Anyone have any ideas?????
On Monday, August 12, 2019 at 7:40:28 AM UTC-4, harry devine wrote:
>
> We have a playbook that runs every night that will do a "yum update" on
> all of our servers, then performs an "aide --update" to keep AIDE up to
> date. Whenever a difference is found, Ansible flags it as a fatal error.
> The msg is "non zero return code" and the rc value is 7.
>
> Here'a sample of the output:
>
> AIDE 0.15.1 found differences between database and filesystem!! Start
> timestamp: 2019-08-12 02:39:23 Summary: Total number of files: 188094 Added
> files: 137 Removed files: 4 Changed files: 16
> --------------------------------------------------- Added files:
> --------------------------------------------------- added:
> /bin/insights-client added: /bin/insights-client-run added:
> /bin/redhat-access-insights added: /bin/sha1hmac added: /bin/sha256hmac
> added: /bin/sha384hmac added: /bin/sha512hmac added:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img.bak added:
> /etc/cron.daily/aide.check added: /etc/insights-client added:
> /etc/insights-client/.cache.json added:
> /etc/insights-client/.cache.json.asc added: /etc/insights-client/.exp.sed
> added: /etc/insights-client/.fallback.json added:
> /etc/insights-client/.fallback.json.asc added:
> /etc/insights-client/.insights-core-gpg-sig.etag added:
> /etc/insights-client/.insights-core.etag added:
> /etc/insights-client/.last-upload.results added:
> /etc/insights-client/.lastupload added: /etc/insights-client/.registered
> added: /etc/insights-client/cert-api.access.redhat.com.pem added:
> /etc/insights-client/insights-client.conf added:
> /etc/insights-client/machine-id added:
> /etc/insights-client/redhattools.pub.gpg added:
> /etc/insights-client/rpm.egg added: /etc/insights-client/rpm.egg.asc added:
> /etc/pki/entitlement/7834364010455541223-key.pem added:
> /etc/pki/entitlement/7834364010455541223.pem added:
> /etc/redhat-access-insights added: /etc/redhat-access-insights/.lastupload
> added: /etc/redhat-access-insights/.registered added:
> /etc/redhat-access-insights/machine-id added:
> /etc/redhat-access-insights/redhat-access-insights.conf added:
> /etc/redhat-access-insights/redhat-access-insights.cron added:
> /etc/sysctl.d/99-tcpsack.conf added: /etc/system-fips added:
> /etc/systemd/system/multi-user.target.wants/insights-client.timer added:
> /lib/dracut/dracut.conf.d/40-fips.conf added: /lib/dracut/modules.d/01fips
> added: /lib/dracut/modules.d/01fips/fips-boot.sh added:
> /lib/dracut/modules.d/01fips/fips-noboot.sh added:
> /lib/dracut/modules.d/01fips/fips.sh added:
> /lib/dracut/modules.d/01fips/module-setup.sh added:
> /lib/python2.7/site-packages/insights_client added:
> /lib/python2.7/site-packages/insights_client/__init__.py added:
> /lib/python2.7/site-packages/insights_client/__init__.pyc added:
> /lib/python2.7/site-packages/insights_client/__init__.pyo added:
> /lib/python2.7/site-packages/insights_client/constants.py added:
> /lib/python2.7/site-packages/insights_client/constants.pyc added:
> /lib/python2.7/site-packages/insights_client/constants.pyo added:
> /lib/python2.7/site-packages/insights_client/major_version.py added:
> /lib/python2.7/site-packages/insights_client/major_version.pyc added:
> /lib/python2.7/site-packages/insights_client/major_version.pyo added:
> /lib/python2.7/site-packages/insights_client/run.py added:
> /lib/python2.7/site-packages/insights_client/run.pyc added:
> /lib/python2.7/site-packages/insights_client/run.pyo added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt
>
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt
>
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt
>
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt
>
> added: /lib/systemd/system/insights-client.service added:
> /lib/systemd/system/insights-client.timer added: /lib64/hmaccalc added:
> /lib64/hmaccalc/sha1hmac.hmac added: /lib64/hmaccalc/sha256hmac.hmac added:
> /lib64/hmaccalc/sha384hmac.hmac added: /lib64/hmaccalc/sha512hmac.hmac
> added: /root/.ansible added: /root/.ansible/tmp added:
> /root/.cache/imsettings/log.bak added: /root/.gnupg/trustdb.gpg added:
> /root/.local/share/gvfs-metadata/root added:
> /root/.local/share/gvfs-metadata/root-bf61d634.log added:
> /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-6ebc08c3.log
>
> added: /root/.local/share/keyrings added:
> /root/.local/share/keyrings/login.keyring added:
> /root/.local/share/keyrings/user.keystore added: /root/.ssh/known_hosts
> added: /root/fips_part1.sh added: /root/fips_part2.sh added: /root/temp
> added: /root/temp/gpg.conf added: /root/temp/pubring.gpg added:
> /root/temp/secring.gpg added: /root/temp/trustdb.gpg added:
> /usr/bin/insights-client added: /usr/bin/insights-client-run added:
> /usr/bin/redhat-access-insights added: /usr/bin/sha1hmac added:
> /usr/bin/sha256hmac added: /usr/bin/sha384hmac added: /usr/bin/sha512hmac
> added: /usr/lib/dracut/dracut.conf.d/40-fips.conf added:
> /usr/lib/dracut/modules.d/01fips added:
> /usr/lib/dracut/modules.d/01fips/fips-boot.sh added:
> /usr/lib/dracut/modules.d/01fips/fips-noboot.sh added:
> /usr/lib/dracut/modules.d/01fips/fips.sh added:
> /usr/lib/dracut/modules.d/01fips/module-setup.sh added:
> /usr/lib/python2.7/site-packages/insights_client added:
> /usr/lib/python2.7/site-packages/insights_client/__init__.py added:
> /usr/lib/python2.7/site-packages/insights_client/__init__.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/__init__.pyo added:
> /usr/lib/python2.7/site-packages/insights_client/constants.py added:
> /usr/lib/python2.7/site-packages/insights_client/constants.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/constants.pyo added:
> /usr/lib/python2.7/site-packages/insights_client/major_version.py added:
> /usr/lib/python2.7/site-packages/insights_client/major_version.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/major_version.pyo added:
> /usr/lib/python2.7/site-packages/insights_client/run.py added:
> /usr/lib/python2.7/site-packages/insights_client/run.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/run.pyo added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt
>
> added: /usr/lib/systemd/system/insights-client.service added:
> /usr/lib/systemd/system/insights-client.timer added: /usr/lib64/hmaccalc
> added: /usr/lib64/hmaccalc/sha1hmac.hmac added:
> /usr/lib64/hmaccalc/sha256hmac.hmac added:
> /usr/lib64/hmaccalc/sha384hmac.hmac added:
> /usr/lib64/hmaccalc/sha512hmac.hmac added: /usr/share/doc/hmaccalc-0.9.13
> added: /usr/share/doc/hmaccalc-0.9.13/LICENSE added:
> /usr/share/doc/hmaccalc-0.9.13/README added:
> /usr/share/man/man5/insights-client.conf.5.gz added:
> /usr/share/man/man8/insights-client.8.gz added:
> /usr/share/man/man8/sha1hmac.8.gz added:
> /usr/share/man/man8/sha256hmac.8.gz added:
> /usr/share/man/man8/sha384hmac.8.gz added:
> /usr/share/man/man8/sha512hmac.8.gz
