ara | Result #468694: [ok] ansible.builtin.shell on perfect-antelope.man-1.solus.stage.town for "On plesk server run the script"

/home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml

Execution

Date 16 Sep 2025 10:20:12 +0100

Duration 00:00:02.77

Controller ssh-gw-4.layershift.com

User root

Versions

Ansible 2.16.11

ara 1.7.3 / 1.7.3

Python 3.10.10

Summary

1 Hosts

3 Tasks

3 Results

1 Plays

1 Files

0 Records

remote_user:root check:False tags:all subset:perfect-antelope.man-1.solus.stage.town

Date
16 Sep 2025 10:20:12 +0100
Path
/home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml

Argument	Value
version	None
verbosity	2
private_key_file	/home/ssh-gateway/.ssh/id_rsa
remote_user	root
connection	ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-dev.sh']
listhosts	False
subset	perfect-antelope.man-1.solus.stage.town
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	20
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['RM10136_firewall_ssh_deny.yaml']

Task result details

Status
OK
Duration
00:00:00.52
Play
Playbook to deny ssh for plesk servers that do not have shell users
Task
On plesk server run the script
Host
perfect-antelope.man-1.solus.stage.town

Date
16 Sep 2025 10:20:14 +0100
Module / Action
ansible.builtin.shell (/home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml:9)

Field	Value
changed	False
cmd	set -o pipefail set -e homedirs=$(awk '/HTTPD_VHOSTS_D/ {print $2}' /etc/psa/psa.conf) bashes=$(grep "$homedirs" /etc/passwd \| grep -v "/bin/false" \| wc -l) if [ "$bashes" -eq 0 ]; then rule_id=$(/usr/sbin/plesk ext firewall --list-json \| jq -r '.[] \| select(.class=="ssh") \| .id') if [ -n "$rule_id" ]; then echo "Blocking SSH via Plesk firewall (rule ID: $rule_id)..." /usr/sbin/plesk ext firewall --set-rule -id "$rule_id" -action deny && /usr/sbin/plesk ext firewall --apply -auto-confirm-this-may-lock-me-out-of-the-server else echo "SSH rule not found in firewall!" fi else echo "We have users with shells, skipping" fi
delta	0:00:00.010737
end	2025-09-16 10:20:14.802423
failed_when_result	False
invocation	{ "module_args": { "_raw_params": "set -o pipefail\nset -e\nhomedirs=$(awk '/HTTPD_VHOSTS_D/ {print $2}' /etc/psa/psa.conf)\nbashes=$(grep \"$homedirs\" /etc/passwd \| grep -v \"/bin/false\" \| wc -l)\nif [ \"$bashes\" -eq 0 ]; then\n rule_id=$(/usr/sbin/plesk ext firewall --list-json \| jq -r '.[] \| select(.class==\"ssh\") \| .id')\n if [ -n \"$rule_id\" ]; then\n echo \"Blocking SSH via Plesk firewall (rule ID: $rule_id)...\"\n /usr/sbin/plesk ext firewall --set-rule -id \"$rule_id\" -action deny && /usr/sbin/plesk ext firewall --apply -auto-confirm-this-may-lock-me-out-of-the-server\n else\n echo \"SSH rule not found in firewall!\"\n fi\nelse\n echo \"We have users with shells, skipping\"\nfi\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": "/bin/bash", "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }
msg	non-zero return code
rc	1
start	2025-09-16 10:20:14.791686
stderr
stderr_lines	[]
stdout
stdout_lines	[]

Playbook #3818

Task result details