dellemc.openmanage.ome_configuration_compliance_baseline – Create, modify, and delete a configuration compliance baseline and remediate non-compliant devices on OpenManage Enterprise

Note

This plugin is part of the dellemc.openmanage collection (version 3.2.0).

To install it use: ansible-galaxy collection install dellemc.openmanage.

To use it in a playbook, specify: dellemc.openmanage.ome_configuration_compliance_baseline.

New in version 3.2.0: of dellemc.openmanage

Synopsis

• This module allows to create, modify, and delete a configuration compliance baseline on OpenManage Enterprise. This module also allows to remediate devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes.

Requirements

The below requirements are needed on the host that executes this module.

• python >= 2.7.5

Parameters

Parameter	Choices/Defaults	Comments
command string	Choices: create ← modify delete remediate	create creates a configuration baseline from an existing compliance template.create supports check_mode or idempotency checking for only names. modify modifies an existing baseline.Only names, description, device_ids, device_service_tags, and device_group_names can be modified WARNING When a baseline is modified, the provided device_ids, device_group_names, and device_service_tags replaces the devices previously present in the baseline. delete deletes the list of configuration compliance baselines based on the baseline name. Invalid baseline names are ignored. remediate remediates devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes. remediate is performed on all the non-compliant devices if either device_ids, or device_service_tags is not provided.
description string		Description of the compliance baseline. This option is applicable when command is create, or modify.
device_group_names list / elements=string		Name of the target device group. This option is applicable when command is create, or modify and is mutually exclusive with device_ids and device_service_tag.
device_ids list / elements=integer		IDs of the target devices. This option is applicable when command is create, modify, or remediate, and is mutually exclusive with device_service_tag and device_group_names.
device_service_tags list / elements=string		Service tag of the target device. This option is applicable when command is create, modify, or remediate and is mutually exclusive with device_ids and device_group_names.
hostname string / required		Target IP address or hostname.
job_wait boolean	Choices: no yes ←	Provides the option to wait for job completion. This option is applicable when command is create, modify, or remediate.
job_wait_timeout integer	Default: 10800	The maximum wait time of job_wait in seconds.The job will only be tracked for this duration. This option is applicable when job_wait is True.
names list / elements=string / required		Name(s) of the configuration compliance baseline. This option is applicable when command is create, modify, or delete. Provide the list of configuration compliance baselines names that are supported when command is delete.
new_name string		New name of the compliance baseline to be modified. This option is applicable when command is modify.
password string / required		Target user password.
port integer	Default: 443	Target HTTPS port.
template_id integer		ID of the deployment template to be used for creating a compliance baseline. This option is applicable when command is create and is mutually exclusive with template_name.
template_name string		Name of the compliance template for creating the compliance baseline(s). Name of the deployment template to be used for creating a compliance baseline. This option is applicable when command is create and is mutually exclusive with template_id.
username string / required		Target username.

Notes

Note

• This module supports check_mode.

• Ensure that the devices have the required licenses to perform the baseline compliance operations.

Examples

---
- name: Create a configuration compliance baseline using device IDs
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    names: "baseline1"
    template_name: "template1"
    description: "description of baseline"
    device_ids:
      - 1111
      - 2222

- name: Create a configuration compliance baseline using device service tags
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    names: "baseline1"
    template_id: 1234
    description: "description of baseline"
    device_service_tags:
      - "SVCTAG1"
      - "SVCTAG2"

- name: Create a configuration compliance baseline using group names
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    names: "baseline2"
    template_id: 2
    job_wait_timeout: 1000
    description: "description of baseline"
    device_group_names:
      - "Group1"
      - "Group2"

- name: Delete the configuration compliance baselines
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: delete
    names:
      - baseline1
      - baseline2

- name: Modify a configuration compliance baseline using group names
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: modify
    names: "baseline1"
    new_name: "baseline_update"
    template_name: "template2"
    description: "new description of baseline"
    job_wait_timeout: 1000
    device_group_names:
      - Group1

- name: Remediate specific non-compliant devices to a configuration compliance baseline using device IDs
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: "remediate"
    names: "baseline1"
    device_ids:
      - 1111

- name: Remediate specific non-compliant devices to a configuration compliance baseline using device service tags
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: "remediate"
    names: "baseline1"
    device_service_tags:
      - "SVCTAG1"
      - "SVCTAG2"

- name: Remediate all the non-compliant devices to a configuration compliance baseline
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: "remediate"
    names: "baseline1"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
compliance_status dictionary	when command is create or modify	Status of compliance baseline operation. Sample: {'BaselineTargets': [{'Id': 1111, 'Type': {'Id': 1000, 'Name': 'DEVICE'}}], 'ConfigComplianceSummary': {'ComplianceStatus': 'OK', 'NumberOfCritical': 0, 'NumberOfIncomplete': 0, 'NumberOfNormal': 0, 'NumberOfWarning': 0}, 'Description': None, 'Id': 13, 'LastRun': '2021-02-27 13:15:13.751', 'Name': 'baseline1', 'PercentageComplete': '100', 'TaskId': 26584, 'TaskStatus': 2070, 'TemplateId': 102, 'TemplateName': 'one', 'TemplateType': 2}
error_info dictionary	on HTTP error	Details of the HTTP Error. Sample: {'error': {'@Message.ExtendedInfo': [{'Message': 'Unable to process the request because an error occurred.', 'MessageArgs': [], 'MessageId': 'GEN1234', 'RelatedProperties': [], 'Resolution': 'Retry the operation. If the issue persists, contact your system administrator.', 'Severity': 'Critical'}], 'code': 'Base.1.0.GeneralError', 'message': 'A general error has occurred. See ExtendedInfo for more information.'}}
incompatible_devices list / elements=string	when device_service_tags or device_ids contains incompatible devices for create or modify	Details of the devices which cannot be used to perform baseline compliance operations Sample: [1234, 5678]
job_id integer	when command is remediate	Task ID created when command is remediate. Sample: 14123
msg string	always	Overall status of the configuration compliance baseline operation. Sample: Successfully created the configuration compliance baseline.

Authors

• Sajna Shetty(@Sajna-Shetty)