <redacted ip>\r\ndebug1: Host '<redacted ip>' is known and matches the ED25519 host key.\r\ndebug1: Found key in /home/build/.ssh/known_hosts:1\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: key: /home/build/.ssh/web_id_ed25519 (0x5560c6540400), explicit, agent\r\ndebug2: key: /home/build/.ssh/admin_id_ed25519 (0x5560c653efe0), explicit, agent\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 7\r\ndebug1: SSH2_MSG_EXT_INFO received\r\ndebug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey\r\ndebug3: start over, passed a different list publickey\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Offering ED25519 public key: /home/build/.ssh/web_id_ed25519\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey\r\ndebug1: Offering ED25519 public key: /home/build/.ssh/admin_id_ed25519\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 60\r\ndebug1: Server accepts key: pkalg ssh-ed25519 blen 51\r\ndebug2: input_userauth_pk_ok: fp SHA256:<redacted fingerprint>\r\ndebug3: sign_and_send_pubkey: ED25519 SHA256:<redacted fingerprint>\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 52\r\ndebug1: Authentication succeeded (publickey).\r\nAuthenticated to <redacted ip> ([<redacted ip>]:22).\r\ndebug1: setting up multiplex master socket\r\ndebug3: muxserver_listen: temporary control path /home/build/.ansible/cp/ansible-ssh-<redacted ip>-22-admin.6npkKkFfuTnaHfUl\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug3: fd 5 is O_NONBLOCK\r\ndebug3: fd 5 is O_NONBLOCK\r\ndebug1: channel 0: new [/home/build/.ansible/cp/ansible-ssh-<redacted ip>-22-admin]\r\ndebug3: muxserver_listen: mux listener channel 0 fd 5\r\ndebug2: fd 3 setting TCP_NODELAY\r\ndebug3: ssh_packet_set_tos: set IP_TOS 0x08\r\ndebug1: control_persist_detach: backgrounding master process\r\ndebug2: control_persist_detach: background process is 23693\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering interactive session.\r\ndebug1: pledge: id\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug1: multiplexing control connection\r\ndebug2: fd 6 setting O_NONBLOCK\r\ndebug3: fd 6 is O_NONBLOCK\r\ndebug1: channel 1: new [mux-control]\r\ndebug3: channel_post_mux_listener: new mux channel 1 fd 6\r\ndebug3: mux_master_read_cb: channel 1: hello sent\r\ndebug2: set_control_persist_exit_time: cancel scheduled exit\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4\r\ndebug2: process_mux_master_hello: channel 1 slave version 4\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4\r\ndebug2: process_mux_alive_check: channel 1: alive check\r\ndebug3: mux_client_request_alive: done pid = 23695\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 315\r\ndebug2: process_mux_new_session: channel 1: request tty 1, X 0, agent 1, subsys 0, term \"screen-256color\", cmd \"sudo -H -S -p \"[sudo via ansible, key=byvogioehiwtjcwiifaooxcuevfyfyoq] password: \" -u root /bin/sh -c 'echo BECOME-SUCCESS-byvogioehiwtjcwiifaooxcuevfyfyoq; which python || sudo apt-get update && sudo apt-get install -qq -y python-simplejson'\", env 1\r\ndebug3: process_mux_new_session: got fds stdin 7, stdout 8, stderr 9\r\ndebug2: fd 8 setting O_NONBLOCK\r\ndebug2: fd 9 setting O_NONBLOCK\r\ndebug1: channel 2: new [client-session]\r\ndebug2: process_mux_new_session: channel_new: 2 linked to control channel 1\r\ndebug2: channel 2: send open\r\ndebug3: send packet: type 90\r\ndebug3: receive packet: type 80\r\ndebug1: client_input_global_request: rtype [email protected] want_reply 0\r\ndebug3: receive packet: type 91\r\ndebug2: callback start\r\ndebug1: Requesting authentication agent forwarding.\r\ndebug2: channel 2: request [email protected] confirm 0\r\ndebug3: send packet: type 98\r\ndebug2: client_session2_setup: id 2\r\ndebug2: channel 2: request pty-req confirm 1\r\ndebug3: send packet: type 98\r\ndebug1: Sending environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug2: channel 2: request env confirm 0\r\ndebug3: send packet: type 98\r\ndebug1: Sending command: sudo -H -S -p \"[sudo via ansible, key=byvogioehiwtjcwiifaooxcuevfyfyoq] password: \" -u root /bin/sh -c 'echo BECOME-SUCCESS-byvogioehiwtjcwiifaooxcuevfyfyoq; which python || sudo apt-get update && sudo apt-get install -qq -y python-simplejson'\r\ndebug2: channel 2: request exec confirm 1\r\ndebug3: send packet: type 98\r\ndebug3: mux_session_confirm: sending success reply\r\ndebug2: callback done\r\ndebug2: channel 2: open confirm rwindow 0 rmax 32768\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: receive packet: type 99\r\ndebug2: channel_input_status_confirm: type 99 id 2\r\ndebug2: PTY allocation request accepted on channel 2\r\ndebug2: channel 2: rcvd adjust 2097152\r\ndebug3: receive packet: type 99\r\ndebug2: channel_input_status_confirm: type 99 id 2\r\ndebug2: exec request accepted on channel 2\r\ndebug3: receive packet: type 2\r\ndebug3: Received SSH2_MSG_IGNORE\r\ndebug3: receive packet: type 96\r\ndebug2: channel 2: rcvd eof\r\ndebug2: channel 2: output open -> drain\r\ndebug2: channel 2: obuf empty\r\ndebug2: channel 2: close_write\r\ndebug2: channel 2: output drain -> closed\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype exit-status reply 0\r\ndebug3: mux_exit_message: channel 2: exit message, exitval 0\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype [email protected] reply 0\r\ndebug2: channel 2: rcvd eow\r\ndebug2: channel 2: close_read\r\ndebug2: channel 2: input open -> closed\r\ndebug3: receive packet: type 97\r\ndebug2: channel 2: rcvd close\r\ndebug3: channel 2: will not send data after close\r\ndebug2: channel 2: send close\r\ndebug3: send packet: type 97\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: gc: notify user\r\ndebug3: mux_master_session_cleanup_cb: entering for channel 2\r\ndebug2: channel 1: rcvd close\r\ndebug2: channel 1: output open -> drain\r\ndebug2: channel 1: close_read\r\ndebug2: channel 1: input open -> closed\r\ndebug2: channel 2: gc: user detached\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: garbage collecting\r\ndebug1: channel 2: free: client-session, nchannels 3\r\ndebug3: channel 2: status: The following connections are open:\r\n #2 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)\r\n\r\ndebug2: channel 1: obuf empty\r\ndebug2: channel 1: close_write\r\ndebug2: channel 1: output drain -> closed\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: gc: notify user\r\ndebug3: mux_master_control_cleanup_cb: entering for channel 1\r\ndebug2: channel 1: gc: user detached\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: garbage collecting\r\ndebug1: channel 1: free: mux-control, nchannels 2\r\ndebug3: channel 1: status: The following connections are open:\r\n\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to <redacted ip> closed.\r\n",
"stdout": "\r\n/usr/bin/python\r\n",
"stdout_lines": [
"",
"/usr/bin/python"
]
}
2017-02-28 17:27:49,677 p=23611 u=build | PLAY [WordPress Server - Install LEMP Stack with PHP 7.1 and MariaDB MySQL] ****
2017-02-28 17:27:49,720 p=23611 u=build | TASK [setup] *******************************************************************
2017-02-28 17:27:49,892 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/setup.py
2017-02-28 17:27:50,460 p=23611 u=build | ok: [<redacted host>]
2017-02-28 17:27:50,463 p=23611 u=build | TASK [common : Validate Ansible version] ***************************************
2017-02-28 17:27:50,463 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:2
2017-02-28 17:27:50,486 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:50,489 p=23611 u=build | TASK [common : Validate format of site_hosts] **********************************
2017-02-28 17:27:50,489 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:13
2017-02-28 17:27:50,516 p=23611 u=build | skipping: [<redacted host>] => (item={'key': u'<redacted domain>', 'value': {u'multisite': {u'enabled': False}, u'nginx_wordpress_site_conf': u'nginx-includes/<redacted domain>.conf.child', u'cache': {u'enabled': True}, u'ssl': {u'enabled': True, u'provider': u'letsencrypt'}, u'local_path': u'../site', u'site_hosts': [{u'redirects': [u'<redacted domain>'], u'canonical': u'www.<redacted domain>'}], u'admin_email': u'<redacted email>'}}) => {
"changed": false,
"item": {
"key": "<redacted domain>",
"value": {
"admin_email": "<redacted email>",
"cache": {
"enabled": true
},
"local_path": "../site",
"multisite": {
