Setup Ansible Control Node
To set up an Ansible control node, execute the following steps from the SUSE Manager Web UI.
In the SUSE Manager Web UI, navigate to
, verify thatSUSE Linux Enterprise Server 15 SP5 x86_64
andSUSE Manager Client Tools for SLE 15 x86_64
are selected and synchronized. -
Deploy a SUSE Linux Enterprise 15 SP5 client.
In the SUSE Manager Web UI, navigate to the
page of the client. Select and subscribe the client to theSUSE Linux Enterprise Server 15 SP5 x86_64
andSUSE Manager Client Tools for SLE 15 x86_64
channels.The SUSE Manager client tools contain the
package. -
of your client. From theAdd-On System Types
list enableAnsible Control Node
and click Update Properties. -
Navigate to the client overview page, select
, and click Apply Highstate. -
Select the Events tab and verify the status of the highstate.
1. Install the SCAP security guide package
For executing remediations you need to install the SCAP security guide package on the Ansible control node.
, select the client. Then click . -
Search for
and install the package suitable for your system. See the following table for package distribution requirements:Table 1. SCAP security guide package requirements Package name Supported Systems scap-security-guide
openSUSE, SLES12, SLES15
CentOS 7, CentOS 8, Fedora, Oracle Linux 7, Oracle Linux 8, RHEL7, RHEL8, RHEL9, Red Hat OpenStack Platform 10, Red Hat OpenStack Platform 13, Red Hat Virtualization 4, Scientific Linux
Debian 12
Ubuntu 20.04, Ubuntu 22.04
2. Create Ansible Inventory Files
Ansible Integration tools deploy a playbook as an inventory file. Create one inventory file for each operating system listed in Table 1.
Create and add your hosts to an inventory file to be managed by Ansible. The default path for an Ansible inventory is
.Listing 1. Inventory ansible_ssh_private_key_file=/etc/ansible/some_ssh_key [mygroup1] [mygroup2] [all:vars] ansible_ssh_private_key_file=/etc/ansible/my_ansible_private_key
In the SUSE Manager Web UI, from the
tab navigate to to add inventory files to the control node. -
Under the
Playbook Directories
section add/usr/share/scap-security-guide/ansible
to theAdd a Playbook Directories
field and click Save. -
Inventory Files
add your inventory file locations to theAdd an Inventory file
field and click Save.Listing 2. Examples/etc/ansible/sles15 /etc/ansible/sles12 /etc/ansible/centos7
For additional playbook examples, see
3. Establish Communication with Ansible Nodes
Create the SSH keys that you are using in your inventory.
ssh-keygen -f /etc/ansible/my_ansible_private_key
Copy the generated SSH keys to the Ansible managed clients. Example:
ssh-copy-id -i /etc/ansible/my_ansible_private_key
Declare the private key in
as follows:private_key_file = /etc/ansible/my_ansible_private_key
with the name of the file containing the private key. -
Test that Ansible is working by executing the following commands from the control node:
ansible all -m ping ansible mygroup1 -m ping ansible -m ping
You may now run remediations. For more information, see Compliance as Code.