dellemc.openmanage.ome_configuration_compliance_baseline module – Create, modify, and delete a configuration compliance baseline and remediate non-compliant devices on OpenManage Enterprise
Note
This module is part of the dellemc.openmanage collection (version 9.8.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install dellemc.openmanage
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: dellemc.openmanage.ome_configuration_compliance_baseline
.
New in dellemc.openmanage 3.2.0
Synopsis
This module allows to create, modify, and delete a configuration compliance baseline on OpenManage Enterprise. This module also allows to remediate devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.9.6
Parameters
Parameter |
Comments |
---|---|
The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation. |
|
WARNING When a baseline is modified, the provided device_ids, device_group_names, and device_service_tags replaces the devices previously present in the baseline.
Choices:
|
|
Provide a cron expression based on Quartz cron format. Time format is “%S %M %H %d %m ? %Y”. This is applicable when run_later is |
|
Description of the compliance baseline. This option is applicable when command is |
|
Name of the target device group. This option is applicable when command is |
|
IDs of the target devices. This option is applicable when command is |
|
Service tag of the target device. This option is applicable when command is |
|
OpenManage Enterprise IP address or hostname. |
|
Provides the option to wait for job completion. This option is applicable when command is Choices:
|
|
The maximum wait time of job_wait in seconds.The job will only be tracked for this duration. This option is applicable when job_wait is Default: |
|
Name(s) of the configuration compliance baseline. This option is applicable when command is Provide the list of configuration compliance baselines names that are supported when command is |
|
New name of the compliance baseline to be modified. This option is applicable when command is |
|
OpenManage Enterprise password. If the password is not provided, then the environment variable Example: export OME_PASSWORD=password |
|
OpenManage Enterprise HTTPS port. Default: |
|
Indicates whether to remediate immediately or in the future. This is applicable when command is If run_later is If run_later is If run_later is Choices:
|
|
Indicates whether remediate has to be executed on next reboot. If staged_at_reboot is Choices:
|
|
ID of the deployment template to be used for creating a compliance baseline. This option is applicable when command is |
|
Name of the compliance template for creating the compliance baseline(s). Name of the deployment template to be used for creating a compliance baseline. This option is applicable when command is |
|
The socket level timeout in seconds. Default: |
|
OpenManage Enterprise username. If the username is not provided, then the environment variable Example: export OME_USERNAME=username |
|
If Configure Prior to collection version Choices:
|
|
Authentication token. If the x_auth_token is not provided, then the environment variable Example: export OME_X_AUTH_TOKEN=x_auth_token |
Notes
Note
This module supports
check_mode
.Ensure that the devices have the required licenses to perform the baseline compliance operations.
Examples
---
- name: Create a configuration compliance baseline using device IDs
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
names: "baseline1"
template_name: "template1"
description: "description of baseline"
device_ids:
- 1111
- 2222
- name: Create a configuration compliance baseline using device service tags
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
names: "baseline1"
template_id: 1234
description: "description of baseline"
device_service_tags:
- "SVCTAG1"
- "SVCTAG2"
- name: Create a configuration compliance baseline using group names
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
names: "baseline2"
template_id: 2
job_wait_timeout: 1000
description: "description of baseline"
device_group_names:
- "Group1"
- "Group2"
- name: Delete the configuration compliance baselines
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: delete
names:
- baseline1
- baseline2
- name: Modify a configuration compliance baseline using group names
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: modify
names: "baseline1"
new_name: "baseline_update"
template_name: "template2"
description: "new description of baseline"
job_wait_timeout: 1000
device_group_names:
- Group1
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device IDs
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
device_ids:
- 1111
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device service tags
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
device_service_tags:
- "SVCTAG1"
- "SVCTAG2"
- name: Remediate all the non-compliant devices to a configuration compliance baseline
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device IDs at scheduled time
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
device_ids:
- 1111
run_later: true
cron: "0 10 11 14 02 ? 2032" # Feb 14,2032 11:10:00
- name: Remediate specific non-compliant devices to a configuration compliance baseline using device service tags on next reboot
dellemc.openmanage.ome_configuration_compliance_baseline:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
command: "remediate"
names: "baseline1"
device_service_tags:
- "SVCTAG1"
- "SVCTAG2"
staged_at_reboot: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Status of compliance baseline operation. Returned: when command is Sample: |
|
Details of the HTTP Error. Returned: on HTTP error Sample: |
|
Details of the devices which cannot be used to perform baseline compliance operations Returned: when device_service_tags or device_ids contains incompatible devices for Sample: |
|
Details of the failed job. Returned: on job failure Sample: |
|
Task ID created when command is Returned: when command is Sample: |
|
Overall status of the configuration compliance baseline operation. Returned: always Sample: |