"enabled": false
},
"nginx_wordpress_site_conf": "nginx-includes/<redacted domain>.conf.child",
"site_hosts": [
{
"canonical": "www.<redacted domain>",
"redirects": [
"<redacted domain>"
]
}
],
"ssl": {
"enabled": true,
"provider": "letsencrypt"
}
}
},
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:50,518 p=23611 u=build | TASK [common : Validate Ubuntu version] ****************************************
2017-02-28 17:27:50,519 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:20
2017-02-28 17:27:50,539 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:50,542 p=23611 u=build | TASK [common : Check whether passlib is needed] ********************************
2017-02-28 17:27:50,543 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:37
2017-02-28 17:27:50,565 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:50,567 p=23611 u=build | TASK [common : Retrieve local SSH client's settings per host] ******************
2017-02-28 17:27:50,568 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:47
2017-02-28 17:27:50,638 p=23611 u=build | ok: [<redacted host>] => {
"ansible_facts": {
"ssh_client_ciphers": "ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc",
"ssh_client_host_key_algorithms": "hostkeyalgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa",
"ssh_client_kex": "kexalgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1",
"ssh_client_macs": "macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1"
},
"changed": false,
"invocation": {
"module_args": {
"ssh_client_ciphers": "ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc",
"ssh_client_host_key_algorithms": "hostkeyalgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa",
"ssh_client_kex": "kexalgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1",
"ssh_client_macs": "macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1"
},
"module_name": "set_fact"
}
}
2017-02-28 17:27:50,640 p=23611 u=build | TASK [common : Validate compatible settings between SSH client and server] *****
2017-02-28 17:27:50,641 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:56
2017-02-28 17:27:50,673 p=23611 u=build | File lookup using <redacted project folder path>/trellis/roles/common/templates/validate_ssh_msg.j2 as file
2017-02-28 17:27:50,721 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"invocation": {
"module_args": {
"msg": "Your local SSH client settings will not support the settings that the sshd role will apply to the SSH server (on <redacted host>).\n\nSee https://github.com/roots/trellis/tree/master/roles/sshd#ciphers-kexalgorithms-and-macs\n---------------------------------------------------\n\nTo disable this validation and warning, define `validate_ssh: false`\n",
"that": [
"overlapping_ciphers | count",
"overlapping_kex | count",
"overlapping_macs | count",
"overlapping_host_keys | count"
]
},
"module_name": "assert"
},
"msg": "All assertions passed"
}
2017-02-28 17:27:50,724 p=23611 u=build | TASK [common : Checking essentials] ********************************************
2017-02-28 17:27:50,724 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:67
2017-02-28 17:27:50,859 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/packaging/os/apt.py
2017-02-28 17:27:51,588 p=23611 u=build | ok: [<redacted host>] => (item=[u'python-software-properties', u'python-pycurl', u'build-essential', u'python-mysqldb', u'curl', u'git-core', u'dbus', u'libnss-myhostname']) => {
"cache_update_time": 1488298344,
"cache_updated": false,
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 3600,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": null,
"name": [
"python-software-properties",
"python-pycurl",
"build-essential",
"python-mysqldb",
"curl",
"git-core",
"dbus",
"libnss-myhostname"
],
"only_upgrade": false,
"package": [
"python-software-properties",
"python-pycurl",
"build-essential",
"python-mysqldb",
"curl",
"git-core",
"dbus",
"libnss-myhostname"
],
"purge": false,
"state": "present",
"update_cache": true,
"upgrade": null
},
"module_name": "apt"
},
"item": [
"python-software-properties",
"python-pycurl",
"build-essential",
"python-mysqldb",
"curl",
"git-core",
"dbus",
"libnss-myhostname"
]
}
2017-02-28 17:27:51,591 p=23611 u=build | TASK [common : Validate timezone variable] *************************************
2017-02-28 17:27:51,592 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:75
2017-02-28 17:27:51,683 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:27:52,021 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_checksum": true,
"get_md5": true,
"mime": false,
"path": "/usr/share/zoneinfo/Etc/UTC"
},
"module_name": "stat"
},
"stat": {
"atime": 1488278041.0049365,
"ctime": 1487500374.2938366,
"dev": 64512,
"executable": false,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 932163,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": true,
"isreg": false,
"issock": false,
"isuid": false,
"lnk_source": "/usr/share/zoneinfo/Zulu",
"mode": "0777",
"mtime": 1481108384.0,
"nlink": 1,
"path": "/usr/share/zoneinfo/Etc/UTC",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 7,
"uid": 0,
"wgrp": true,
"woth": true,
"writeable": true,
"wusr": true,
"xgrp": true,
"xoth": true,
"xusr": true
}
}
2017-02-28 17:27:52,023 p=23611 u=build | TASK [common : Explain timezone error] *****************************************
2017-02-28 17:27:52,024 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:81
2017-02-28 17:27:52,045 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:52,047 p=23611 u=build | TASK [common : Add myhostname to nsswitch.conf to ensure resolvable hostname] **
2017-02-28 17:27:52,049 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:86
2017-02-28 17:27:52,144 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/lineinfile.py
2017-02-28 17:27:52,460 p=23611 u=build | ok: [<redacted host>] => {
"backup": "",
"changed": false,
"diff": [
{
"after": "",
"after_header": "/etc/nsswitch.conf (content)",
"before": "",
"before_header": "/etc/nsswitch.conf (content)"
},
{
"after_header": "/etc/nsswitch.conf (file attributes)",
"before_header": "/etc/nsswitch.conf (file attributes)"
}
],
"invocation": {
"module_args": {
"backrefs": true,
"backup": true,
"content": null,
"create": false,
"delimiter": null,
"dest": "/etc/nsswitch.conf",
"directory_mode": null,
"follow": false,
"force": null,
"group": null,
"insertafter": null,
"insertbefore": null,
"line": "\\1 myhostname",
"mode": null,
"owner": null,
"regexp": "^(hosts\\:((?!myhostname).)*)$",
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "present",
"unsafe_writes": null,
"validate": null
},
"module_name": "lineinfile"
},
"msg": ""
}
2017-02-28 17:27:52,463 p=23611 u=build | TASK [common : Generate SSH key for vagrant user] ******************************
2017-02-28 17:27:52,463 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:95
2017-02-28 17:27:52,481 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:52,484 p=23611 u=build | TASK [common : Retrieve SSH client IP] *****************************************
2017-02-28 17:27:52,484 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/common/tasks/main.yml:101
2017-02-28 17:27:52,591 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/extras/network/ipify_facts.py
2017-02-28 17:27:53,768 p=23611 u=build | ok: [<redacted host>] => {
"ansible_facts": {
"ipify_public_ip": "80.187.119.6"
},
"changed": false,
"invocation": {
"module_args": {
"api_url": "https://api.ipify.org"
},
"module_name": "ipify_facts"
}
}
2017-02-28 17:27:53,770 p=23611 u=build | TASK [swapfile : Write swapfile] ***********************************************
2017-02-28 17:27:53,770 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:2
2017-02-28 17:27:53,796 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/commands/command.py
2017-02-28 17:27:54,156 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"cmd": " fallocate -l 1GB /swapfile ",
"invocation": {
"module_args": {
"_raw_params": " fallocate -l 1GB /swapfile ",
"_uses_shell": false,
"chdir": null,
"creates": "/swapfile",
"executable": null,
"removes": null,
"warn": true
},
"module_name": "command"
},
"rc": 0,
"stdout": "skipped, since /swapfile exists",
"stdout_lines": [
"skipped, since /swapfile exists"
]
}
2017-02-28 17:27:54,158 p=23611 u=build | TASK [swapfile : Set swapfile permissions] *************************************
