Hello, I've googled high and low for an answer but keep going down rabbit holes with no obvious solution. This seems like the right place to ask. I'm guessing this behavior is a "feature" of ansible and there's not a work-around?
I have the following playbook excerpt: --- - name: Harden Linux Hosts gather_facts: True hosts: Harden sudo: yes remote_user: "{{ remote_user }}" roles: - { role: myRole.hardenLinux } In the role's main.yml are series of tasks like --- - name: "V-38653 The snmpd service must not use a default password." tags: - snmpd - severity_high include: V-38653.yml And in that playbook --- # Presence of the default SNMP password enables querying of different # system aspects and could result in unauthorized knowledge of the system. - name: "Check for the existence of the snmp.conf file" stat: path="snmpd_conf_{{ ansible_distribution }}" register: snmpd_st - name: "Replace any instances where the community string is 'public'" replace: dest="snmpd_conf_{{ ansible_distribution }}" regexp='(^com2sec.*)public$' replace='\1{{ snmp_community }}' backup=yes when: not logonly and snmpd_st.stat.exists When included in my playbook I'll see logged to stdout PLAY [Harden Linux Hosts] ***************************************************** GATHERING FACTS *************************************************************** ok: [1.2.3.4] TASK: [myRole.hardenLinux | Check for the existence of the snmp.conf file] ***** ok: [1.2.3.4] TASK: [myRole.hardenLinux | Replace any instances where the community string is 'public'] *** skipping: [1.2.3.4] PLAY RECAP ******************************************************************** 1.2.3.4 : ok=2 changed=0 unreachable=0 failed=0 at no point is it logging *"V-38653 The snmpd service must not use a default password."* You can probably see where this becomes difficult to troubleshoot tell where it's at in the execution of the main.yml. I had the logging I wanted when this was a playbook, where it would log PLAY [ V-38653 The snmpd service must not use a default password ] but role behavior is obviously different. The tags are working right so it doesn't seem to be directly syntax related. Am I just abusing roles in a way I shouldn't be? Why would Thanks in advance! Kevin -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6eddcec9-5219-48b3-972c-08458034d49d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.