Try SpotterCreate, modify, and delete a configuration compliance baseline and remediate non-compliant devices on OpenManage Enterprise
| "added in version" 3.2.0 of dellemc.openmanage"
Authors: Sajna Shetty(@Sajna-Shetty), Abhishek Sinha(@Abhishek-Dell)
Install with ansible-galaxy collection install dellemc.openmanage:==9.1.0
collections:
- name: dellemc.openmanage
version: 9.1.0This module allows to create, modify, and delete a configuration compliance baseline on OpenManage Enterprise. This module also allows to remediate devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes.
---
- name: Create a configuration compliance baseline using device IDs
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
names: "baseline1"
template_name: "template1"
description: "description of baseline"
device_ids:
- 1111
- 2222
- name: Create a configuration compliance baseline using device service tags
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
names: "baseline1"
template_id: 1234
description: "description of baseline"
device_service_tags:
- "SVCTAG1"
- "SVCTAG2"
- name: Create a configuration compliance baseline using group names
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
names: "baseline2"
template_id: 2
job_wait_timeout: 1000
description: "description of baseline"
device_group_names:
- "Group1"
- "Group2"
- name: Delete the configuration compliance baselines
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: delete
names:
- baseline1
- baseline2
- name: Modify a configuration compliance baseline using group names
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: modify
names: "baseline1"
new_name: "baseline_update"
template_name: "template2"
description: "new description of baseline"
job_wait_timeout: 1000
device_group_names:
- Group1
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device IDs
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
device_ids:
- 1111
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device service tags
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
device_service_tags:
- "SVCTAG1"
- "SVCTAG2"
- name: Remediate all the non-compliant devices to a configuration compliance baseline
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
port:
default: 443
description: OpenManage Enterprise HTTPS port.
type: int
names:
description:
- Name(s) of the configuration compliance baseline.
- This option is applicable when I(command) is C(create), C(modify), or C(delete).
- Provide the list of configuration compliance baselines names that are supported
when I(command) is C(delete).
elements: str
required: true
type: list
ca_path:
description:
- The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for
the validation.
type: path
version_added: 5.0.0
version_added_collection: dellemc.openmanage
command:
choices:
- create
- modify
- delete
- remediate
default: create
description:
- C(create) creates a configuration baseline from an existing compliance template.C(create)
supports C(check_mode) or idempotency checking for only I(names).
- C(modify) modifies an existing baseline.Only I(names), I(description), I(device_ids),
I(device_service_tags), and I(device_group_names) can be modified
- I(WARNING) When a baseline is modified, the provided I(device_ids), I(device_group_names),
and I(device_service_tags) replaces the devices previously present in the baseline.
- C(delete) deletes the list of configuration compliance baselines based on the baseline
name. Invalid baseline names are ignored.
- C(remediate) remediates devices that are non-compliant with the baseline by changing
the attributes of devices to match with the associated baseline attributes.
- C(remediate) is performed on all the non-compliant devices if either I(device_ids),
or I(device_service_tags) is not provided.
type: str
timeout:
default: 30
description: The socket level timeout in seconds.
type: int
version_added: 5.0.0
version_added_collection: dellemc.openmanage
hostname:
description: OpenManage Enterprise IP address or hostname.
required: true
type: str
job_wait:
default: true
description:
- Provides the option to wait for job completion.
- This option is applicable when I(command) is C(create), C(modify), or C(remediate).
type: bool
new_name:
description:
- New name of the compliance baseline to be modified.
- This option is applicable when I(command) is C(modify).
type: str
password:
description:
- OpenManage Enterprise password.
- If the password is not provided, then the environment variable C(OME_PASSWORD) is
used.
- 'Example: export OME_PASSWORD=password'
required: true
type: str
username:
description:
- OpenManage Enterprise username.
- If the username is not provided, then the environment variable C(OME_USERNAME) is
used.
- 'Example: export OME_USERNAME=username'
required: true
type: str
device_ids:
description:
- IDs of the target devices.
- This option is applicable when I(command) is C(create), C(modify), or C(remediate),
and is mutually exclusive with I(device_service_tag) and I(device_group_names).
elements: int
type: list
description:
description:
- Description of the compliance baseline.
- This option is applicable when I(command) is C(create), or C(modify).
type: str
template_id:
description:
- ID of the deployment template to be used for creating a compliance baseline.
- This option is applicable when I(command) is C(create) and is mutually exclusive
with I(template_name).
type: int
template_name:
description:
- Name of the compliance template for creating the compliance baseline(s).
- Name of the deployment template to be used for creating a compliance baseline.
- This option is applicable when I(command) is C(create) and is mutually exclusive
with I(template_id).
type: str
validate_certs:
default: true
description:
- If C(false), the SSL certificates will not be validated.
- Configure C(false) only on personally controlled sites where self-signed certificates
are used.
- Prior to collection version C(5.0.0), the I(validate_certs) is C(false) by default.
type: bool
version_added: 5.0.0
version_added_collection: dellemc.openmanage
job_wait_timeout:
default: 10800
description:
- The maximum wait time of I(job_wait) in seconds.The job will only be tracked for
this duration.
- This option is applicable when I(job_wait) is C(true).
type: int
device_group_names:
description:
- Name of the target device group.
- This option is applicable when I(command) is C(create), or C(modify) and is mutually
exclusive with I(device_ids) and I(device_service_tag).
elements: str
type: list
device_service_tags:
description:
- Service tag of the target device.
- This option is applicable when I(command) is C(create), C(modify), or C(remediate)
and is mutually exclusive with I(device_ids) and I(device_group_names).
elements: str
type: list
compliance_status:
description: Status of compliance baseline operation.
returned: when I(command) is C(create) or C(modify)
sample:
BaselineTargets:
- Id: 1111
Type:
Id: 1000
Name: DEVICE
ConfigComplianceSummary:
ComplianceStatus: OK
NumberOfCritical: 0
NumberOfIncomplete: 0
NumberOfNormal: 0
NumberOfWarning: 0
Description: null
Id: 13
LastRun: '2021-02-27 13:15:13.751'
Name: baseline1
PercentageComplete: '100'
TaskId: 26584
TaskStatus: 2070
TemplateId: 102
TemplateName: one
TemplateType: 2
type: dict
error_info:
description: Details of the HTTP Error.
returned: on HTTP error
sample:
error:
'@Message.ExtendedInfo':
- Message: Unable to process the request because an error occurred.
MessageArgs: []
MessageId: GEN1234
RelatedProperties: []
Resolution: Retry the operation. If the issue persists, contact your system
administrator.
Severity: Critical
code: Base.1.0.GeneralError
message: A general error has occurred. See ExtendedInfo for more information.
type: dict
incompatible_devices:
description: Details of the devices which cannot be used to perform baseline compliance
operations
returned: when I(device_service_tags) or I(device_ids) contains incompatible devices
for C(create) or C(modify)
sample:
- 1234
- 5678
type: list
job_id:
description:
- Task ID created when I(command) is C(remediate).
returned: when I(command) is C(remediate)
sample: 14123
type: int
msg:
description: Overall status of the configuration compliance baseline operation.
returned: always
sample: Successfully created the configuration compliance baseline.
type: str