2017-02-28 17:27:54,159 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:12
2017-02-28 17:27:54,256 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:27:54,541 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"diff": {
"after": {
"path": "/swapfile"
},
"before": {
"path": "/swapfile"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": null,
"mode": "600",
"original_basename": null,
"owner": null,
"path": "/swapfile",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
},
"module_name": "file"
},
"mode": "0600",
"owner": "root",
"path": "/swapfile",
"size": 1000000000,
"state": "file",
"uid": 0
}
2017-02-28 17:27:54,544 p=23611 u=build | TASK [swapfile : Create swapfile] **********************************************
2017-02-28 17:27:54,544 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:16
2017-02-28 17:27:54,563 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:54,566 p=23611 u=build | TASK [swapfile : Enable swapfile] **********************************************
2017-02-28 17:27:54,567 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:21
2017-02-28 17:27:54,588 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:54,591 p=23611 u=build | TASK [swapfile : Add swapfile to /etc/fstab] ***********************************
2017-02-28 17:27:54,592 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:25
2017-02-28 17:27:54,616 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/lineinfile.py
2017-02-28 17:27:54,915 p=23611 u=build | ok: [<redacted host>] => {
"backup": "",
"changed": false,
"diff": [
{
"after": "",
"after_header": "/etc/fstab (content)",
"before": "",
"before_header": "/etc/fstab (content)"
},
{
"after_header": "/etc/fstab (file attributes)",
"before_header": "/etc/fstab (file attributes)"
}
],
"invocation": {
"module_args": {
"backrefs": false,
"backup": false,
"content": null,
"create": false,
"delimiter": null,
"dest": "/etc/fstab",
"directory_mode": null,
"follow": false,
"force": null,
"group": null,
"insertafter": null,
"insertbefore": null,
"line": "/swapfile none swap sw 0 0",
"mode": null,
"owner": null,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "present",
"unsafe_writes": null,
"validate": null
},
"module_name": "lineinfile"
},
"msg": ""
}
2017-02-28 17:27:54,918 p=23611 u=build | TASK [swapfile : Configure vm.swappiness] **************************************
2017-02-28 17:27:54,918 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:29
2017-02-28 17:27:54,939 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:54,942 p=23611 u=build | TASK [swapfile : Configure vm.vfs_cache_pressure] ******************************
2017-02-28 17:27:54,943 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/swapfile/tasks/main.yml:34
2017-02-28 17:27:54,965 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:27:54,967 p=23611 u=build | TASK [fail2ban : ensure fail2ban is installed] *********************************
2017-02-28 17:27:54,968 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/fail2ban/tasks/main.yml:2
2017-02-28 17:27:54,989 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/packaging/os/apt.py
2017-02-28 17:27:55,657 p=23611 u=build | ok: [<redacted host>] => {
"cache_update_time": 1488298344,
"cache_updated": false,
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 3600,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": null,
"only_upgrade": false,
"package": [
"fail2ban"
],
"pkg": "fail2ban",
"purge": false,
"state": "latest",
"update_cache": true,
"upgrade": null
},
"module_name": "apt"
}
}
2017-02-28 17:27:55,660 p=23611 u=build | TASK [fail2ban : ensure fail2ban is configured] ********************************
2017-02-28 17:27:55,660 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/fail2ban/tasks/main.yml:11
2017-02-28 17:27:55,788 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:27:56,604 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/copy.py
2017-02-28 17:27:57,008 p=23611 u=build | changed: [<redacted host>] => (item=jail.local) => {
"changed": true,
"checksum": "474166382efc36f04cf2f82bbf7ef99073dacb33",
"dest": "/etc/fail2ban/jail.local",
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": false,
"content": null,
"delimiter": null,
"dest": "/etc/fail2ban/jail.local",
"directory_mode": null,
"follow": true,
"force": true,
"group": null,
"mode": null,
"original_basename": "jail.local.j2",
"owner": null,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": "/home/admin/.ansible/tmp/ansible-tmp-1488299275.7-91112385655072/source",
"unsafe_writes": null,
"validate": null
}
},
"item": "jail.local",
"md5sum": "2ca0bf097f7f88554cac65a35257fcfe",
"mode": "0644",
"owner": "root",
"size": 864,
"src": "/home/admin/.ansible/tmp/ansible-tmp-1488299275.7-91112385655072/source",
"state": "file",
"uid": 0
}
2017-02-28 17:27:57,113 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:27:57,394 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:27:57,784 p=23611 u=build | NOTIFIED HANDLER restart fail2ban
2017-02-28 17:27:57,790 p=23611 u=build | ok: [<redacted host>] => (item=fail2ban.local) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/fail2ban/fail2ban.local"
},
"before": {
"path": "/etc/fail2ban/fail2ban.local"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/fail2ban/fail2ban.local",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": null,
"original_basename": "fail2ban.local.j2",
"owner": null,
"path": "/etc/fail2ban/fail2ban.local",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"item": "fail2ban.local",
"mode": "0644",
"owner": "root",
"path": "/etc/fail2ban/fail2ban.local",
"size": 124,
"state": "file",
"uid": 0
}
2017-02-28 17:27:57,793 p=23611 u=build | TASK [fail2ban : ensure fail2ban starts on a fresh reboot] *********************
2017-02-28 17:27:57,793 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/fail2ban/tasks/main.yml:21
2017-02-28 17:27:57,814 p=23611 u=build | Running systemd
2017-02-28 17:27:57,890 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/systemd.py
2017-02-28 17:27:58,230 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"enabled": true,
"invocation": {
"module_args": {
"daemon_reload": false,
"enabled": true,
"masked": null,
"name": "fail2ban",
"state": "started",
"user": false
}
},
"name": "fail2ban",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"ActiveEnterTimestampMonotonic": "767973991837",
"ActiveExitTimestamp": "Tue 2017-02-28 16:14:13 UTC",
"ActiveExitTimestampMonotonic": "767972764653",
"ActiveState": "active",
"After": "system.slice iptables.service network.target systemd-journald.socket firewalld.service basic.target sysinit.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"AssertTimestampMonotonic": "767973613538",
"Before": "shutdown.target multi-user.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CPUUsageNSec": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "yes",
"ConditionTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"ConditionTimestampMonotonic": "767973613538",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/fail2ban.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "Fail2Ban Service",
"DevicePolicy": "auto",
"Documentation": "man:fail2ban(1)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "49433",
"ExecMainStartTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"ExecMainStartTimestampMonotonic": "767973991827",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/bin/fail2ban-client ; argv[]=/usr/bin/fail2ban-client reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/bin/fail2ban-client ; argv[]=/usr/bin/fail2ban-client -x start ; ignore_errors=no ; start_time=[Tue 2017-02-28 16:14:14 UTC] ; stop_time=[Tue 2017-02-28 16:14:14 UTC] ; pid=49429 ; code=exited ; status=0 }",
"ExecStop": "{ path=/usr/bin/fail2ban-client ; argv[]=/usr/bin/fail2ban-client stop ; ignore_errors=no ; start_time=[Tue 2017-02-28 16:14:13 UTC] ; stop_time=[Tue 2017-02-28 16:14:14 UTC] ; pid=49414 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/lib/systemd/system/fail2ban.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "fail2ban.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"InactiveEnterTimestampMonotonic": "767973612248",
"InactiveExitTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"InactiveExitTimestampMonotonic": "767973628110",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "18446744073709551615",
