{"id":7031,"sha1":"e0134ddd8c9ac2439235aaf877b1cf1f6a76cefe","playbook":{"id":4894,"items":{"plays":1,"tasks":4,"results":4,"hosts":1,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-prod.sh"],"listhosts":false,"subset":"efficient-swan.man-1.vm.plesk-server.com","extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["RM10224-bad-kernels.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":266,"name":"subset:efficient-swan.man-1.vm.plesk-server.com"}],"started":"2026-01-26T11:15:34.773240Z","ended":"2026-01-26T11:15:36.345396Z","duration":"00:00:01.572156","name":null,"ansible_version":"2.16.11","client_version":"1.7.4","python_version":"3.10.10","server_version":"1.7.4","status":"failed","path":"/home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: Validate running kernel using uname -r and log bad hosts\n  hosts: all\n  gather_facts: false\n  vars:\n    # Acceptable explicit versions\n    good_kernels:\n      - \"4.18.0-553.80.1.el8_10.x86_64\"\n      - \"4.18.0-553.93.1.el8_10.x86_64\"\n    # Local file on Ansible controller to record bad hosts\n    bad_kernel_file: \"/tmp/bad_kernels.txt\"\n\n  tasks:\n    - name: Get running kernel version\n      ansible.builtin.command: uname -r\n      register: uname_result\n      changed_when: false\n\n    - name: Set current kernel fact\n      ansible.builtin.set_fact:\n        current_kernel: \"{{ uname_result.stdout | trim }}\"\n\n    - name: Extract patch number (e.g., 80 from 4.18.0-553.80.1.el8_10.x86_64)\n      ansible.builtin.set_fact:\n        patch_match: \"{{ current_kernel | regex_search('4\\\\.18\\\\.0-553\\\\.([0-9]+)\\\\.1\\\\.el8_10\\\\.x86_64', '\\\\1') }}\"\n\n    - name: Determine kernel status\n      ansible.builtin.set_fact:\n        kernel_status: |\n          {% if current_kernel in good_kernels %}\n            good\n          {% elif patch_match | length > 0 and (patch_match[0] | int) >= 93 %}\n            good\n          {% elif patch_match | length > 0 and ((patch_match[0] | int) == 81 or ((patch_match[0] | int) >= 83 and (patch_match[0] | int) <= 92)) %}\n            bad\n          {% else %}\n            unknown\n          {% endif %\n\n    - name: Record host with bad kernel to local file\n      when: kernel_status == \"bad\"\n      delegate_to: localhost\n      run_once: false\n      ansible.builtin.lineinfile:\n        path: \"{{ bad_kernel_file }}\"\n        line: \"{{ inventory_hostname }} {{ current_kernel }}\"\n        create: true\n        mode: '0644'\n\n    - name: (Optional) Fail on bad kernel\n      ansible.builtin.fail:\n        msg: \"Prohibited kernel detected: {{ current_kernel }}\"\n      when: kernel_status == \"bad\"\n\n    - name: Report result for visibility\n      ansible.builtin.debug:\n        msg: \"Kernel check: {{ 'PASS' if kernel_status == 'good' else 'UNKNOWN' }}\"\n      when: kernel_status != \"bad\"\n","created":"2026-01-26T11:15:34.791258Z","updated":"2026-01-26T11:15:34.791296Z","path":"/home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml"}