Skip to content

Added always tag to ensure variable exists on CIS profile tag-based e…#436

Open
defnotyujine wants to merge 1 commit intoansible-lockdown:develfrom
defnotyujine:fix_5.1.10_5.1.11
Open

Added always tag to ensure variable exists on CIS profile tag-based e…#436
defnotyujine wants to merge 1 commit intoansible-lockdown:develfrom
defnotyujine:fix_5.1.10_5.1.11

Conversation

@defnotyujine
Copy link

@defnotyujine defnotyujine commented Mar 9, 2026

Overall Review of Changes:
When executing the role with tag filtering (-t level1-server,level1-workstation), the preliminary task that registers prelim_sshd_50_redhat_file was skipped because it had no tags.

Tasks 5.1.10 and 5.1.11 reference prelim_sshd_50_redhat_file.stat.exists, which caused the playbook to fail with an undefined variable error.

Issue Fixes:
Fixed issue for prelim_sshd_50_redhat_file.stat_exists not existing when executing the playbook using tags.
Error Message

TASK [/home/frqadmin/Lockdown/RHEL9-CIS : 5.1.10 | PATCH | Ensure sshd DisableForwarding is enabled | override] ***
fatal: [rhel_host1]: FAILED! => {"msg": "The conditional check 'prelim_sshd_50_redhat_file.stat.exists' failed. The error was: error while evaluating conditional (prelim_sshd_50_redhat_file.stat.exists): 'prelim_sshd_50_redhat_file' is undefined. 'prelim_sshd_50_redhat_file' is undefined\n\nThe error appears to be in '/home/frqadmin/Lockdown/RHEL9-CIS/tasks/section_5/cis_5.1.x.yml': line 281, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: \"5.1.10 | PATCH | Ensure sshd DisableForwarding is enabled | override\"\n      ^ here\n"}
fatal: [rhel_host2]: FAILED! => {"msg": "The conditional check 'prelim_sshd_50_redhat_file.stat.exists' failed. The error was: error while evaluating conditional (prelim_sshd_50_redhat_file.stat.exists): 'prelim_sshd_50_redhat_file' is undefined. 'prelim_sshd_50_redhat_file' is undefined\n\nThe error appears to be in '/home/frqadmin/Lockdown/RHEL9-CIS/tasks/section_5/cis_5.1.x.yml': line 281, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: \"5.1.10 | PATCH | Ensure sshd DisableForwarding is enabled | override\"\n      ^ here\n"}

PLAY RECAP *********************************************************************
rhel_host1                 : ok=203  changed=17   unreachable=0    failed=1    skipped=131  rescued=0    ignored=0   
rhel_host2                 : ok=203  changed=17   unreachable=0    failed=1    skipped=131  rescued=0    ignored=0

How has this been tested?:
Manually

@github-actions
Copy link

github-actions bot commented Mar 9, 2026

Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
Please join in the conversation happening on the Discord Server as well.

uk-bolly
uk-bolly previously approved these changes Mar 9, 2026
View reviewed changes
Copy link
Member

@uk-bolly uk-bolly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch thank you

@uk-bolly uk-bolly dismissed their stale review March 9, 2026 09:04

Not signed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@uk-bolly uk-bolly uk-bolly left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@defnotyujine @uk-bolly