[ansible-project] Re: selectattr for files' permission

[Thuan]

Correction: the playbook worked on the local host but not on AWS EC2.

error:

 {"msg": "The task includes an option with an undefined variable. The error 
was: 'item' is undefined\n\nThe error appears to be in 
'/mnt/c/Users/Thuan/Documents/projects/thuan/projects/ansible-stigs/tasks/stig/Apache2/
 
Test-12345.yml': line 27, column 7, but may\nbe elsewhere in the file 
depending on the exact syntax problem.\n\nThe offending line appears to 
be:\n\n\n    - name: change the permission and ownership of the files\n     
 ^ here\n"}

On Friday, June 3, 2022 at 8:34:23 AM UTC-4 Thuan wrote:

> Hello,
>
> My current playbook worked and I just want to know if there room for 
> improvement.
>
>
> ---
>
>     - name: verify that the logs ownership/perms are belong to system 
> administrators and service accounts.
>       hosts: localhost
>       vars:
>         stig_id: Test-12345
>         stig_text: 'FAILED. The Apache web server log files must only be 
> accessible by privileged users.'
>         target_file: /tmp/
>     
>         output_path: "/tmp/stig-{{ansible_hostname}}.txt"
>         local_action: lineinfile regexp='^Test-12345' path="{{ output_path 
> }}" state=absent
>     
>       tasks:
>         - name:
>           block:
>             - name: verify the logs ownership
>               find:
>                 paths: "{{ target_file }}"
>                 patterns: "*.txt"
>               register: ownership
>               failed_when: >
>                 (ownership.files | selectattr('pw_name', '!=', 'root') | 
> list) or
>                 (ownership.files | selectattr('gr_name', '!=', 'adm') | 
> list) or
>                 (ownership.files | selectattr('mode', '!=', '0750') | list)
>     
>             - set_fact:
>                 stig_text: "{{ stig_id }} PASSED"
>     
>           rescue:
>             - name: change the permission and ownership of the files
>               become: true
>               file:
>                 path: "{{ item.path }}"
>                 owner: root
>                 group: adm
>                 mode: 0750
>               with_items: "{{ ownership.files }}"
>               register: change_perms
>     
>             - set_fact:
>                 stig_text: "PASSED"
>               when: change_perms.changed == true
>     
>             - debug:
>                 msg: "{{ stig_id }} {{ stig_text }}"
>     
>           always:
>             - local_action: lineinfile line="{{ stig_id }} {{ stig_text 
> }}" path="{{ output_path }}" create=yes
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7bb46e21-64b3-4d56-905e-08472785fb92n%40googlegroups.com.