"LimitASSoft": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCORESoft": "0",
"LimitCPU": "18446744073709551615",
"LimitCPUSoft": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitDATASoft": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitFSIZESoft": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitLOCKSSoft": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "4096",
"LimitNOFILESoft": "1024",
"LimitNPROC": "15629",
"LimitNPROCSoft": "15629",
"LimitRSS": "18446744073709551615",
"LimitRSSSoft": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "18446744073709551615",
"LimitRTTIMESoft": "18446744073709551615",
"LimitSIGPENDING": "15629",
"LimitSIGPENDINGSoft": "15629",
"LimitSTACK": "18446744073709551615",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"MainPID": "49433",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"NFileDescriptorStore": "0",
"Names": "fail2ban.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/var/run/fail2ban/fail2ban.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "system.slice sysinit.target",
"Restart": "always",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StateChangeTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"StateChangeTimestampMonotonic": "767973991837",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "enabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"WatchdogTimestampMonotonic": "767973991836",
"WatchdogUSec": "0"
},
"warnings": []
}
2017-02-28 17:27:58,233 p=23611 u=build | TASK [ferm : ensure ferm status is in debconf] *********************************
2017-02-28 17:27:58,233 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:2
2017-02-28 17:27:58,329 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/extras/system/debconf.py
2017-02-28 17:27:58,879 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"current": {
"ferm/enable": "true"
},
"invocation": {
"module_args": {
"name": "ferm",
"question": "ferm/enable",
"unseen": null,
"value": "true",
"vtype": "boolean"
},
"module_name": "debconf"
},
"msg": ""
}
2017-02-28 17:27:58,881 p=23611 u=build | TASK [ferm : ensure ferm is installed] *****************************************
2017-02-28 17:27:58,882 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:9
2017-02-28 17:27:58,903 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/packaging/os/apt.py
2017-02-28 17:27:59,647 p=23611 u=build | ok: [<redacted host>] => {
"cache_update_time": 1488298344,
"cache_updated": false,
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 3600,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": false,
"only_upgrade": false,
"package": [
"ferm"
],
"pkg": "ferm",
"purge": false,
"state": "latest",
"update_cache": true,
"upgrade": null
},
"module_name": "apt"
}
}
2017-02-28 17:27:59,649 p=23611 u=build | TASK [ferm : ensure configuration directories exist] ***************************
2017-02-28 17:27:59,650 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:19
2017-02-28 17:27:59,673 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:00,039 p=23611 u=build | ok: [<redacted host>] => (item=/etc/ferm/ferm.d) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ferm/ferm.d"
},
"before": {
"path": "/etc/ferm/ferm.d"
}
},
"gid": 4,
"group": "adm",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": null,
"mode": 488,
"original_basename": null,
"owner": null,
"path": "/etc/ferm/ferm.d",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "directory",
"unsafe_writes": null,
"validate": null
},
"module_name": "file"
},
"item": "/etc/ferm/ferm.d",
"mode": "0750",
"owner": "root",
"path": "/etc/ferm/ferm.d",
"size": 4096,
"state": "directory",
"uid": 0
}
2017-02-28 17:28:00,043 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:00,396 p=23611 u=build | ok: [<redacted host>] => (item=/etc/ferm/filter-input.d) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ferm/filter-input.d"
},
"before": {
"path": "/etc/ferm/filter-input.d"
}
},
"gid": 4,
"group": "adm",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": null,
"mode": 488,
"original_basename": null,
"owner": null,
"path": "/etc/ferm/filter-input.d",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "directory",
"unsafe_writes": null,
"validate": null
},
"module_name": "file"
},
"item": "/etc/ferm/filter-input.d",
"mode": "0750",
"owner": "root",
"path": "/etc/ferm/filter-input.d",
"size": 4096,
"state": "directory",
"uid": 0
}
2017-02-28 17:28:00,399 p=23611 u=build | TASK [ferm : ensure firewall is configured] ************************************
2017-02-28 17:28:00,399 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:28
2017-02-28 17:28:00,529 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:00,839 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:01,268 p=23611 u=build | ok: [<redacted host>] => (item=etc/default/ferm) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/default/ferm"
},
"before": {
"path": "/etc/default/ferm"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/default/ferm",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": null,
"original_basename": "ferm.j2",
"owner": null,
"path": "/etc/default/ferm",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"item": "etc/default/ferm",
"mode": "0644",
"owner": "root",
"path": "/etc/default/ferm",
"size": 113,
"state": "file",
"uid": 0
}
2017-02-28 17:28:01,378 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:02,046 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:02,683 p=23611 u=build | ok: [<redacted host>] => (item=etc/ferm/ferm.conf) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ferm/ferm.conf"
},
"before": {
"path": "/etc/ferm/ferm.conf"
}
},
"gid": 4,
"group": "adm",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/ferm/ferm.conf",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": null,
"original_basename": "ferm.conf.j2",
"owner": null,
"path": "/etc/ferm/ferm.conf",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"item": "etc/ferm/ferm.conf",
"mode": "0644",
"owner": "root",
"path": "/etc/ferm/ferm.conf",
"size": 1154,
"state": "file",
"uid": 0
}
2017-02-28 17:28:02,687 p=23611 u=build | TASK [ferm : ensure iptables INPUT rules are removed] **************************
2017-02-28 17:28:02,688 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:38
2017-02-28 17:28:02,721 p=23611 u=build | skipping: [<redacted host>] => (item={u'dport': [u'http', u'https'], u'type': u'dport_accept', u'filename': u'nginx_accept'}) => {
"changed": false,
"item": {
"dport": [
"http",
"https"
],
"filename": "nginx_accept",
"type": "dport_accept"
},
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:02,729 p=23611 u=build | skipping: [<redacted host>] => (item={u'dport': [u'ssh'], u'type': u'dport_accept', u'saddr': [u'80.187.119.6']}) => {
"changed": false,
"item": {
"dport": [
"ssh"
],
"saddr": [
"80.187.119.6"
],
"type": "dport_accept"
},
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:02,739 p=23611 u=build | skipping: [<redacted host>] => (item={u'dport': [u'ssh'], u'seconds': 300, u'hits': 20, u'type': u'dport_limit'}) => {
"changed": false,
"item": {
"dport": [
"ssh"
],
"hits": 20,
"seconds": 300,
"type": "dport_limit"
},
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:02,742 p=23611 u=build | TASK [ferm : ensure iptables INPUT rules are added] ****************************
2017-02-28 17:28:02,742 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:52
2017-02-28 17:28:03,034 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:03,340 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:03,789 p=23611 u=build | ok: [<redacted host>] => (item={u'dport': [u'http', u'https'], u'type': u'dport_accept', u'filename': u'nginx_accept'}) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ferm/filter-input.d/50_dport_accept_http.conf"
},
"before": {
"path": "/etc/ferm/filter-input.d/50_dport_accept_http.conf"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/ferm/filter-input.d/50_dport_accept_http.conf",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": null,
"original_basename": "dport_accept.conf.j2",
"owner": null,
"path": "/etc/ferm/filter-input.d/50_dport_accept_http.conf",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"item": {
"dport": [
"http",
"https"
],
"filename": "nginx_accept",
"type": "dport_accept"
},
"mode": "0644",
"owner": "root",
"path": "/etc/ferm/filter-input.d/50_dport_accept_http.conf",
