with_items is incorrectly indented
On Tue, 21 Mar 2023 at 16:14, lift...@gmail.com <lifte...@gmail.com> wrote:
> I was able to get past that issue, but now the next play is erroring out:
>
> - name: Disable System Accounts - preparation
> ansible.builtin.shell: |
> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
> $7!="/sbin/nologin") { print $1 }' /etc/passwd
> register: enabled_system_accounts
> changed_when: false
>
> - name: Disable System Accounts
> ansible.builtin.user:
> name: "{{ item }}"
> shell: /sbin/nologin
> with_items: "{{ enabled_system_accounts.stdout_lines }}"
> when: enabled_system_accounts.stdout_lines is defined
>
>
> The "Disable System Accounts" is giving me "The task includes an option
> with an undefined variable. The error was: 'item' is undefined". I'm
> assuming that the "enabled_system_accounts" is not defined or available at
> this point? Any thoughts on how to get past this?
>
> Thanks,
> Harry
> On Tuesday, March 21, 2023 at 8:25:41 AM UTC-4 Will McDonald wrote:
>
>> I suspect your problem is simply that your shell command's incorrectly
>> quoted and something like:
>>
>> ansible.builtin.shell: |
>> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>> $7!="/sbin/nologin") { print $1 } ' /etc/passwd
>>
>> Note the additional quotes.
>>
>>
>> https://github.com/major/ansible-role-cis/blob/master/tasks/section_07_level1.yml
>> mostly matches your snippet but uses simpler formatting/quoting as an
>> example.
>>
>> https://github.com/major/ansible-role-cis appears to be deprecated, as
>> does https://github.com/major/cis-rhel-ansible
>>
>> It might also be worth including:
>>
>> 1. What target operating system release(s) you're targeting and
>> 2. What versions of upstream CIS roles you're using.
>>
>>
>>
>>
>> On Tue, 21 Mar 2023 at 11:52, lift...@gmail.com <lift...@gmail.com>
>> wrote:
>>
>>> We have a role that implements the CIS benchmarks on our systems. When
>>> we get to the following play, we get the error described below:
>>>
>>> - name: Disable System Accounts - preparation
>>> ansible.builtin.shell: |
>>> set -o pipefail && awk -F':' \|
>>> ($3<500 && $1!="root" && $1!="sync" && $1!="shutdown" && $1!="sync"
>>> && $1!="shutdown" && $1!="halt" && $7!="/sbin/nologin") { print $1 }
>>> /etc/passwd
>>> register: enabled_system_accounts
>>> changed_when: false
>>>
>>> Error:
>>>
>>> awk: cmd. line:1: |
>>> awk: cmd. line:1: ^ syntax error
>>> /bin/sh: -c: line 1: syntax error near unexpected token `{'
>>> /bin/sh: -c: line 1: `($3<500 && $1!="root" && $1!="sync" &&
>>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>>> $7!="/sbin/nologin") { print $1 } /etc/passwd'
>>>
>>> Any ideas?
>>>
>>> Thanks,
>>> Harry
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ansible-proje...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
Sent from Gmail Mobile
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZufkb6WzC5QL0eqYpJWzeHzRMDrYKuDcZGC9MoDebwrQ%40mail.gmail.com.
