dellemc / dellemc.openmanage / 9.1.0 / module / ome_configuration_compliance_baseline Create, modify, and delete a configuration compliance baseline and remediate non-compliant devices on OpenManage Enterprise | "added in version" 3.2.0 of dellemc.openmanage" Authors: Sajna Shetty(@Sajna-Shetty), Abhishek Sinha(@Abhishek-Dell)dellemc.openmanage.ome_configuration_compliance_baseline (9.1.0) — module
Install with ansible-galaxy collection install dellemc.openmanage:==9.1.0
collections: - name: dellemc.openmanage version: 9.1.0
This module allows to create, modify, and delete a configuration compliance baseline on OpenManage Enterprise. This module also allows to remediate devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes.
--- - name: Create a configuration compliance baseline using device IDs dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" names: "baseline1" template_name: "template1" description: "description of baseline" device_ids: - 1111 - 2222
- name: Create a configuration compliance baseline using device service tags dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" names: "baseline1" template_id: 1234 description: "description of baseline" device_service_tags: - "SVCTAG1" - "SVCTAG2"
- name: Create a configuration compliance baseline using group names dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" names: "baseline2" template_id: 2 job_wait_timeout: 1000 description: "description of baseline" device_group_names: - "Group1" - "Group2"
- name: Delete the configuration compliance baselines dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" command: delete names: - baseline1 - baseline2
- name: Modify a configuration compliance baseline using group names dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" command: modify names: "baseline1" new_name: "baseline_update" template_name: "template2" description: "new description of baseline" job_wait_timeout: 1000 device_group_names: - Group1
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device IDs dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" command: "remediate" names: "baseline1" device_ids: - 1111
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device service tags dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" command: "remediate" names: "baseline1" device_service_tags: - "SVCTAG1" - "SVCTAG2"
- name: Remediate all the non-compliant devices to a configuration compliance baseline dellemc.openmanage.ome_configuration_compliance_baseline: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" command: "remediate" names: "baseline1"
port: default: 443 description: OpenManage Enterprise HTTPS port. type: int names: description: - Name(s) of the configuration compliance baseline. - This option is applicable when I(command) is C(create), C(modify), or C(delete). - Provide the list of configuration compliance baselines names that are supported when I(command) is C(delete). elements: str required: true type: list ca_path: description: - The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation. type: path version_added: 5.0.0 version_added_collection: dellemc.openmanage command: choices: - create - modify - delete - remediate default: create description: - C(create) creates a configuration baseline from an existing compliance template.C(create) supports C(check_mode) or idempotency checking for only I(names). - C(modify) modifies an existing baseline.Only I(names), I(description), I(device_ids), I(device_service_tags), and I(device_group_names) can be modified - I(WARNING) When a baseline is modified, the provided I(device_ids), I(device_group_names), and I(device_service_tags) replaces the devices previously present in the baseline. - C(delete) deletes the list of configuration compliance baselines based on the baseline name. Invalid baseline names are ignored. - C(remediate) remediates devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes. - C(remediate) is performed on all the non-compliant devices if either I(device_ids), or I(device_service_tags) is not provided. type: str timeout: default: 30 description: The socket level timeout in seconds. type: int version_added: 5.0.0 version_added_collection: dellemc.openmanage hostname: description: OpenManage Enterprise IP address or hostname. required: true type: str job_wait: default: true description: - Provides the option to wait for job completion. - This option is applicable when I(command) is C(create), C(modify), or C(remediate). type: bool new_name: description: - New name of the compliance baseline to be modified. - This option is applicable when I(command) is C(modify). type: str password: description: - OpenManage Enterprise password. - If the password is not provided, then the environment variable C(OME_PASSWORD) is used. - 'Example: export OME_PASSWORD=password' required: true type: str username: description: - OpenManage Enterprise username. - If the username is not provided, then the environment variable C(OME_USERNAME) is used. - 'Example: export OME_USERNAME=username' required: true type: str device_ids: description: - IDs of the target devices. - This option is applicable when I(command) is C(create), C(modify), or C(remediate), and is mutually exclusive with I(device_service_tag) and I(device_group_names). elements: int type: list description: description: - Description of the compliance baseline. - This option is applicable when I(command) is C(create), or C(modify). type: str template_id: description: - ID of the deployment template to be used for creating a compliance baseline. - This option is applicable when I(command) is C(create) and is mutually exclusive with I(template_name). type: int template_name: description: - Name of the compliance template for creating the compliance baseline(s). - Name of the deployment template to be used for creating a compliance baseline. - This option is applicable when I(command) is C(create) and is mutually exclusive with I(template_id). type: str validate_certs: default: true description: - If C(false), the SSL certificates will not be validated. - Configure C(false) only on personally controlled sites where self-signed certificates are used. - Prior to collection version C(5.0.0), the I(validate_certs) is C(false) by default. type: bool version_added: 5.0.0 version_added_collection: dellemc.openmanage job_wait_timeout: default: 10800 description: - The maximum wait time of I(job_wait) in seconds.The job will only be tracked for this duration. - This option is applicable when I(job_wait) is C(true). type: int device_group_names: description: - Name of the target device group. - This option is applicable when I(command) is C(create), or C(modify) and is mutually exclusive with I(device_ids) and I(device_service_tag). elements: str type: list device_service_tags: description: - Service tag of the target device. - This option is applicable when I(command) is C(create), C(modify), or C(remediate) and is mutually exclusive with I(device_ids) and I(device_group_names). elements: str type: list
compliance_status: description: Status of compliance baseline operation. returned: when I(command) is C(create) or C(modify) sample: BaselineTargets: - Id: 1111 Type: Id: 1000 Name: DEVICE ConfigComplianceSummary: ComplianceStatus: OK NumberOfCritical: 0 NumberOfIncomplete: 0 NumberOfNormal: 0 NumberOfWarning: 0 Description: null Id: 13 LastRun: '2021-02-27 13:15:13.751' Name: baseline1 PercentageComplete: '100' TaskId: 26584 TaskStatus: 2070 TemplateId: 102 TemplateName: one TemplateType: 2 type: dict error_info: description: Details of the HTTP Error. returned: on HTTP error sample: error: '@Message.ExtendedInfo': - Message: Unable to process the request because an error occurred. MessageArgs: [] MessageId: GEN1234 RelatedProperties: [] Resolution: Retry the operation. If the issue persists, contact your system administrator. Severity: Critical code: Base.1.0.GeneralError message: A general error has occurred. See ExtendedInfo for more information. type: dict incompatible_devices: description: Details of the devices which cannot be used to perform baseline compliance operations returned: when I(device_service_tags) or I(device_ids) contains incompatible devices for C(create) or C(modify) sample: - 1234 - 5678 type: list job_id: description: - Task ID created when I(command) is C(remediate). returned: when I(command) is C(remediate) sample: 14123 type: int msg: description: Overall status of the configuration compliance baseline operation. returned: always sample: Successfully created the configuration compliance baseline. type: str