Audit shows Foreman server 'operatingsystem' attribute changing values (after installing Ansible Plugin on CentOS 8.2)

Problem: Noticed in Host Audit tab for my foreman server, that the ‘operatingsystem’ value bounces between values of ‘CentOS 8.2.2004’ (original) and ‘CentOS 8.2’ (new value), as shown in the attached screen shot, at the end of this post. This occurred after installing the Ansible plugin, but I didn’t notice the change immediately. IIRC, I only looked at the Audit tab to see if Ansible had added anything new, after looking at the Facts tab, where there were lots of additional Ansible sourced facts.

Actions Taken:

  • Installed Ansible Plugin via the installer (with cli option)
  • Copied /etc/foreman-proxy/ansible.cfg to /etc/ansible/ansible.cfg
  • Without importing any roles or variables, selected the Foreman server in ‘Hosts’ → ‘All Hosts’, and used ‘Select Action’ → ‘Run all Ansible roles’ against the sever which completed successfully. NO Actions were taken to alter the host, but Facts were collected. Nothing related to the CentOS version is mentioned in the output of the task.

Note: I’m not 100% sure its the Ansible plugin that caused issue, but I hit a brick wall looking for the UUIDs in the DynFlow console, trying to identify the source of the changes. See further down for my guess at the source code involved.

Request: So, if someone knows how to relate the mentioned UUIDs on the Audit output, back to an action or task that could provide evidence of what made the change, I’d like to know how that is done. It would also be very cool if the UUID was followed by a link to the task/action.

Expected outcome: A uniform definition of ‘operatingsystem’ and no audit messages

Foreman and Proxy versions: 2.1.0 (EL8 repo) as at 14th July 2020

Foreman and Proxy plugin versions:

    sudo foreman-rake plugin:list
Collecting plugin information
Foreman plugin: foreman-tasks, 2.0.1
Foreman plugin: foreman_ansible, 5.1.1
Foreman plugin: foreman_bootdisk, 17.0.2
Foreman plugin: foreman_dhcp_browser, 0.0.8
Foreman plugin: foreman_discovery, 16.1.0
Foreman plugin: foreman_remote_execution, 3.3.2

    dnf list installed | grep ansible
ansible.noarch                                     2.9.10-2.el8                                      @centos-ansible-29
ansible-runner.noarch                              1.4.6-1.el8                                       @ansible-runner   
centos-release-ansible-29.noarch                   1-2.el8                                           @extras           
python3-ansible-runner.noarch                      1.4.6-1.el8                                       @ansible-runner   
python3-daemon.noarch                              2.1.2-9.el8ar                                     @ansible-runner   
python3-lockfile.noarch                            1:0.11.0-8.el8ar                                  @ansible-runner   
python3-pexpect.noarch                             4.6-2.el8ar                                       @ansible-runner   
rubygem-foreman_ansible.noarch                     5.1.1-1.fm2_1.el8                                 @foreman-plugins  
rubygem-foreman_ansible_core.noarch                3.0.3-1.fm2_1.el8                                 @foreman-plugins  
rubygem-hammer_cli_foreman_ansible.noarch          0.3.2-1.fm2_1.el8                                 @foreman-plugins  
rubygem-smart_proxy_ansible.noarch                 3.0.1-6.fm2_1.el8                                 @foreman-plugins  

Distribution and version: CentOS 8.2

Other relevant data:

I did a quick search of the code base and may have identified the two definitions of ‘operatingsystem’ that seem likely candidates for the different values. But I’m not 100% sure of the sources of all data for the function, so I can’t be sure they are relevant, but I’ll mention them anyway. Both are defined very close to the top of each file:

foreman/app/services/puppet_fact_parser.rb
foreman_ansible/app/services/foreman_ansible/operating_system_parser.rb

I also looked for all instance of the exact string '8\.2' the output of both /usr/bin/facter (2.4.0) and
/opt/puppetlabs/bin/facter (3.14.11 (commit ed6c9052b125bee55f21f43d55f790c08ec75c1c)), without any revelations. Which is why I think it’s related to the code…

Request/Suggestion: A new task for rake, say foreman-rake plugin:list-brief or similar, that would be suitable for posting here (I had to manually delete the large amounts of additional text that foreman-rake plugin:list generates). Its not a big deal, but if the versions fields had a simple command suggested in comments (like the comments in the last part of the support template), that would provide the info the community and developers are looking for, that could increase the quality of support requests.

The promised screenshot: