Setup Ansible Control Node

To set up an Ansible control node, execute the following steps from the SUSE Manager Web UI.

Procedure: Setting up Ansible Control Node
  1. In the SUSE Manager Web UI, navigate to Admin  Setup Wizard  Products, verify that SUSE Linux Enterprise Server 15 SP5 x86_64 and SUSE Manager Client Tools for SLE 15 x86_64 are selected and synchronized.

  2. Deploy a SUSE Linux Enterprise 15 SP5 client.

  3. In the SUSE Manager Web UI, navigate to the Systems  Overview page of the client. Select Software  Software Channels and subscribe the client to the SUSE Linux Enterprise Server 15 SP5 x86_64 and SUSE Manager Client Tools for SLE 15 x86_64 channels.

    The SUSE Manager client tools contain the ansible package.

  4. Select Details  Properties of your client. From the Add-On System Types list enable Ansible Control Node and click Update Properties.

  5. Navigate to the client overview page, select State  Highstate, and click Apply Highstate.

  6. Select the Events tab and verify the status of the highstate.

1. Install the SCAP security guide package

For executing remediations you need to install the SCAP security guide package on the Ansible control node.

Procedure: Installing the SCAP security guide package
  1. From Systems  Overview, select the client. Then click Software  Packages  Install.

  2. Search for scap-security-guide and install the package suitable for your system. See the following table for package distribution requirements:

    Table 1. SCAP security guide package requirements
    Package name Supported Systems


    openSUSE, SLES12, SLES15


    CentOS 7, CentOS 8, Fedora, Oracle Linux 7, Oracle Linux 8, RHEL7, RHEL8, RHEL9, Red Hat OpenStack Platform 10, Red Hat OpenStack Platform 13, Red Hat Virtualization 4, Scientific Linux


    Debian 11, Debian 12


    Ubuntu 20.04, Ubuntu 22.04

2. Create Ansible Inventory Files

Ansible Integration tools deploy a playbook as an inventory file. Create one inventory file for each operating system listed in Table 1.

Procedure: Creating Ansible Inventory Files
  1. Create and add your hosts to an inventory file to be managed by Ansible. The default path for an Ansible inventory is /etc/ansible/hosts.

    Listing 1. Inventory Example ansible_ssh_private_key_file=/etc/ansible/some_ssh_key
  2. In the SUSE Manager Web UI, from the Ansible tab navigate to Ansible  Control Node to add inventory files to the control node.

  3. Under the Playbook Directories section add /usr/share/scap-security-guide/ansible to the Add a Playbook Directories field and click Save.

  4. Under Inventory Files add your inventory file locations to the Add an Inventory file field and click Save.

    Listing 2. Examples

    For additional playbook examples, see

3. Establish Communication with Ansible Nodes

Procedure: Establishing Communication with Ansible Nodes
  1. Create the SSH keys that you are using in your inventory.

    ssh-keygen -f /etc/ansible/my_ansible_private_key
  2. Copy the generated SSH keys to the Ansible managed clients. Example:

    ssh-copy-id -i /etc/ansible/my_ansible_private_key
  3. Declare the private key in /etc/ansible/ansible.cfg as follows:

    private_key_file = /etc/ansible/my_ansible_private_key

    Replace my_ansible_private_key with the name of the file containing the private key.

  4. Test that Ansible is working by executing the following commands from the control node:

    ansible all -m ping
    ansible mygroup1 -m ping
    ansible -m ping

You may now run remediations. For more information, see Compliance as Code.