ansible-playbook [core 2.17.5]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
ansible collection location = /tmp/collections-J9Y
executable location = /usr/local/bin/ansible-playbook
python version = 3.12.6 (main, Sep 9 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3.12)
jinja version = 3.1.4
libyaml = True
No config file found; using defaults
running playbook inside collection fedora.linux_system_roles
redirecting (type: callback) ansible.builtin.debug to ansible.posix.debug
redirecting (type: callback) ansible.builtin.debug to ansible.posix.debug
redirecting (type: callback) ansible.builtin.profile_tasks to ansible.posix.profile_tasks
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: tests_default.yml ****************************************************
1 plays in /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/tests/pam_pwd/tests_default.yml
PLAY [Ensure that the role runs with default parameters] ***********************
TASK [Gathering Facts] *********************************************************
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/tests/pam_pwd/tests_default.yml:3
Saturday 02 November 2024 11:06:47 -0400 (0:00:00.009) 0:00:00.009 *****
[WARNING]: Platform linux on host managed-node1 is using the discovered Python
interpreter at /usr/bin/python3.9, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.17/reference_appendices/interpreter_discovery.html for more information.
ok: [managed-node1]
TASK [fedora.linux_system_roles.pam_pwd : Perform platform/version specific tasks] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/main.yml:4
Saturday 02 November 2024 11:06:49 -0400 (0:00:02.394) 0:00:02.404 *****
included: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml for managed-node1
TASK [fedora.linux_system_roles.pam_pwd : Deny access after number of consecutive authentication failures num 5] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:2
Saturday 02 November 2024 11:06:49 -0400 (0:00:00.039) 0:00:02.443 *****
changed: [managed-node1] => {
"backup": "/etc/security/faillock.conf.6359.2024-11-02@11:06:50~",
"changed": true
}
MSG:
line added
TASK [fedora.linux_system_roles.pam_pwd : Reenable access after the lock out seconds 300] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:12
Saturday 02 November 2024 11:06:50 -0400 (0:00:00.484) 0:00:02.928 *****
changed: [managed-node1] => {
"backup": "/etc/security/faillock.conf.6468.2024-11-02@11:06:50~",
"changed": true
}
MSG:
line added
TASK [fedora.linux_system_roles.pam_pwd : Set option silent in /etc/security/faillock.conf] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:20
Saturday 02 November 2024 11:06:50 -0400 (0:00:00.344) 0:00:03.272 *****
changed: [managed-node1] => {
"backup": "/etc/security/faillock.conf.6577.2024-11-02@11:06:50~",
"changed": true
}
MSG:
line added
TASK [fedora.linux_system_roles.pam_pwd : List authselect profiles] ************
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:29
Saturday 02 November 2024 11:06:50 -0400 (0:00:00.370) 0:00:03.643 *****
ok: [managed-node1] => {
"changed": false,
"cmd": [
"authselect",
"list"
],
"delta": "0:00:00.026995",
"end": "2024-11-02 11:06:51.395999",
"rc": 0,
"start": "2024-11-02 11:06:51.369004"
}
STDOUT:
- minimal Local users only for minimal installations
- sssd Enable SSSD for system authentication (also for local users only)
- winbind Enable winbind for system authentication
TASK [fedora.linux_system_roles.pam_pwd : Create custom authselect profile from existing profile sssd password-policy] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:38
Saturday 02 November 2024 11:06:51 -0400 (0:00:00.449) 0:00:04.092 *****
Notification for handler Pam_pwd_authselect_apply has been saved.
changed: [managed-node1] => {
"changed": true,
"cmd": [
"authselect",
"create-profile",
"password-policy",
"-b",
"sssd"
],
"delta": "0:00:00.004553",
"end": "2024-11-02 11:06:51.726805",
"rc": 0,
"start": "2024-11-02 11:06:51.722252"
}
STDOUT:
New profile was created at /etc/authselect/custom/password-policy
TASK [fedora.linux_system_roles.pam_pwd : List authselect current profile] *****
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:46
Saturday 02 November 2024 11:06:51 -0400 (0:00:00.329) 0:00:04.422 *****
ok: [managed-node1] => {
"changed": false,
"cmd": [
"authselect",
"current"
],
"delta": "0:00:00.004693",
"end": "2024-11-02 11:06:52.056065",
"failed_when_result": false,
"rc": 0,
"start": "2024-11-02 11:06:52.051372"
}
STDOUT:
Profile ID: sssd
Enabled features: None
TASK [fedora.linux_system_roles.pam_pwd : Select profile password-policy] ******
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:58
Saturday 02 November 2024 11:06:52 -0400 (0:00:00.332) 0:00:04.754 *****
Notification for handler Pam_pwd_authselect_apply has been saved.
changed: [managed-node1] => {
"changed": true,
"cmd": [
"authselect",
"select",
"--force",
"custom/password-policy"
],
"delta": "0:00:00.019852",
"end": "2024-11-02 11:06:52.405079",
"rc": 0,
"start": "2024-11-02 11:06:52.385227"
}
STDOUT:
Backup stored at /var/lib/authselect/backups/2024-11-02-15-06-52.0Y6b16
Profile "custom/password-policy" was selected.
The following nsswitch maps are overwritten by the profile:
- passwd
- group
- netgroup
- automount
- services
Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.
