dellemc.openmanage.ome_configuration_compliance_baseline – Create, modify, and delete a configuration compliance baseline and remediate non-compliant devices on OpenManage Enterprise

Note

This plugin is part of the dellemc.openmanage collection (version 3.6.0).

To install it use: ansible-galaxy collection install dellemc.openmanage.

To use it in a playbook, specify: dellemc.openmanage.ome_configuration_compliance_baseline.

New in version 3.2.0: of dellemc.openmanage

Synopsis

  • This module allows to create, modify, and delete a configuration compliance baseline on OpenManage Enterprise. This module also allows to remediate devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7.5

Parameters

Parameter Choices/Defaults Comments
command
string
    Choices:
  • create ←
  • modify
  • delete
  • remediate
create creates a configuration baseline from an existing compliance template.create supports check_mode or idempotency checking for only names.
modify modifies an existing baseline.Only names, description, device_ids, device_service_tags, and device_group_names can be modified
WARNING When a baseline is modified, the provided device_ids, device_group_names, and device_service_tags replaces the devices previously present in the baseline.
delete deletes the list of configuration compliance baselines based on the baseline name. Invalid baseline names are ignored.
remediate remediates devices that are non-compliant with the baseline by changing the attributes of devices to match with the associated baseline attributes.
remediate is performed on all the non-compliant devices if either device_ids, or device_service_tags is not provided.
description
string
Description of the compliance baseline.
This option is applicable when command is create, or modify.
device_group_names
list / elements=string
Name of the target device group.
This option is applicable when command is create, or modify and is mutually exclusive with device_ids and device_service_tag.
device_ids
list / elements=integer
IDs of the target devices.
This option is applicable when command is create, modify, or remediate, and is mutually exclusive with device_service_tag and device_group_names.
device_service_tags
list / elements=string
Service tag of the target device.
This option is applicable when command is create, modify, or remediate and is mutually exclusive with device_ids and device_group_names.
hostname
string / required
OpenManage Enterprise IP address or hostname.
job_wait
boolean
    Choices:
  • no
  • yes ←
Provides the option to wait for job completion.
This option is applicable when command is create, modify, or remediate.
job_wait_timeout
integer
Default:
10800
The maximum wait time of job_wait in seconds.The job will only be tracked for this duration.
This option is applicable when job_wait is True.
names
list / elements=string / required
Name(s) of the configuration compliance baseline.
This option is applicable when command is create, modify, or delete.
Provide the list of configuration compliance baselines names that are supported when command is delete.
new_name
string
New name of the compliance baseline to be modified.
This option is applicable when command is modify.
password
string / required
OpenManage Enterprise password.
port
integer
Default:
443
OpenManage Enterprise HTTPS port.
template_id
integer
ID of the deployment template to be used for creating a compliance baseline.
This option is applicable when command is create and is mutually exclusive with template_name.
template_name
string
Name of the compliance template for creating the compliance baseline(s).
Name of the deployment template to be used for creating a compliance baseline.
This option is applicable when command is create and is mutually exclusive with template_id.
username
string / required
OpenManage Enterprise username.

Notes

Note

  • This module supports check_mode.

  • Ensure that the devices have the required licenses to perform the baseline compliance operations.

Examples

---
- name: Create a configuration compliance baseline using device IDs
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    names: "baseline1"
    template_name: "template1"
    description: "description of baseline"
    device_ids:
      - 1111
      - 2222

- name: Create a configuration compliance baseline using device service tags
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    names: "baseline1"
    template_id: 1234
    description: "description of baseline"
    device_service_tags:
      - "SVCTAG1"
      - "SVCTAG2"

- name: Create a configuration compliance baseline using group names
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    names: "baseline2"
    template_id: 2
    job_wait_timeout: 1000
    description: "description of baseline"
    device_group_names:
      - "Group1"
      - "Group2"

- name: Delete the configuration compliance baselines
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: delete
    names:
      - baseline1
      - baseline2

- name: Modify a configuration compliance baseline using group names
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: modify
    names: "baseline1"
    new_name: "baseline_update"
    template_name: "template2"
    description: "new description of baseline"
    job_wait_timeout: 1000
    device_group_names:
      - Group1

- name: Remediate specific non-compliant devices to a configuration compliance baseline using device IDs
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: "remediate"
    names: "baseline1"
    device_ids:
      - 1111

- name: Remediate specific non-compliant devices to a configuration compliance baseline using device service tags
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: "remediate"
    names: "baseline1"
    device_service_tags:
      - "SVCTAG1"
      - "SVCTAG2"

- name: Remediate all the non-compliant devices to a configuration compliance baseline
  dellemc.openmanage.ome_configuration_compliance_baseline:
    hostname: "192.168.0.1"
    username: "username"
    password: "password"
    command: "remediate"
    names: "baseline1"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
compliance_status
dictionary
when command is create or modify
Status of compliance baseline operation.

Sample:
{'BaselineTargets': [{'Id': 1111, 'Type': {'Id': 1000, 'Name': 'DEVICE'}}], 'ConfigComplianceSummary': {'ComplianceStatus': 'OK', 'NumberOfCritical': 0, 'NumberOfIncomplete': 0, 'NumberOfNormal': 0, 'NumberOfWarning': 0}, 'Description': None, 'Id': 13, 'LastRun': '2021-02-27 13:15:13.751', 'Name': 'baseline1', 'PercentageComplete': '100', 'TaskId': 26584, 'TaskStatus': 2070, 'TemplateId': 102, 'TemplateName': 'one', 'TemplateType': 2}
error_info
dictionary
on HTTP error
Details of the HTTP Error.

Sample:
{'error': {'@Message.ExtendedInfo': [{'Message': 'Unable to process the request because an error occurred.', 'MessageArgs': [], 'MessageId': 'GEN1234', 'RelatedProperties': [], 'Resolution': 'Retry the operation. If the issue persists, contact your system administrator.', 'Severity': 'Critical'}], 'code': 'Base.1.0.GeneralError', 'message': 'A general error has occurred. See ExtendedInfo for more information.'}}
incompatible_devices
list / elements=string
when device_service_tags or device_ids contains incompatible devices for create or modify
Details of the devices which cannot be used to perform baseline compliance operations

Sample:
[1234, 5678]
job_id
integer
when command is remediate
Task ID created when command is remediate.

Sample:
14123
msg
string
always
Overall status of the configuration compliance baseline operation.

Sample:
Successfully created the configuration compliance baseline.


Authors

  • Sajna Shetty(@Sajna-Shetty)