Erroneous playbook failure

[harry devine]

We have a playbook that runs every night that will do a "yum update" on all of our servers, then performs an "aide --update" to keep AIDE up to date.  Whenever a difference is found, Ansible flags it as a fatal error.  The msg is "non zero return code" and the rc value is 7.

Here'a sample of the output:

AIDE 0.15.1 found differences between database and filesystem!! Start timestamp: 2019-08-12 02:39:23 Summary: Total number of files: 188094 Added files: 137 Removed files: 4 Changed files: 16 --------------------------------------------------- Added files: --------------------------------------------------- added: /bin/insights-client added: /bin/insights-client-run added: /bin/redhat-access-insights added: /bin/sha1hmac added: /bin/sha256hmac added: /bin/sha384hmac added: /bin/sha512hmac added: /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img.bak added: /etc/cron.daily/aide.check added: /etc/insights-client added: /etc/insights-client/.cache.json added: /etc/insights-client/.cache.json.asc added: /etc/insights-client/.exp.sed added: /etc/insights-client/.fallback.json added: /etc/insights-client/.fallback.json.asc added: /etc/insights-client/.insights-core-gpg-sig.etag added: /etc/insights-client/.insights-core.etag added: /etc/insights-client/.last-upload.results added: /etc/insights-client/.lastupload added: /etc/insights-client/.registered added: /etc/insights-client/cert-api.access.redhat.com.pem added: /etc/insights-client/insights-client.conf added: /etc/insights-client/machine-id added: /etc/insights-client/redhattools.pub.gpg added: /etc/insights-client/rpm.egg added: /etc/insights-client/rpm.egg.asc added: /etc/pki/entitlement/7834364010455541223-key.pem added: /etc/pki/entitlement/7834364010455541223.pem added: /etc/redhat-access-insights added: /etc/redhat-access-insights/.lastupload added: /etc/redhat-access-insights/.registered added: /etc/redhat-access-insights/machine-id added: /etc/redhat-access-insights/redhat-access-insights.conf added: /etc/redhat-access-insights/redhat-access-insights.cron added: /etc/sysctl.d/99-tcpsack.conf added: /etc/system-fips added: /etc/systemd/system/multi-user.target.wants/insights-client.timer added: /lib/dracut/dracut.conf.d/40-fips.conf added: /lib/dracut/modules.d/01fips added: /lib/dracut/modules.d/01fips/fips-boot.sh added: /lib/dracut/modules.d/01fips/fips-noboot.sh added: /lib/dracut/modules.d/01fips/fips.sh added: /lib/dracut/modules.d/01fips/module-setup.sh added: /lib/python2.7/site-packages/insights_client added: /lib/python2.7/site-packages/insights_client/__init__.py added: /lib/python2.7/site-packages/insights_client/__init__.pyc added: /lib/python2.7/site-packages/insights_client/__init__.pyo added: /lib/python2.7/site-packages/insights_client/constants.py added: /lib/python2.7/site-packages/insights_client/constants.pyc added: /lib/python2.7/site-packages/insights_client/constants.pyo added: /lib/python2.7/site-packages/insights_client/major_version.py added: /lib/python2.7/site-packages/insights_client/major_version.pyc added: /lib/python2.7/site-packages/insights_client/major_version.pyo added: /lib/python2.7/site-packages/insights_client/run.py added: /lib/python2.7/site-packages/insights_client/run.pyc added: /lib/python2.7/site-packages/insights_client/run.pyo added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt added: /lib/systemd/system/insights-client.service added: /lib/systemd/system/insights-client.timer added: /lib64/hmaccalc added: /lib64/hmaccalc/sha1hmac.hmac added: /lib64/hmaccalc/sha256hmac.hmac added: /lib64/hmaccalc/sha384hmac.hmac added: /lib64/hmaccalc/sha512hmac.hmac added: /root/.ansible added: /root/.ansible/tmp added: /root/.cache/imsettings/log.bak added: /root/.gnupg/trustdb.gpg added: /root/.local/share/gvfs-metadata/root added: /root/.local/share/gvfs-metadata/root-bf61d634.log added: /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-6ebc08c3.log added: /root/.local/share/keyrings added: /root/.local/share/keyrings/login.keyring added: /root/.local/share/keyrings/user.keystore added: /root/.ssh/known_hosts added: /root/fips_part1.sh added: /root/fips_part2.sh added: /root/temp added: /root/temp/gpg.conf added: /root/temp/pubring.gpg added: /root/temp/secring.gpg added: /root/temp/trustdb.gpg added: /usr/bin/insights-client added: /usr/bin/insights-client-run added: /usr/bin/redhat-access-insights added: /usr/bin/sha1hmac added: /usr/bin/sha256hmac added: /usr/bin/sha384hmac added: /usr/bin/sha512hmac added: /usr/lib/dracut/dracut.conf.d/40-fips.conf added: /usr/lib/dracut/modules.d/01fips added: /usr/lib/dracut/modules.d/01fips/fips-boot.sh added: /usr/lib/dracut/modules.d/01fips/fips-noboot.sh added: /usr/lib/dracut/modules.d/01fips/fips.sh added: /usr/lib/dracut/modules.d/01fips/module-setup.sh added: /usr/lib/python2.7/site-packages/insights_client added: /usr/lib/python2.7/site-packages/insights_client/__init__.py added: /usr/lib/python2.7/site-packages/insights_client/__init__.pyc added: /usr/lib/python2.7/site-packages/insights_client/__init__.pyo added: /usr/lib/python2.7/site-packages/insights_client/constants.py added: /usr/lib/python2.7/site-packages/insights_client/constants.pyc added: /usr/lib/python2.7/site-packages/insights_client/constants.pyo added: /usr/lib/python2.7/site-packages/insights_client/major_version.py added: /usr/lib/python2.7/site-packages/insights_client/major_version.pyc added: /usr/lib/python2.7/site-packages/insights_client/major_version.pyo added: /usr/lib/python2.7/site-packages/insights_client/run.py added: /usr/lib/python2.7/site-packages/insights_client/run.pyc added: /usr/lib/python2.7/site-packages/insights_client/run.pyo added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt added: /usr/lib/systemd/system/insights-client.service added: /usr/lib/systemd/system/insights-client.timer added: /usr/lib64/hmaccalc added: /usr/lib64/hmaccalc/sha1hmac.hmac added: /usr/lib64/hmaccalc/sha256hmac.hmac added: /usr/lib64/hmaccalc/sha384hmac.hmac added: /usr/lib64/hmaccalc/sha512hmac.hmac added: /usr/share/doc/hmaccalc-0.9.13 added: /usr/share/doc/hmaccalc-0.9.13/LICENSE added: /usr/share/doc/hmaccalc-0.9.13/README added: /usr/share/man/man5/insights-client.conf.5.gz added: /usr/share/man/man8/insights-client.8.gz added: /usr/share/man/man8/sha1hmac.8.gz added: /usr/share/man/man8/sha256hmac.8.gz added: /usr/share/man/man8/sha384hmac.8.gz added: /usr/share/man/man8/sha512hmac.8.gz --------------------------------------------------- Removed files: --------------------------------------------------- removed: /etc/pki/entitlement/2145996793070099965-key.pem removed: /etc/pki/entitlement/2145996793070099965.pem removed: /root/.gnupg/secring.gpg removed: /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-f370c3c2.log --------------------------------------------------- Changed files: --------------------------------------------------- changed: /boot/efi/EFI/redhat/grub.cfg changed: /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img changed: /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img changed: /etc/group changed: /etc/gshadow changed: /etc/passwd changed: /etc/shadow changed: /etc/ssh/sshd_config changed: /etc/sysconfig/network-scripts/ifcfg-em1 changed: /etc/yum.repos.d/redhat.repo changed: /lib/dracut/modules.d changed: /lib/python2.7/site-packages changed: /usr/lib/dracut/modules.d changed: /usr/lib/python2.7/site-packages changed: /usr/lib64 changed: /usr/share/doc --------------------------------------------------- Detailed information about changes: --------------------------------------------------- File: /boot/efi/EFI/redhat/grub.cfg SHA256 : xe1Df3lqjzE9xW98fqbQYCLrJ0HsYZZ4 , v5UhwoPnZH+0UOf/hn4Q671kreptd6QH File: /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img SHA256 : FZpBgcK79j+KFxhKCd0DGbB9Ej/pvdSX , ICU/9a+jTsDD9PIfD5g6QOfxwyj20J30 SELinux : system_u:object_r:boot_t:s0 , unconfined_u:object_r:boot_t:s0 File: /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img SHA256 : z4xF6KhC5h6tGCVXxgiBaueA/GFqxVa1 , CIf2TMcaOqlKTeI/Hr20MbU6G87IUURE File: /etc/group SHA256 : qGq+Ew69WkAPiKcIcqKu58CQLtaRmOdS , sn6BqRCXHJwYe7lFwjm5mr2WuyUvQ55x File: /etc/gshadow SHA256 : EfiOHQk7jP1ROuSKz7PmcoZqluPPcbgj , pSSCKc1sM3wpYqh3/11SmMtGR/6gHITR File: /etc/passwd SHA256 : +xnEaC5BmsE1xgs8k3jVii06RKdliG03 , sgwWHcGTAe1AoZi8LEfIe9yyuyKsBeO9 File: /etc/shadow SHA256 : m9S0G9ByZLIxSUNDDxtKY3A3gFi8U9fx , i40ldV7xMJVwi+p6gyKAGWqOsxKIFDm2 File: /etc/ssh/sshd_config SHA256 : LFERiUyFoz+gNGYa03lgfxq6F4jG098n , Wz0X/cSHDD6/sV52wbfZuUOiwmRzHWvG File: /etc/sysconfig/network-scripts/ifcfg-em1 SHA256 : UIhQCZTs+kvvF29gLgVzZFQmJ3O1iR3z , DuZF4xhCU/Ba1IIjgHxaDZ7RdZT0byfV File: /etc/yum.repos.d/redhat.repo SHA256 : FkgVgM5NAhEkrAPalWhchoTmEqAOlhgG , eEmfpz41JvgfDRxcjfiW4nFkVmHydmRA Directory: /lib/dracut/modules.d Linkcount: 66 , 67 Directory: /lib/python2.7/site-packages Linkcount: 114 , 116 Directory: /usr/lib/dracut/modules.d Linkcount: 66 , 67 Directory: /usr/lib/python2.7/site-packages Linkcount: 114 , 116 Directory: /usr/lib64 Linkcount: 153 , 154 Directory: /usr/share/doc Linkcount: 1148 , 1149

Here's the playbook (it's included to a main playbook via "include_tasks":

--- - name: Capture aide binary path command: "which aide" register: aide_path - name: Check for existing aide database stat: path: "/var/lib/aide/aide.db.gz" register: aide_db_check - name: Update aide database command: "{{ aide_path.stdout }} -u" register: aide_update - name: Move new aide database into place copy: remote_src: true src: /var/lib/aide/aide.db.new.gz dest: /var/lib/aide/aide.db.gz - name: Remove aide.db.new.gz file: path: /var/lib/aide/aide.db.new.gz state: absent

Thanks,

Harry

[harry devine]

Anyone have any ideas?????

[Zolvaring]

I don't know much about aide but that output appears to just show you what is being changed, is it possible aide simply uses rc 7 to denote that? If you don't believe the task is actually failing, try adding a param go the aide update task:

register: aide_update
failed_when:
- aide_update.rc != 0
- aide_update.rc != 7