"size": 119,
"state": "file",
"uid": 0
}
2017-02-28 17:28:03,919 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:05,134 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/copy.py
2017-02-28 17:28:05,541 p=23611 u=build | changed: [<redacted host>] => (item={u'dport': [u'ssh'], u'type': u'dport_accept', u'saddr': [u'80.187.119.6']}) => {
"changed": true,
"checksum": "f6cac85fdeaddc787b4013ac0c2a869b53babdfb",
"dest": "/etc/ferm/filter-input.d/50_dport_accept_ssh.conf",
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": false,
"content": null,
"delimiter": null,
"dest": "/etc/ferm/filter-input.d/50_dport_accept_ssh.conf",
"directory_mode": null,
"follow": true,
"force": true,
"group": null,
"mode": null,
"original_basename": "dport_accept.conf.j2",
"owner": null,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": "/home/admin/.ansible/tmp/ansible-tmp-1488299283.81-244798241173966/source",
"unsafe_writes": null,
"validate": null
}
},
"item": {
"dport": [
"ssh"
],
"saddr": [
"80.187.119.6"
],
"type": "dport_accept"
},
"md5sum": "faf1b75a8b9489b7fd25a58878b9d680",
"mode": "0644",
"owner": "root",
"size": 133,
"src": "/home/admin/.ansible/tmp/ansible-tmp-1488299283.81-244798241173966/source",
"state": "file",
"uid": 0
}
2017-02-28 17:28:05,663 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:05,975 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:06,424 p=23611 u=build | ok: [<redacted host>] => (item={u'dport': [u'ssh'], u'seconds': 300, u'hits': 20, u'type': u'dport_limit'}) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ferm/filter-input.d/50_dport_limit_ssh.conf"
},
"before": {
"path": "/etc/ferm/filter-input.d/50_dport_limit_ssh.conf"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/ferm/filter-input.d/50_dport_limit_ssh.conf",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": null,
"original_basename": "dport_limit.conf.j2",
"owner": null,
"path": "/etc/ferm/filter-input.d/50_dport_limit_ssh.conf",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"item": {
"dport": [
"ssh"
],
"hits": 20,
"seconds": 300,
"type": "dport_limit"
},
"mode": "0644",
"owner": "root",
"path": "/etc/ferm/filter-input.d/50_dport_limit_ssh.conf",
"size": 473,
"state": "file",
"uid": 0
}
2017-02-28 17:28:06,426 p=23611 u=build | TASK [ferm : ensure iptables rules are enabled] ********************************
2017-02-28 17:28:06,427 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:66
2017-02-28 17:28:06,447 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/commands/command.py
2017-02-28 17:28:06,836 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"cmd": [
"ferm",
"--slow",
"/etc/ferm/ferm.conf"
],
"delta": "0:00:00.087151",
"end": "2017-02-28 16:28:06.809821",
"invocation": {
"module_args": {
"_raw_params": "ferm --slow /etc/ferm/ferm.conf",
"_uses_shell": false,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"warn": true
},
"module_name": "command"
},
"rc": 0,
"start": "2017-02-28 16:28:06.722670",
"stderr": "",
"stdout": "",
"stdout_lines": [],
"warnings": []
}
2017-02-28 17:28:06,838 p=23611 u=build | TASK [ferm : ensure iptables rules are disabled] *******************************
2017-02-28 17:28:06,839 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/ferm/tasks/main.yml:71
2017-02-28 17:28:06,862 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:06,865 p=23611 u=build | TASK [ntp : Include OS-specific variables.] ************************************
2017-02-28 17:28:06,865 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:2
2017-02-28 17:28:06,898 p=23611 u=build | ok: [<redacted host>] => {
"ansible_facts": {
"ntp_daemon": "ntp"
},
"changed": false,
"invocation": {
"module_args": {
"_raw_params": "Debian.yml"
},
"module_name": "include_vars"
}
}
2017-02-28 17:28:06,900 p=23611 u=build | TASK [ntp : Set the correct timezone.] *****************************************
2017-02-28 17:28:06,901 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:5
2017-02-28 17:28:06,922 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:07,247 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"dest": "/etc/localtime",
"diff": {
"after": {
"path": "/etc/localtime"
},
"before": {
"path": "/etc/localtime"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/localtime",
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": true,
"group": null,
"mode": null,
"original_basename": null,
"owner": null,
"path": "/etc/localtime",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": "/usr/share/zoneinfo/Etc/UTC",
"state": "link",
"unsafe_writes": null,
"validate": null
},
"module_name": "file"
},
"mode": "0777",
"owner": "root",
"size": 27,
"src": "/usr/share/zoneinfo/Etc/UTC",
"state": "link",
"uid": 0
}
2017-02-28 17:28:07,250 p=23611 u=build | TASK [ntp : Set timezone in /etc/timezone file.] *******************************
2017-02-28 17:28:07,250 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:13
2017-02-28 17:28:07,373 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:07,679 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:08,120 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"diff": {
"after": {
"path": "/etc/timezone"
},
"before": {
"path": "/etc/timezone"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/timezone",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": true,
"group": null,
"mode": null,
"original_basename": "timezone.j2",
"owner": null,
"path": "/etc/timezone",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"mode": "0644",
"owner": "root",
"path": "/etc/timezone",
"size": 8,
"state": "file",
"uid": 0
}
2017-02-28 17:28:08,122 p=23611 u=build | TASK [ntp : Install NTP (RedHat).] *********************************************
2017-02-28 17:28:08,123 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:20
2017-02-28 17:28:08,146 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:08,148 p=23611 u=build | TASK [ntp : Install NTP (Debian).] *********************************************
2017-02-28 17:28:08,148 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:24
2017-02-28 17:28:08,171 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/packaging/os/apt.py
2017-02-28 17:28:08,893 p=23611 u=build | ok: [<redacted host>] => {
"cache_update_time": 1488298344,
"cache_updated": false,
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 0,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": null,
"name": "ntp",
"only_upgrade": false,
"package": [
"ntp"
],
"purge": false,
"state": "present",
"update_cache": false,
"upgrade": null
},
"module_name": "apt"
}
}
2017-02-28 17:28:08,896 p=23611 u=build | TASK [ntp : Install NTP (FreeBSD).] ********************************************
2017-02-28 17:28:08,896 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:28
2017-02-28 17:28:08,917 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:08,919 p=23611 u=build | TASK [ntp : Ensure NTP is running and enabled as configured.] ******************
2017-02-28 17:28:08,920 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:32
2017-02-28 17:28:08,941 p=23611 u=build | Running systemd
2017-02-28 17:28:08,943 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/systemd.py
2017-02-28 17:28:09,304 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"enabled": true,
"invocation": {
"module_args": {
"daemon_reload": false,
"enabled": true,
"masked": null,
"name": "ntp",
"state": "started",
"user": false
}
},
"name": "ntp",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"ActiveEnterTimestampMonotonic": "767975896806",
"ActiveExitTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"ActiveExitTimestampMonotonic": "767975868127",
"ActiveState": "active",
"After": "remote-fs.target systemd-journald-dev-log.socket basic.target network-online.target sysinit.target system.slice systemd-journald.socket",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"AssertTimestampMonotonic": "767975881037",
"Before": "graphical.target shutdown.target multi-user.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CPUUsageNSec": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "yes",
"ConditionTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"ConditionTimestampMonotonic": "767975881037",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/ntp.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "LSB: Start NTP daemon",
"DevicePolicy": "auto",
