Unable to restart auditd service on centos7
840 views
Skip to first unread message
Bala Mutyam
Feb 17, 2020, 8:36:11 AM2/17/20
to Ansible Project
Hi all,
Anisble Version: ansible 2.7.7
I'm configuring auditd on centos7 but the auditd service is failing to restart.
Handler:
- name: centos7 restart auditd
become: yes
command: service auditd restart
Error:
FAILED! => {"changed": false, "msg": "Unable to restart service auditd: Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).\nSee system logs and 'systemctl status auditd.service' for details.\n"}
I can restart the service via commandline on the host using "service auditd restart"
I'm running playbook as root user
Could someone help me please?
Stefan Hornburg (Racke)
Feb 17, 2020, 8:42:37 AM2/17/20
to ansible...@googlegroups.com
fails, please provide corresponding log messages as instructed in the error message.
Regards
Racke
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Bariou Alarou
Feb 17, 2020, 8:43:49 AM2/17/20
to ansible...@googlegroups.com
Could you use the service module instead of command.
Handler:
- name: centos7 restart auditd
service:
name: audits
state: restarted
become: yes
Also wanted to know how do you run your playbook because you defined as handler.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com.
Bala Mutyam
Feb 17, 2020, 9:54:00 AM2/17/20
to Ansible Project
Service module is also failing with the same error.
fatal: [192.168.69.33]: FAILED! => {"changed": false, "msg": "Unable to restart service auditd: Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).\nSee system logs and 'systemctl status auditd.service' for details.\n"}
On Monday, February 17, 2020 at 1:42:37 PM UTC, Stefan Hornburg (Racke) wrote:
On 2/17/20 2:36 PM, Bala Mutyam wrote:
> Hi all,
>
> Anisble Version: ansible 2.7.7
>
>
> I'm configuring auditd on centos7 but the auditd service is failing to restart.
>
> Handler:
>
> - name: centos7 restart auditd
> become: yes
> command: service auditd restart
>
> Error:
>
> FAILED! => {"changed": false, "msg": "Unable to restart service auditd: Failed to restart auditd.service: Operation
> refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).\nSee
> system logs and 'systemctl status auditd.service' for details.\n"}
>
> I can restart the service via commandline on the host using "service auditd restart"
>
> I'm running playbook as root user
>
> Could someone help me please?
It might not solve your problem, but you should certainly use the "service" module instead of "command". If it still
fails, please provide corresponding log messages as instructed in the error message.
Regards
Racke
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
Dick Visser
Feb 17, 2020, 10:13:18 AM2/17/20
to ansible...@googlegroups.com
Then you should follow the advice given, i.e:
See system logs and 'systemctl status auditd.service' for details.
>> > ansible...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3afc2f51-e5f4-41d2-b460-cf9fcc904757%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
See system logs and 'systemctl status auditd.service' for details.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com
>> > <https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>
>>
>> --
>> Ecommerce and Linux consulting + Perl and web application programming.
>> Debian and Sympa administration. Provisioning with Ansible.
>>
>> > https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com
>> > <https://groups.google.com/d/msgid/ansible-project/417abda6-bbfd-4af8-9eed-8ee023e5eb73%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>
>>
>> --
>> Ecommerce and Linux consulting + Perl and web application programming.
>> Debian and Sympa administration. Provisioning with Ansible.
>>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3afc2f51-e5f4-41d2-b460-cf9fcc904757%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Cyril Stoll
Feb 17, 2020, 12:53:18 PM2/17/20
to Ansible Project
Hi
For the handler you have to explicitly state to use the "service" instead of "systemctl" command. For me it worked with a notify and a handler definition like so:
- name: restart auditd
systemd:
name: auditd
state: restarted
use: service
With that handler you can use "notify: restart auditd" in your task and that should work. I'm working with RHEL 7 but that should not be different from centOS 7 in that regard.
Best,
Cyril
Angel Rengifo Cancino
Feb 17, 2020, 8:48:19 PM2/17/20
to ansible...@googlegroups.com
Hello:
On Mon, Feb 17, 2020 at 8:36 AM Bala Mutyam <koti.r...@gmail.com> wrote:
Hi all,Anisble Version: ansible 2.7.7I'm configuring auditd on centos7 but the auditd service is failing to restart.Handler:- name: centos7 restart auditdbecome: yescommand: service auditd restartError:FAILED! => {"changed": false, "msg": "Unable to restart service auditd: Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).\nSee system logs and 'systemctl status auditd.service' for details.\n"}
Have you tried to run "systemctl restart auditd" manually as root in your shell? What's the ouput of that command?
Have you checked at /var/log/messages about any systemctl or auditd errors after running such ansible task?
Reply all
Reply to author
Forward
0 new messages