with_items is incorrectly indented
On Tue, 21 Mar 2023 at 16:14, [email protected] <[email protected]> wrote:
> I was able to get past that issue, but now the next play is erroring out:
>
> - name: Disable System Accounts - preparation
> ansible.builtin.shell: |
> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
> $7!="/sbin/nologin") { print $1 }' /etc/passwd
> register: enabled_system_accounts
> changed_when: false
>
> - name: Disable System Accounts
> ansible.builtin.user:
> name: "{{ item }}"
> shell: /sbin/nologin
> with_items: "{{ enabled_system_accounts.stdout_lines }}"
> when: enabled_system_accounts.stdout_lines is defined
>
>
> The "Disable System Accounts" is giving me "The task includes an option
> with an undefined variable. The error was: 'item' is undefined". I'm
> assuming that the "enabled_system_accounts" is not defined or available at
> this point? Any thoughts on how to get past this?
>
> Thanks,
> Harry
> On Tuesday, March 21, 2023 at 8:25:41 AM UTC-4 Will McDonald wrote:
>
>> I suspect your problem is simply that your shell command's incorrectly
>> quoted and something like:
>>
>> ansible.builtin.shell: |
>> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>> $7!="/sbin/nologin") { print $1 } ' /etc/passwd
>>
>> Note the additional quotes.
>>
>>
>> https://github.com/major/ansible-role-cis/blob/master/tasks/section_07_level1.yml
>> mostly matches your snippet but uses simpler formatting/quoting as an
>> example.
>>
>> https://github.com/major/ansible-role-cis appears to be deprecated, as
>> does https://github.com/major/cis-rhel-ansible
>>
>> It might also be worth including:
>>
>> 1. What target operating system release(s) you're targeting and
>> 2. What versions of upstream CIS roles you're using.
>>
>>
>>
>>
>> On Tue, 21 Mar 2023 at 11:52, [email protected] <[email protected]>
>> wrote:
>>
>>> We have a role that implements the CIS benchmarks on our systems. When
>>> we get to the following play, we get the error described below:
>>>
>>> - name: Disable System Accounts - preparation
>>> ansible.builtin.shell: |
>>> set -o pipefail && awk -F':' \|
>>> ($3<500 && $1!="root" && $1!="sync" && $1!="shutdown" && $1!="sync"
>>> && $1!="shutdown" && $1!="halt" && $7!="/sbin/nologin") { print $1 }
>>> /etc/passwd
>>> register: enabled_system_accounts
>>> changed_when: false
>>>
>>> Error:
>>>
>>> awk: cmd. line:1: |
>>> awk: cmd. line:1: ^ syntax error
>>> /bin/sh: -c: line 1: syntax error near unexpected token `{'
>>> /bin/sh: -c: line 1: `($3<500 && $1!="root" && $1!="sync" &&
>>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>>> $7!="/sbin/nologin") { print $1 } /etc/passwd'
>>>
>>> Any ideas?
>>>
>>> Thanks,
>>> Harry
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
Sent from Gmail Mobile
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZufkb6WzC5QL0eqYpJWzeHzRMDrYKuDcZGC9MoDebwrQ%40mail.gmail.com.