"Documentation": "man:systemd-sysv-generator(8)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecStart": "{ path=/etc/init.d/ntp ; argv[]=/etc/init.d/ntp start ; ignore_errors=no ; start_time=[Tue 2017-02-28 16:14:16 UTC] ; stop_time=[Tue 2017-02-28 16:14:16 UTC] ; pid=49529 ; code=exited ; status=0 }",
"ExecStop": "{ path=/etc/init.d/ntp ; argv[]=/etc/init.d/ntp stop ; ignore_errors=no ; start_time=[Tue 2017-02-28 16:14:16 UTC] ; stop_time=[Tue 2017-02-28 16:14:16 UTC] ; pid=49518 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/run/systemd/generator.late/ntp.service",
"GuessMainPID": "no",
"IOScheduling": "0",
"Id": "ntp.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "no",
"InactiveEnterTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"InactiveEnterTimestampMonotonic": "767975880723",
"InactiveExitTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"InactiveExitTimestampMonotonic": "767975881421",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KillMode": "process",
"KillSignal": "15",
"LimitAS": "18446744073709551615",
"LimitASSoft": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCORESoft": "0",
"LimitCPU": "18446744073709551615",
"LimitCPUSoft": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitDATASoft": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitFSIZESoft": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitLOCKSSoft": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "4096",
"LimitNOFILESoft": "1024",
"LimitNPROC": "15629",
"LimitNPROCSoft": "15629",
"LimitRSS": "18446744073709551615",
"LimitRSSSoft": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "18446744073709551615",
"LimitRTTIMESoft": "18446744073709551615",
"LimitSIGPENDING": "15629",
"LimitSIGPENDINGSoft": "15629",
"LimitSTACK": "18446744073709551615",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"NFileDescriptorStore": "0",
"Names": "ntp.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "yes",
"Requires": "system.slice sysinit.target",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"SourcePath": "/etc/init.d/ntp",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StateChangeTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"StateChangeTimestampMonotonic": "767975896806",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "5min",
"TimeoutStopUSec": "5min",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "enabled",
"UnitFileState": "bad",
"UtmpMode": "init",
"WantedBy": "multi-user.target graphical.target",
"Wants": "network-online.target",
"WatchdogTimestamp": "Tue 2017-02-28 16:14:16 UTC",
"WatchdogTimestampMonotonic": "767975896791",
"WatchdogUSec": "0"
},
"warnings": []
}
2017-02-28 17:28:09,308 p=23611 u=build | TASK [ntp : Ensure NTP is stopped and disabled as configured.] *****************
2017-02-28 17:28:09,308 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:39
2017-02-28 17:28:09,332 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:09,335 p=23611 u=build | TASK [ntp : Generate ntp.conf file] ********************************************
2017-02-28 17:28:09,335 p=23611 u=build | task path: <redacted project folder path>/trellis/vendor/roles/ntp/tasks/main.yml:46
2017-02-28 17:28:09,459 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:09,823 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:10,222 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ntp.conf"
},
"before": {
"path": "/etc/ntp.conf"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/ntp.conf",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": null,
"original_basename": "ntp.conf.j2",
"owner": null,
"path": "/etc/ntp.conf",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"mode": "0644",
"owner": "root",
"path": "/etc/ntp.conf",
"size": 2354,
"state": "file",
"uid": 0
}
2017-02-28 17:28:10,224 p=23611 u=build | TASK [users : Ensure requested groups are present] *****************************
2017-02-28 17:28:10,225 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:2
2017-02-28 17:28:10,237 p=23611 u=build | File lookup using /home/build/.ssh/web_id_ed25519.pub as file
2017-02-28 17:28:10,239 p=23611 u=build | File lookup using /home/build/.ssh/admin_id_ed25519.pub as file
2017-02-28 17:28:10,312 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/group.py
2017-02-28 17:28:10,822 p=23611 u=build | ok: [<redacted host>] => (item=www-data) => {
"changed": false,
"gid": 33,
"invocation": {
"module_args": {
"gid": null,
"name": "www-data",
"state": "present",
"system": false
},
"module_name": "group"
},
"item": "www-data",
"name": "www-data",
"state": "present",
"system": false
}
2017-02-28 17:28:10,827 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/group.py
2017-02-28 17:28:11,144 p=23611 u=build | ok: [<redacted host>] => (item=sudo) => {
"changed": false,
"gid": 27,
"invocation": {
"module_args": {
"gid": null,
"name": "sudo",
"state": "present",
"system": false
},
"module_name": "group"
},
"item": "sudo",
"name": "sudo",
"state": "present",
"system": false
}
2017-02-28 17:28:11,147 p=23611 u=build | TASK [users : Ensure sudo group has sudo privileges] ***************************
2017-02-28 17:28:11,148 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:8
2017-02-28 17:28:11,168 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/lineinfile.py
2017-02-28 17:28:11,462 p=23611 u=build | ok: [<redacted host>] => {
"backup": "",
"changed": false,
"diff": [
{
"after": "",
"after_header": "/etc/sudoers (content)",
"before": "",
"before_header": "/etc/sudoers (content)"
},
{
"after_header": "/etc/sudoers (file attributes)",
"before_header": "/etc/sudoers (file attributes)"
}
],
"invocation": {
"module_args": {
"backrefs": false,
"backup": false,
"content": null,
"create": false,
"delimiter": null,
"dest": "/etc/sudoers",
"directory_mode": null,
"follow": false,
"force": null,
"group": null,
"insertafter": null,
"insertbefore": null,
"line": "%sudo ALL=(ALL:ALL) ALL",
"mode": null,
"owner": null,
"regexp": "^%sudo",
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "present",
"unsafe_writes": null,
"validate": "/usr/sbin/visudo -cf %s"
},
"module_name": "lineinfile"
},
"msg": ""
}
2017-02-28 17:28:11,464 p=23611 u=build | TASK [users : Fail if root login will be disabled but admin_user will not be a sudoer] ***
2017-02-28 17:28:11,465 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:16
2017-02-28 17:28:11,484 p=23611 u=build | File lookup using /home/build/.ssh/web_id_ed25519.pub as file
2017-02-28 17:28:11,487 p=23611 u=build | File lookup using /home/build/.ssh/admin_id_ed25519.pub as file
2017-02-28 17:28:11,503 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"invocation": {
"module_args": {
"msg": "When `sshd_permit_root_login: false`, you must add `sudo` to the `groups` for admin_user (in `users` hash), and set a password for admin_user in `vault_users` (in `group_vars/production/vault.yml`). Otherwise Ansible could lose the ability to run the necessary sudo commands. More info:\n> https://roots.io/trellis/docs/security/#admin-user-sudoer-password\n",
"that": [
true,
true
]
},
"module_name": "assert"
},
"msg": "All assertions passed"
}
2017-02-28 17:28:11,506 p=23611 u=build | TASK [users : Setup users] *****************************************************
2017-02-28 17:28:11,506 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:31
2017-02-28 17:28:11,517 p=23611 u=build | File lookup using /home/build/.ssh/web_id_ed25519.pub as file
2017-02-28 17:28:11,520 p=23611 u=build | File lookup using /home/build/.ssh/admin_id_ed25519.pub as file
2017-02-28 17:28:11,652 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/user.py
2017-02-28 17:28:12,020 p=23611 u=build | ok: [<redacted host>] => (item={u'keys': [u'<redacted host-fingerprint 2>'], u'name': u'web', u'groups': [u'www-data']}) => {
"append": false,
"changed": false,
"comment": ",,,",
"group": 33,
"groups": "www-data",
"home": "/home/web",
"invocation": {
"module_args": {
"append": false,
"comment": null,
"createhome": true,
"expires": null,
"force": false,
"generate_ssh_key": null,
"group": "www-data",
"groups": "www-data",
"home": null,
"login_class": null,
"move_home": false,
"name": "web",
"non_unique": false,
"password": "",
"remove": false,
"seuser": null,
"shell": "/bin/bash",
"skeleton": null,
"ssh_key_bits": 0,
"ssh_key_comment": "ansible-generated on localhost.localdomain",
"ssh_key_file": null,
"ssh_key_passphrase": null,
