Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host.
Steps and configuration changes obtained from the foreman_scap_client puppet module
The role has to be executed with root permission, using the root user or via sudo because it will modify system parameters.
RPM Repositories have to be enabled and containing required packages.
satellite_server: Used to obtain policy parameterssatellite_username: Used to obtain policy parameterssatellite_password: Used to obtain policy parameterscapsule_server: Used to configure openscap client config.yaml filecapsule_port: Used to configure openscap client config.yaml filepolicy_name: Name of the SCAP Policy to be configured
---
- name: openscap client
hosts: <<host list>>
remote_user: <<user>>
gather_facts: true
become: yes
become_user: root
become_method: sudo
vars:
satellite_server: satellite.example.com
satellite_username`: admin
satellite_password`: verycomplexpassword
capsule_server`: capsule.example.com
policy_name`: 'rhel7-pci'
roles:
- ansible-ipaRegister