> --------------------------------------------------- Removed files:
> --------------------------------------------------- removed:
> /etc/pki/entitlement/2145996793070099965-key.pem removed:
> /etc/pki/entitlement/2145996793070099965.pem removed:
> /root/.gnupg/secring.gpg removed:
> /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-f370c3c2.log
>
> --------------------------------------------------- Changed files:
> --------------------------------------------------- changed:
> /boot/efi/EFI/redhat/grub.cfg changed:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img changed:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img changed: /etc/group
> changed: /etc/gshadow changed: /etc/passwd changed: /etc/shadow changed:
> /etc/ssh/sshd_config changed: /etc/sysconfig/network-scripts/ifcfg-em1
> changed: /etc/yum.repos.d/redhat.repo changed: /lib/dracut/modules.d
> changed: /lib/python2.7/site-packages changed: /usr/lib/dracut/modules.d
> changed: /usr/lib/python2.7/site-packages changed: /usr/lib64 changed:
> /usr/share/doc --------------------------------------------------- Detailed
> information about changes:
> --------------------------------------------------- File:
> /boot/efi/EFI/redhat/grub.cfg SHA256 : xe1Df3lqjzE9xW98fqbQYCLrJ0HsYZZ4 ,
> v5UhwoPnZH+0UOf/hn4Q671kreptd6QH File:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img SHA256 :
> FZpBgcK79j+KFxhKCd0DGbB9Ej/pvdSX , ICU/9a+jTsDD9PIfD5g6QOfxwyj20J30 SELinux
> : system_u:object_r:boot_t:s0 , unconfined_u:object_r:boot_t:s0 File:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img SHA256 :
> z4xF6KhC5h6tGCVXxgiBaueA/GFqxVa1 , CIf2TMcaOqlKTeI/Hr20MbU6G87IUURE File:
> /etc/group SHA256 : qGq+Ew69WkAPiKcIcqKu58CQLtaRmOdS ,
> sn6BqRCXHJwYe7lFwjm5mr2WuyUvQ55x File: /etc/gshadow SHA256 :
> EfiOHQk7jP1ROuSKz7PmcoZqluPPcbgj , pSSCKc1sM3wpYqh3/11SmMtGR/6gHITR File:
> /etc/passwd SHA256 : +xnEaC5BmsE1xgs8k3jVii06RKdliG03 ,
> sgwWHcGTAe1AoZi8LEfIe9yyuyKsBeO9 File: /etc/shadow SHA256 :
> m9S0G9ByZLIxSUNDDxtKY3A3gFi8U9fx , i40ldV7xMJVwi+p6gyKAGWqOsxKIFDm2 File:
> /etc/ssh/sshd_config SHA256 : LFERiUyFoz+gNGYa03lgfxq6F4jG098n ,
> Wz0X/cSHDD6/sV52wbfZuUOiwmRzHWvG File:
> /etc/sysconfig/network-scripts/ifcfg-em1 SHA256 :
> UIhQCZTs+kvvF29gLgVzZFQmJ3O1iR3z , DuZF4xhCU/Ba1IIjgHxaDZ7RdZT0byfV File:
> /etc/yum.repos.d/redhat.repo SHA256 : FkgVgM5NAhEkrAPalWhchoTmEqAOlhgG ,
> eEmfpz41JvgfDRxcjfiW4nFkVmHydmRA Directory: /lib/dracut/modules.d
> Linkcount: 66 , 67 Directory: /lib/python2.7/site-packages Linkcount: 114 ,
> 116 Directory: /usr/lib/dracut/modules.d Linkcount: 66 , 67 Directory:
> /usr/lib/python2.7/site-packages Linkcount: 114 , 116 Directory: /usr/lib64
> Linkcount: 153 , 154 Directory: /usr/share/doc Linkcount: 1148 , 1149
>
>
> Here's the playbook (it's included to a main playbook via "include_tasks":
>
> --- - name: Capture aide binary path command: "which aide" register:
> aide_path - name: Check for existing aide database stat: path:
> "/var/lib/aide/aide.db.gz" register: aide_db_check - name: Update aide
> database command: "{{ aide_path.stdout }} -u" register: aide_update - name:
> Move new aide database into place copy: remote_src: true src:
> /var/lib/aide/aide.db.new.gz dest: /var/lib/aide/aide.db.gz - name: Remove
> aide.db.new.gz file: path: /var/lib/aide/aide.db.new.gz state: absent
>
> Thanks,
> Harry
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/debd1f3b-2690-4e3e-abbe-590a3e4e235a%40googlegroups.com.