"ssh_key_type": "rsa",
"state": "present",
"system": false,
"uid": null,
"update_password": "always"
},
"module_name": "user"
},
"item": {
"groups": [
"www-data"
],
"keys": [
"<redacted host-fingerprint 2>"
],
"name": "web"
},
"move_home": false,
"name": "web",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1001
}
2017-02-28 17:28:12,033 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/user.py
2017-02-28 17:28:12,356 p=23611 u=build | ok: [<redacted host>] => (item={u'keys': [u'<redacted host-fingerprint>'], u'name': u'admin', u'groups': [u'sudo']}) => {
"append": false,
"changed": false,
"comment": ",,,",
"group": 27,
"groups": "sudo",
"home": "/home/admin",
"invocation": {
"module_args": {
"append": false,
"comment": null,
"createhome": true,
"expires": null,
"force": false,
"generate_ssh_key": null,
"group": "sudo",
"groups": "sudo",
"home": null,
"login_class": null,
"move_home": false,
"name": "admin",
"non_unique": false,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"remove": false,
"seuser": null,
"shell": "/bin/bash",
"skeleton": null,
"ssh_key_bits": 0,
"ssh_key_comment": "ansible-generated on localhost.localdomain",
"ssh_key_file": null,
"ssh_key_passphrase": null,
"ssh_key_type": "rsa",
"state": "present",
"system": false,
"uid": null,
"update_password": "always"
},
"module_name": "user"
},
"item": {
"groups": [
"sudo"
],
"keys": [
"<redacted host-fingerprint>"
],
"name": "admin"
},
"move_home": false,
"name": "admin",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1000
}
2017-02-28 17:28:12,360 p=23611 u=build | TASK [users : Add web user sudoers items for services] *************************
2017-02-28 17:28:12,361 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:42
2017-02-28 17:28:12,484 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:12,805 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:13,196 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"diff": {
"after": {
"path": "/etc/sudoers.d/web-services"
},
"before": {
"path": "/etc/sudoers.d/web-services"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/sudoers.d/web-services",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": "root",
"mode": 288,
"original_basename": "sudoers.d.j2",
"owner": "root",
"path": "/etc/sudoers.d/web-services",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": "/usr/sbin/visudo -cf %s"
}
},
"mode": "0440",
"owner": "root",
"path": "/etc/sudoers.d/web-services",
"size": 75,
"state": "file",
"uid": 0
}
2017-02-28 17:28:13,199 p=23611 u=build | TASK [users : Add SSH keys] ****************************************************
2017-02-28 17:28:13,199 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:52
2017-02-28 17:28:13,213 p=23611 u=build | File lookup using /home/build/.ssh/web_id_ed25519.pub as file
2017-02-28 17:28:13,216 p=23611 u=build | File lookup using /home/build/.ssh/admin_id_ed25519.pub as file
2017-02-28 17:28:13,320 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/authorized_key.py
2017-02-28 17:28:13,719 p=23611 u=build | ok: [<redacted host>] => (item=({u'name': u'web', u'groups': [u'www-data']}, u'<redacted host-fingerprint 2>')) => {
"changed": false,
"exclusive": false,
"invocation": {
"module_args": {
"exclusive": false,
"key": "<redacted host-fingerprint 2>",
"key_options": null,
"keyfile": "/home/web/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "web",
"validate_certs": true
},
"module_name": "authorized_key"
},
"item": [
{
"groups": [
"www-data"
],
"name": "web"
},
"<redacted host-fingerprint 2>"
],
"key": "<redacted host-fingerprint 2>",
"key_options": null,
"keyfile": "/home/web/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "web",
"validate_certs": true
}
2017-02-28 17:28:13,722 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/authorized_key.py
2017-02-28 17:28:14,044 p=23611 u=build | ok: [<redacted host>] => (item=({u'name': u'admin', u'groups': [u'sudo']}, u'<redacted host-fingerprint>')) => {
"changed": false,
"exclusive": false,
"invocation": {
"module_args": {
"exclusive": false,
"key": "<redacted host-fingerprint>",
"key_options": null,
"keyfile": "/home/admin/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "admin",
"validate_certs": true
},
"module_name": "authorized_key"
},
"item": [
{
"groups": [
"sudo"
],
"name": "admin"
},
"<redacted host-fingerprint>"
],
"key": "<redacted host-fingerprint>",
"key_options": null,
"keyfile": "/home/admin/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "admin",
"validate_certs": true
}
2017-02-28 17:28:14,047 p=23611 u=build | TASK [users : Check whether Ansible can connect as admin_user] *****************
2017-02-28 17:28:14,048 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/main.yml:60
2017-02-28 17:28:14,068 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:14,071 p=23611 u=build | TASK [users : Fail if root login will be disabled but admin_user cannot connect] ***
2017-02-28 17:28:14,072 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/connection-warnings.yml:2
2017-02-28 17:28:14,092 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:14,096 p=23611 u=build | TASK [users : Confirm that a non-root user can connect] ************************
2017-02-28 17:28:14,096 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/connection-warnings.yml:8
2017-02-28 17:28:14,118 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:14,121 p=23611 u=build | TASK [users : Confirm disabling of SSH password authentication] ****************
2017-02-28 17:28:14,121 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/users/tasks/connection-warnings.yml:22
2017-02-28 17:28:14,142 p=23611 u=build | skipping: [<redacted host>] => {
"changed": false,
"skip_reason": "Conditional check failed",
"skipped": true
}
2017-02-28 17:28:14,145 p=23611 u=build | TASK [sshd : Ensure latest SSH server and client are installed] ****************
2017-02-28 17:28:14,145 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/sshd/tasks/main.yml:2
2017-02-28 17:28:14,170 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/packaging/os/apt.py
2017-02-28 17:28:14,814 p=23611 u=build | ok: [<redacted host>] => (item=[u'openssh-server', u'openssh-client']) => {
"cache_update_time": 1488298344,
"cache_updated": false,
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 3600,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": null,
"name": [
"openssh-server",
"openssh-client"
],
"only_upgrade": false,
"package": [
"openssh-server",
"openssh-client"
],
"purge": false,
"state": "latest",
"update_cache": true,
"upgrade": null
},
"module_name": "apt"
},
"item": [
"openssh-server",
"openssh-client"
]
}
2017-02-28 17:28:14,816 p=23611 u=build | TASK [sshd : Create a secure sshd_config] **************************************
2017-02-28 17:28:14,817 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/sshd/tasks/main.yml:13
2017-02-28 17:28:14,957 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:15,277 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:15,663 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ssh/sshd_config"
},
"before": {
"path": "/etc/ssh/sshd_config"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/ssh/sshd_config",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": 384,
"original_basename": "sshd_config.j2",
"owner": null,
"path": "/etc/ssh/sshd_config",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": "/usr/sbin/sshd -T -f %s"
}
},
"mode": "0600",
"owner": "root",
"path": "/etc/ssh/sshd_config",
"size": 814,
"state": "file",
"uid": 0
}
2017-02-28 17:28:15,666 p=23611 u=build | TASK [sshd : Create a secure ssh_config] ***************************************
2017-02-28 17:28:15,667 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/sshd/tasks/main.yml:21
2017-02-28 17:28:15,794 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/stat.py
2017-02-28 17:28:16,078 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/file.py
2017-02-28 17:28:16,448 p=23611 u=build | ok: [<redacted host>] => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ssh/ssh_config"
},
"before": {
"path": "/etc/ssh/ssh_config"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/etc/ssh/ssh_config",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": null,
"mode": 420,
"original_basename": "ssh_config.j2",
"owner": null,
"path": "/etc/ssh/ssh_config",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"mode": "0644",
