Anyone have any ideas?????
On Monday, August 12, 2019 at 7:40:28 AM UTC-4, harry devine wrote:
>
> We have a playbook that runs every night that will do a "yum update" on
> all of our servers, then performs an "aide --update" to keep AIDE up to
> date. Whenever a difference is found, Ansible flags it as a fatal error.
> The msg is "non zero return code" and the rc value is 7.
>
> Here'a sample of the output:
>
> AIDE 0.15.1 found differences between database and filesystem!! Start
> timestamp: 2019-08-12 02:39:23 Summary: Total number of files: 188094 Added
> files: 137 Removed files: 4 Changed files: 16
> --------------------------------------------------- Added files:
> --------------------------------------------------- added:
> /bin/insights-client added: /bin/insights-client-run added:
> /bin/redhat-access-insights added: /bin/sha1hmac added: /bin/sha256hmac
> added: /bin/sha384hmac added: /bin/sha512hmac added:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img.bak added:
> /etc/cron.daily/aide.check added: /etc/insights-client added:
> /etc/insights-client/.cache.json added:
> /etc/insights-client/.cache.json.asc added: /etc/insights-client/.exp.sed
> added: /etc/insights-client/.fallback.json added:
> /etc/insights-client/.fallback.json.asc added:
> /etc/insights-client/.insights-core-gpg-sig.etag added:
> /etc/insights-client/.insights-core.etag added:
> /etc/insights-client/.last-upload.results added:
> /etc/insights-client/.lastupload added: /etc/insights-client/.registered
> added: /etc/insights-client/cert-api.access.redhat.com.pem added:
> /etc/insights-client/insights-client.conf added:
> /etc/insights-client/machine-id added:
> /etc/insights-client/redhattools.pub.gpg added:
> /etc/insights-client/rpm.egg added: /etc/insights-client/rpm.egg.asc added:
> /etc/pki/entitlement/7834364010455541223-key.pem added:
> /etc/pki/entitlement/7834364010455541223.pem added:
> /etc/redhat-access-insights added: /etc/redhat-access-insights/.lastupload
> added: /etc/redhat-access-insights/.registered added:
> /etc/redhat-access-insights/machine-id added:
> /etc/redhat-access-insights/redhat-access-insights.conf added:
> /etc/redhat-access-insights/redhat-access-insights.cron added:
> /etc/sysctl.d/99-tcpsack.conf added: /etc/system-fips added:
> /etc/systemd/system/multi-user.target.wants/insights-client.timer added:
> /lib/dracut/dracut.conf.d/40-fips.conf added: /lib/dracut/modules.d/01fips
> added: /lib/dracut/modules.d/01fips/fips-boot.sh added:
> /lib/dracut/modules.d/01fips/fips-noboot.sh added:
> /lib/dracut/modules.d/01fips/fips.sh added:
> /lib/dracut/modules.d/01fips/module-setup.sh added:
> /lib/python2.7/site-packages/insights_client added:
> /lib/python2.7/site-packages/insights_client/__init__.py added:
> /lib/python2.7/site-packages/insights_client/__init__.pyc added:
> /lib/python2.7/site-packages/insights_client/__init__.pyo added:
> /lib/python2.7/site-packages/insights_client/constants.py added:
> /lib/python2.7/site-packages/insights_client/constants.pyc added:
> /lib/python2.7/site-packages/insights_client/constants.pyo added:
> /lib/python2.7/site-packages/insights_client/major_version.py added:
> /lib/python2.7/site-packages/insights_client/major_version.pyc added:
> /lib/python2.7/site-packages/insights_client/major_version.pyo added:
> /lib/python2.7/site-packages/insights_client/run.py added:
> /lib/python2.7/site-packages/insights_client/run.pyc added:
> /lib/python2.7/site-packages/insights_client/run.pyo added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt
>
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt
>
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt
>
> added:
> /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt
>
> added: /lib/systemd/system/insights-client.service added:
> /lib/systemd/system/insights-client.timer added: /lib64/hmaccalc added:
> /lib64/hmaccalc/sha1hmac.hmac added: /lib64/hmaccalc/sha256hmac.hmac added:
> /lib64/hmaccalc/sha384hmac.hmac added: /lib64/hmaccalc/sha512hmac.hmac
> added: /root/.ansible added: /root/.ansible/tmp added:
> /root/.cache/imsettings/log.bak added: /root/.gnupg/trustdb.gpg added:
> /root/.local/share/gvfs-metadata/root added:
> /root/.local/share/gvfs-metadata/root-bf61d634.log added:
> /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-6ebc08c3.log
>
> added: /root/.local/share/keyrings added:
> /root/.local/share/keyrings/login.keyring added:
> /root/.local/share/keyrings/user.keystore added: /root/.ssh/known_hosts
> added: /root/fips_part1.sh added: /root/fips_part2.sh added: /root/temp
> added: /root/temp/gpg.conf added: /root/temp/pubring.gpg added:
> /root/temp/secring.gpg added: /root/temp/trustdb.gpg added:
> /usr/bin/insights-client added: /usr/bin/insights-client-run added:
> /usr/bin/redhat-access-insights added: /usr/bin/sha1hmac added:
> /usr/bin/sha256hmac added: /usr/bin/sha384hmac added: /usr/bin/sha512hmac
> added: /usr/lib/dracut/dracut.conf.d/40-fips.conf added:
> /usr/lib/dracut/modules.d/01fips added:
> /usr/lib/dracut/modules.d/01fips/fips-boot.sh added:
> /usr/lib/dracut/modules.d/01fips/fips-noboot.sh added:
> /usr/lib/dracut/modules.d/01fips/fips.sh added:
> /usr/lib/dracut/modules.d/01fips/module-setup.sh added:
> /usr/lib/python2.7/site-packages/insights_client added:
> /usr/lib/python2.7/site-packages/insights_client/__init__.py added:
> /usr/lib/python2.7/site-packages/insights_client/__init__.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/__init__.pyo added:
> /usr/lib/python2.7/site-packages/insights_client/constants.py added:
> /usr/lib/python2.7/site-packages/insights_client/constants.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/constants.pyo added:
> /usr/lib/python2.7/site-packages/insights_client/major_version.py added:
> /usr/lib/python2.7/site-packages/insights_client/major_version.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/major_version.pyo added:
> /usr/lib/python2.7/site-packages/insights_client/run.py added:
> /usr/lib/python2.7/site-packages/insights_client/run.pyc added:
> /usr/lib/python2.7/site-packages/insights_client/run.pyo added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt
>
> added:
> /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt
>
> added: /usr/lib/systemd/system/insights-client.service added:
> /usr/lib/systemd/system/insights-client.timer added: /usr/lib64/hmaccalc
> added: /usr/lib64/hmaccalc/sha1hmac.hmac added:
> /usr/lib64/hmaccalc/sha256hmac.hmac added:
> /usr/lib64/hmaccalc/sha384hmac.hmac added:
> /usr/lib64/hmaccalc/sha512hmac.hmac added: /usr/share/doc/hmaccalc-0.9.13
> added: /usr/share/doc/hmaccalc-0.9.13/LICENSE added:
> /usr/share/doc/hmaccalc-0.9.13/README added:
> /usr/share/man/man5/insights-client.conf.5.gz added:
> /usr/share/man/man8/insights-client.8.gz added:
> /usr/share/man/man8/sha1hmac.8.gz added:
> /usr/share/man/man8/sha256hmac.8.gz added:
> /usr/share/man/man8/sha384hmac.8.gz added:
> /usr/share/man/man8/sha512hmac.8.gz
> --------------------------------------------------- Removed files:
> --------------------------------------------------- removed:
> /etc/pki/entitlement/2145996793070099965-key.pem removed:
> /etc/pki/entitlement/2145996793070099965.pem removed:
> /root/.gnupg/secring.gpg removed:
> /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-f370c3c2.log
>
> --------------------------------------------------- Changed files:
> --------------------------------------------------- changed:
> /boot/efi/EFI/redhat/grub.cfg changed:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img changed:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img changed: /etc/group
> changed: /etc/gshadow changed: /etc/passwd changed: /etc/shadow changed:
> /etc/ssh/sshd_config changed: /etc/sysconfig/network-scripts/ifcfg-em1
> changed: /etc/yum.repos.d/redhat.repo changed: /lib/dracut/modules.d
> changed: /lib/python2.7/site-packages changed: /usr/lib/dracut/modules.d
> changed: /usr/lib/python2.7/site-packages changed: /usr/lib64 changed:
> /usr/share/doc --------------------------------------------------- Detailed
> information about changes:
> --------------------------------------------------- File:
> /boot/efi/EFI/redhat/grub.cfg SHA256 : xe1Df3lqjzE9xW98fqbQYCLrJ0HsYZZ4 ,
> v5UhwoPnZH+0UOf/hn4Q671kreptd6QH File:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img SHA256 :
> FZpBgcK79j+KFxhKCd0DGbB9Ej/pvdSX , ICU/9a+jTsDD9PIfD5g6QOfxwyj20J30 SELinux
> : system_u:object_r:boot_t:s0 , unconfined_u:object_r:boot_t:s0 File:
> /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img SHA256 :
> z4xF6KhC5h6tGCVXxgiBaueA/GFqxVa1 , CIf2TMcaOqlKTeI/Hr20MbU6G87IUURE File:
> /etc/group SHA256 : qGq+Ew69WkAPiKcIcqKu58CQLtaRmOdS ,
> sn6BqRCXHJwYe7lFwjm5mr2WuyUvQ55x File: /etc/gshadow SHA256 :
> EfiOHQk7jP1ROuSKz7PmcoZqluPPcbgj , pSSCKc1sM3wpYqh3/11SmMtGR/6gHITR File:
> /etc/passwd SHA256 : +xnEaC5BmsE1xgs8k3jVii06RKdliG03 ,
> sgwWHcGTAe1AoZi8LEfIe9yyuyKsBeO9 File: /etc/shadow SHA256 :
> m9S0G9ByZLIxSUNDDxtKY3A3gFi8U9fx , i40ldV7xMJVwi+p6gyKAGWqOsxKIFDm2 File:
> /etc/ssh/sshd_config SHA256 : LFERiUyFoz+gNGYa03lgfxq6F4jG098n ,
> Wz0X/cSHDD6/sV52wbfZuUOiwmRzHWvG File:
> /etc/sysconfig/network-scripts/ifcfg-em1 SHA256 :
> UIhQCZTs+kvvF29gLgVzZFQmJ3O1iR3z , DuZF4xhCU/Ba1IIjgHxaDZ7RdZT0byfV File:
> /etc/yum.repos.d/redhat.repo SHA256 : FkgVgM5NAhEkrAPalWhchoTmEqAOlhgG ,
> eEmfpz41JvgfDRxcjfiW4nFkVmHydmRA Directory: /lib/dracut/modules.d
> Linkcount: 66 , 67 Directory: /lib/python2.7/site-packages Linkcount: 114 ,
> 116 Directory: /usr/lib/dracut/modules.d Linkcount: 66 , 67 Directory:
> /usr/lib/python2.7/site-packages Linkcount: 114 , 116 Directory: /usr/lib64
> Linkcount: 153 , 154 Directory: /usr/share/doc Linkcount: 1148 , 1149
>
>
> Here's the playbook (it's included to a main playbook via "include_tasks":
>
> --- - name: Capture aide binary path command: "which aide" register:
> aide_path - name: Check for existing aide database stat: path:
> "/var/lib/aide/aide.db.gz" register: aide_db_check - name: Update aide
> database command: "{{ aide_path.stdout }} -u" register: aide_update - name:
> Move new aide database into place copy: remote_src: true src:
> /var/lib/aide/aide.db.new.gz dest: /var/lib/aide/aide.db.gz - name: Remove
> aide.db.new.gz file: path: /var/lib/aide/aide.db.new.gz state: absent
>
> Thanks,
> Harry
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/debd1f3b-2690-4e3e-abbe-590a3e4e235a%40googlegroups.com.
