ara | File #7031: /home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml

/home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml

Execution

Date 26 Jan 2026 11:15:34 +0000

Duration 00:00:01.57

Controller ssh-gw-4.layershift.com

User root

Versions

Ansible 2.16.11

ara 1.7.4 / 1.7.4

Python 3.10.10

Summary

1 Hosts

4 Tasks

4 Results

1 Plays

1 Files

0 Records

remote_user:root check:False tags:all subset:efficient-swan.man-1.vm.plesk-server.com

Date
26 Jan 2026 11:15:34 +0000
Path
/home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml

Argument	Value
version	None
verbosity	2
private_key_file	/home/ssh-gateway/.ssh/id_rsa
remote_user	root
connection	ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-prod.sh']
listhosts	False
subset	efficient-swan.man-1.vm.plesk-server.com
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	20
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['RM10224-bad-kernels.yaml']

File: /home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml

---
- name: Validate running kernel using uname -r and log bad hosts
  hosts: all
  gather_facts: false
  vars:
    # Acceptable explicit versions
    good_kernels:
      - "4.18.0-553.80.1.el8_10.x86_64"
      - "4.18.0-553.93.1.el8_10.x86_64"
    # Local file on Ansible controller to record bad hosts
    bad_kernel_file: "/tmp/bad_kernels.txt"

  tasks:
    - name: Get running kernel version
      ansible.builtin.command: uname -r
      register: uname_result
      changed_when: false

    - name: Set current kernel fact
      ansible.builtin.set_fact:
        current_kernel: "{{ uname_result.stdout | trim }}"

    - name: Extract patch number (e.g., 80 from 4.18.0-553.80.1.el8_10.x86_64)
      ansible.builtin.set_fact:
        patch_match: "{{ current_kernel | regex_search('4\\.18\\.0-553\\.([0-9]+)\\.1\\.el8_10\\.x86_64', '\\1') }}"

    - name: Determine kernel status
      ansible.builtin.set_fact:
        kernel_status: |
          {% if current_kernel in good_kernels %}
            good
          {% elif patch_match | length > 0 and (patch_match[0] | int) >= 93 %}
            good
          {% elif patch_match | length > 0 and ((patch_match[0] | int) == 81 or ((patch_match[0] | int) >= 83 and (patch_match[0] | int) <= 92)) %}
            bad
          {% else %}
            unknown
          {% endif %

    - name: Record host with bad kernel to local file
      when: kernel_status == "bad"
      delegate_to: localhost
      run_once: false
      ansible.builtin.lineinfile:
        path: "{{ bad_kernel_file }}"
        line: "{{ inventory_hostname }} {{ current_kernel }}"
        create: true
        mode: '0644'

    - name: (Optional) Fail on bad kernel
      ansible.builtin.fail:
        msg: "Prohibited kernel detected: {{ current_kernel }}"
      when: kernel_status == "bad"

    - name: Report result for visibility
      ansible.builtin.debug:
        msg: "Kernel check: {{ 'PASS' if kernel_status == 'good' else 'UNKNOWN' }}"
      when: kernel_status != "bad"

Playbook #4894

File: /home/ssh-gateway/ansible/kuly/RM10224-bad-kernels.yaml