I am using OSA 17.1.2 and the ansible-hardening role was eating up all my 11GB of memory in the deployment host which is weird. I found that the file ansible-hardening/tasks/rhel7stig/main.yml using include_tasks statements for including tasks which can be static imports instead I think. The affected lines:
- include_tasks: accounts.yml
- include_tasks: aide.yml
- include_tasks: auditd.yml
- include_tasks: auth.yml
- include_tasks: file_perms.yml
- include_tasks: graphical.yml
- include_tasks: kernel.yml
- include_tasks: lsm.yml
- include_tasks: misc.yml
- include_tasks: sshd.yml
I got this error message when I ran ansible-hardening:
2018-10-26 11:52:51,266 p=677 u=root | Friday 26 October 2018 11:52:51 +0000 (0:00:14.270) 0:21:45.680 ********
2018-10-26 11:52:51,941 p=677 u=root | TASK [ansible-hardening : include_tasks] *****************************************************************************************************************************************************************************************************
2018-10-26 11:52:51,941 p=677 u=root | Friday 26 October 2018 11:52:51 +0000 (0:00:00.675) 0:21:46.355 ********
2018-10-26 11:52:57,589 p=677 u=root | included: /etc/ansible/roles/ansible-hardening/tasks/rhel7stig/sshd.yml for ceph-osd8, ceph-osd9, ceph-osd2, ceph-osd3, ceph-osd1, ceph-osd6, ceph-osd7, ceph-osd4, ceph-osd5, compute6, compute26, compute11, compute36, compute37, compute10, compute35, compute34, compute33, compute32, compute17, compute19, compute15, compute39, compute38, compute31, compute30, compute1, compute3, compute2, compute5, compute4, compute7, compute18, compute9, compute8, compute29, compute12, compute20, compute21, compute22, compute23, compute24, compute25, compute40, haproxy1, haproxy2, controller3, controller2, controller1, ceph-mon2, ceph-mon3, ceph-mon1, network2, network1
2018-10-26 11:53:30,166 p=677 u=root | TASK [ansible-hardening : Copy login warning banner] *****************************************************************************************************************************************************************************************
2018-10-26 11:53:30,171 p=677 u=root | Friday 26 October 2018 11:53:30 +0000 (0:00:38.226) 0:22:24.585 ********
2018-10-26 11:53:30,209 p=677 u=root | ERROR! Unexpected Exception, this is probably a bug: [Errno 12] Cannot allocate memory
2018-10-26 11:53:30,209 p=677 u=root | to see the full traceback, use -vvv
2018-10-26 11:53:30,211 p=677 u=root | the full traceback was:
Traceback (most recent call last):
File "/opt/ansible-runtime/bin/ansible-playbook", line 106, in <module>
exit_code = cli.run()
File "/opt/ansible-runtime/local/lib/python2.7/site-packages/ansible/cli/playbook.py", line 122, in run
results = pbex.run()
File "/opt/ansible-runtime/local/lib/python2.7/site-packages/ansible/executor/playbook_executor.py", line 154, in run
result = self._tqm.run(play=play)
File "/opt/ansible-runtime/local/lib/python2.7/site-packages/ansible/executor/task_queue_manager.py", line 290, in run
play_return = strategy.run(iterator, play_context)
File "/opt/ansible-runtime/local/lib/python2.7/site-packages/ansible/plugins/strategy/linear.py", line 277, in run
self._queue_task(host, task, task_vars, play_context)
File "/etc/ansible/roles/plugins/strategy/linear.py", line 209, in _queue_task
_play_context
File "/opt/ansible-runtime/local/lib/python2.7/site-packages/ansible/plugins/strategy/__init__.py", line 254, in _queue_task
worker_prc.start()
File "/usr/lib/python2.7/multiprocessing/process.py", line 130, in start
self._popen = Popen(self)
File "/usr/lib/python2.7/multiprocessing/forking.py", line 121, in __init__
self.pid = os.fork()
OSError: [Errno 12] Cannot allocate memory
I realized huge memory increases when the tasks was doing include_tasks. I checked the imports with static import_tasks and the memory usage remained 1.5GB.
The Ansible related issue discussed here: https:/