TASK [fedora.linux_system_roles.pam_pwd : List authselect current profile] *****
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:64
Saturday 02 November 2024 11:06:52 -0400 (0:00:00.356) 0:00:05.111 *****
ok: [managed-node1] => {
"changed": false,
"cmd": [
"authselect",
"current"
],
"delta": "0:00:00.004054",
"end": "2024-11-02 11:06:52.774848",
"rc": 0,
"start": "2024-11-02 11:06:52.770794"
}
STDOUT:
Profile ID: custom/password-policy
Enabled features: None
TASK [fedora.linux_system_roles.pam_pwd : Set enable-feature with-faillock] ****
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:69
Saturday 02 November 2024 11:06:52 -0400 (0:00:00.366) 0:00:05.477 *****
Notification for handler Pam_pwd_authselect_apply has been saved.
changed: [managed-node1] => {
"changed": true,
"cmd": [
"authselect",
"enable-feature",
"with-faillock"
],
"delta": "0:00:00.012407",
"end": "2024-11-02 11:06:53.158471",
"rc": 0,
"start": "2024-11-02 11:06:53.146064"
}
STDOUT:
Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.
TASK [fedora.linux_system_roles.pam_pwd : Keep history of the last passwords used num 10] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:75
Saturday 02 November 2024 11:06:53 -0400 (0:00:00.384) 0:00:05.862 *****
changed: [managed-node1] => (item=/etc/authselect/custom/password-policy/system-auth) => {
"ansible_loop_var": "item",
"backup": "/etc/authselect/custom/password-policy/system-auth.7334.2024-11-02@11:06:53~",
"changed": true,
"item": "/etc/authselect/custom/password-policy/system-auth"
}
MSG:
line added
changed: [managed-node1] => (item=/etc/authselect/custom/password-policy/password-auth) => {
"ansible_loop_var": "item",
"backup": "/etc/authselect/custom/password-policy/password-auth.7443.2024-11-02@11:06:53~",
"changed": true,
"item": "/etc/authselect/custom/password-policy/password-auth"
}
MSG:
line added
TASK [fedora.linux_system_roles.pam_pwd : Enforce root for password complexity] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:89
Saturday 02 November 2024 11:06:53 -0400 (0:00:00.724) 0:00:06.586 *****
changed: [managed-node1] => (item=/etc/authselect/custom/password-policy/system-auth) => {
"ansible_loop_var": "item",
"backup": "/etc/authselect/custom/password-policy/system-auth.7552.2024-11-02@11:06:54~",
"changed": true,
"item": "/etc/authselect/custom/password-policy/system-auth"
}
MSG:
line replaced
changed: [managed-node1] => (item=/etc/authselect/custom/password-policy/password-auth) => {
"ansible_loop_var": "item",
"backup": "/etc/authselect/custom/password-policy/password-auth.7661.2024-11-02@11:06:54~",
"changed": true,
"item": "/etc/authselect/custom/password-policy/password-auth"
}
MSG:
line replaced
TASK [fedora.linux_system_roles.pam_pwd : Set password quality] ****************
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/main.yml:17
Saturday 02 November 2024 11:06:54 -0400 (0:00:00.784) 0:00:07.371 *****
changed: [managed-node1] => {
"backup_file": "/etc/security/pwquality.conf.7770.2024-11-02@11:06:55~",
"changed": true
}
MSG:
Block inserted
NOTIFIED HANDLER fedora.linux_system_roles.pam_pwd : Apply authselect changes for managed-node1
RUNNING HANDLER [fedora.linux_system_roles.pam_pwd : Apply authselect changes] ***
task path: /tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/handlers/main.yml:5
Saturday 02 November 2024 11:06:55 -0400 (0:00:00.445) 0:00:07.816 *****
changed: [managed-node1] => {
"changed": true,
"cmd": [
"authselect",
"apply-changes"
],
"delta": "0:00:00.015604",
"end": "2024-11-02 11:06:55.473230",
"rc": 0,
"start": "2024-11-02 11:06:55.457626"
}
STDOUT:
Changes were successfully applied.
PLAY RECAP *********************************************************************
managed-node1 : ok=15 changed=10 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Saturday 02 November 2024 11:06:55 -0400 (0:00:00.354) 0:00:08.171 *****
===============================================================================
Gathering Facts --------------------------------------------------------- 2.40s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/tests/pam_pwd/tests_default.yml:3
fedora.linux_system_roles.pam_pwd : Enforce root for password complexity --- 0.78s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:89
fedora.linux_system_roles.pam_pwd : Keep history of the last passwords used num 10 --- 0.72s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:75
fedora.linux_system_roles.pam_pwd : Deny access after number of consecutive authentication failures num 5 --- 0.48s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:2
fedora.linux_system_roles.pam_pwd : List authselect profiles ------------ 0.45s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:29
fedora.linux_system_roles.pam_pwd : Set password quality ---------------- 0.45s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/main.yml:17
fedora.linux_system_roles.pam_pwd : Set enable-feature with-faillock ---- 0.38s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:69
fedora.linux_system_roles.pam_pwd : Set option silent in /etc/security/faillock.conf --- 0.37s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:20
fedora.linux_system_roles.pam_pwd : List authselect current profile ----- 0.37s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:64
fedora.linux_system_roles.pam_pwd : Select profile password-policy ------ 0.36s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:58
fedora.linux_system_roles.pam_pwd : Apply authselect changes ------------ 0.35s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/handlers/main.yml:5
fedora.linux_system_roles.pam_pwd : Reenable access after the lock out seconds 300 --- 0.34s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:12
fedora.linux_system_roles.pam_pwd : List authselect current profile ----- 0.33s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:46
fedora.linux_system_roles.pam_pwd : Create custom authselect profile from existing profile sssd password-policy
--- 0.33s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/setup/default.yml:38
fedora.linux_system_roles.pam_pwd : Perform platform/version specific tasks --- 0.04s
/tmp/collections-J9Y/ansible_collections/fedora/linux_system_roles/roles/pam_pwd/tasks/main.yml:4