"owner": "root",
"path": "/etc/ssh/ssh_config",
"size": 766,
"state": "file",
"uid": 0
}
2017-02-28 17:28:16,450 p=23611 u=build | TASK [sshd : Remove Diffie-Hellman moduli of size < 2000] **********************
2017-02-28 17:28:16,451 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/sshd/tasks/main.yml:27
2017-02-28 17:28:16,473 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/files/lineinfile.py
2017-02-28 17:28:16,764 p=23611 u=build | ok: [<redacted host>] => {
"backup": "",
"changed": false,
"diff": [
{
"after": "",
"after_header": "/etc/ssh/moduli (content)",
"before": "",
"before_header": "/etc/ssh/moduli (content)"
},
{
"after_header": "/etc/ssh/moduli (file attributes)",
"before_header": "/etc/ssh/moduli (file attributes)"
}
],
"found": 0,
"invocation": {
"module_args": {
"backrefs": false,
"backup": true,
"content": null,
"create": false,
"delimiter": null,
"dest": "/etc/ssh/moduli",
"directory_mode": null,
"follow": false,
"force": null,
"group": null,
"insertafter": null,
"insertbefore": null,
"line": null,
"mode": null,
"owner": null,
"regexp": "^(\\d+\\s){4}1",
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "absent",
"unsafe_writes": null,
"validate": null
},
"module_name": "lineinfile"
},
"msg": ""
}
2017-02-28 17:28:16,767 p=23611 u=build | TASK [mariadb : Install MySQL client] ******************************************
2017-02-28 17:28:16,768 p=23611 u=build | task path: <redacted project folder path>/trellis/roles/mariadb/tasks/main.yml:2
2017-02-28 17:28:16,789 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/packaging/os/apt.py
2017-02-28 17:28:17,923 p=23611 u=build | System info:
Ansible 2.2.1.0; Linux
Trellis at "Allow for per-project packagist.com authentication"
2017-02-28 17:28:17,924 p=23611 u=build | ---------------------------------------------------
2017-02-28 17:28:17,924 p=23611 u=build | '/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options
::=--force-confold" install 'mariadb-client'' failed: E: Unable to
correct problems, you have held broken packages.
E: Unable to correct problems, you have held broken packages.
2017-02-28 17:28:17,925 p=23611 u=build | fatal: [<redacted host>]: FAILED! => {
"cache_update_time": 1488298344,
"cache_updated": false,
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 3600,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": null,
"name": "mariadb-client",
"only_upgrade": false,
"package": [
"mariadb-client"
],
"purge": false,
"state": "present",
"update_cache": true,
"upgrade": null
},
"module_name": "apt"
},
"stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nSome packages could not be installed. This may mean that you have\nrequested an impossible situation or if you are using the unstable\ndistribution that some required packages have not yet been created\nor been moved out of Incoming.\nThe following information may help to resolve the situation:\n\nThe following packages have unmet dependencies:\n mariadb-client : Depends: mariadb-client-10.0 (>= 10.0.29-0ubuntu0.16.04.1) but it is not going to be installed\n",
"stdout_lines": [
"Reading package lists...",
"Building dependency tree...",
"Reading state information...",
"Some packages could not be installed. This may mean that you have",
"requested an impossible situation or if you are using the unstable",
"distribution that some required packages have not yet been created",
"or been moved out of Incoming.",
"The following information may help to resolve the situation:",
"",
"The following packages have unmet dependencies:",
" mariadb-client : Depends: mariadb-client-10.0 (>= 10.0.29-0ubuntu0.16.04.1) but it is not going to be installed"
]
}
2017-02-28 17:28:17,926 p=23611 u=build | RUNNING HANDLER [fail2ban : restart fail2ban] **********************************
2017-02-28 17:28:17,951 p=23611 u=build | Running systemd
2017-02-28 17:28:17,953 p=23611 u=build | Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/systemd.py
2017-02-28 17:28:20,375 p=23611 u=build | changed: [<redacted host>] => {
"changed": true,
"invocation": {
"module_args": {
"daemon_reload": false,
"enabled": null,
"masked": null,
"name": "fail2ban",
"state": "restarted",
"user": false
}
},
"name": "fail2ban",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"ActiveEnterTimestampMonotonic": "767973991837",
"ActiveExitTimestamp": "Tue 2017-02-28 16:14:13 UTC",
"ActiveExitTimestampMonotonic": "767972764653",
"ActiveState": "active",
"After": "system.slice iptables.service network.target systemd-journald.socket firewalld.service basic.target sysinit.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"AssertTimestampMonotonic": "767973613538",
"Before": "shutdown.target multi-user.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CPUUsageNSec": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "yes",
"ConditionTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"ConditionTimestampMonotonic": "767973613538",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/fail2ban.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "Fail2Ban Service",
"DevicePolicy": "auto",
"Documentation": "man:fail2ban(1)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "49433",
"ExecMainStartTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"ExecMainStartTimestampMonotonic": "767973991827",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/bin/fail2ban-client ; argv[]=/usr/bin/fail2ban-client reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/bin/fail2ban-client ; argv[]=/usr/bin/fail2ban-client -x start ; ignore_errors=no ; start_time=[Tue 2017-02-28 16:14:14 UTC] ; stop_time=[Tue 2017-02-28 16:14:14 UTC] ; pid=49429 ; code=exited ; status=0 }",
"ExecStop": "{ path=/usr/bin/fail2ban-client ; argv[]=/usr/bin/fail2ban-client stop ; ignore_errors=no ; start_time=[Tue 2017-02-28 16:14:13 UTC] ; stop_time=[Tue 2017-02-28 16:14:14 UTC] ; pid=49414 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/lib/systemd/system/fail2ban.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "fail2ban.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"InactiveEnterTimestampMonotonic": "767973612248",
"InactiveExitTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"InactiveExitTimestampMonotonic": "767973628110",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "18446744073709551615",
"LimitASSoft": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCORESoft": "0",
"LimitCPU": "18446744073709551615",
"LimitCPUSoft": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitDATASoft": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitFSIZESoft": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitLOCKSSoft": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "4096",
"LimitNOFILESoft": "1024",
"LimitNPROC": "15629",
"LimitNPROCSoft": "15629",
"LimitRSS": "18446744073709551615",
"LimitRSSSoft": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "18446744073709551615",
"LimitRTTIMESoft": "18446744073709551615",
"LimitSIGPENDING": "15629",
"LimitSIGPENDINGSoft": "15629",
"LimitSTACK": "18446744073709551615",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"MainPID": "49433",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"NFileDescriptorStore": "0",
"Names": "fail2ban.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/var/run/fail2ban/fail2ban.pid",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "system.slice sysinit.target",
"Restart": "always",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StateChangeTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"StateChangeTimestampMonotonic": "767973991837",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UMask": "0022",
"UnitFilePreset": "enabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestamp": "Tue 2017-02-28 16:14:14 UTC",
"WatchdogTimestampMonotonic": "767973991836",
"WatchdogUSec": "0"
},
"warnings": []
}
2017-02-28 17:28:20,379 p=23611 u=build | to retry, use: --limit @<redacted project folder path>/trellis/server.retry
2017-02-28 17:28:20,379 p=23611 u=build | PLAY RECAP *********************************************************************
2017-02-28 17:28:20,380 p=23611 u=build | <redacted host> : ok=41 changed=3 unreachable=0 failed=1
2017-02-28 17:28:20,380 p=23611 u=build | localhost : ok=0 changed=0 unreachable=0 failed=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment