{"id":7034,"sha1":"d584954eaa205e89c1903a8aae31d9dd934c7c33","playbook":{"id":4897,"items":{"plays":1,"tasks":7,"results":7,"hosts":1,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-prod.sh"],"listhosts":false,"subset":"efficient-swan.man-1.vm.plesk-server.com","extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["RM10224-bad-kernels.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":266,"name":"subset:efficient-swan.man-1.vm.plesk-server.com"}],"started":"2026-01-26T11:22:51.845615Z","ended":"2026-01-26T11:22:53.967275Z","duration":"00:00:02.121660","name":null,"ansible_version":"2.16.11","client_version":"1.7.4","python_version":"3.10.10","server_version":"1.7.4","status":"completed","path":"/home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: Validate running kernel using uname -r and log bad hosts\n  hosts: all\n  gather_facts: false\n  vars:\n    bad_kernel_file: \"/tmp/bad_kernels.txt\"\n\n  tasks:\n    - name: Get running kernel version\n      ansible.builtin.command: uname -r\n      register: uname_result\n      changed_when: false\n\n    - name: Set current kernel fact\n      ansible.builtin.set_fact:\n        current_kernel: \"{{ uname_result.stdout | trim }}\"\n\n    - name: Extract patch number using regex_findall\n      ansible.builtin.set_fact:\n        kernel_patch: >-\n          {% set match = current_kernel | regex_findall('4\\\\.18\\\\.0-553\\\\.([0-9]+)\\\\.1\\\\.el8_10\\\\.x86_64') %}\n          {% if match and match[0] is defined %}\n            {{ match[0] }}\n          {% else %}\n            {{ '' }}\n          {% endif %}\n\n    - name: Determine kernel status\n      ansible.builtin.set_fact:\n        kernel_status: >-\n          {% if kernel_patch == '' %}\n            unknown\n          {% elif kernel_patch | int == 80 %}\n            good\n          {% elif kernel_patch | int >= 81 and kernel_patch | int <= 92 %}\n            bad\n          {% elif kernel_patch | int >= 93 %}\n            good\n          {% else %}\n            unknown\n          {% endif %}\n\n    - name: Record host with bad kernel to local file\n      when: kernel_status == \"bad\"\n      delegate_to: localhost\n      ansible.builtin.lineinfile:\n        path: \"{{ bad_kernel_file }}\"\n        line: \"{{ inventory_hostname }} {{ current_kernel }}\"\n        create: true\n        mode: '0644'\n\n    - name: Fail on bad kernel\n      when: kernel_status == \"bad\"\n      ansible.builtin.fail:\n        msg: \"Prohibited kernel detected on {{ inventory_hostname }}: {{ current_kernel }}\"\n\n    - name: Report result for visibility\n      when: kernel_status != \"bad\"\n      ansible.builtin.debug:\n        msg: \"Kernel check on {{ inventory_hostname }}: {{ kernel_status | upper }} (patch: {{ kernel_patch }})\"\n","created":"2026-01-26T11:22:51.868988Z","updated":"2026-01-26T11:22:51.869034Z","path":"/home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml"}