PCI-DSS Compliance with Ansible Tower

Compliance scanning and remediation with Ansible is a common question that comes up. How does Ansible do this? What are its capabilities? Within the Ansible Galaxy community, there’s been some significant investment in developing ansible roles for security and compliance. I’ll show you how to download this Ansible role and make use of it within Ansible Tower.

First off, you can view the available security roles. Here we’ll use the rhel7-role-pci-dss role:

Ansible security compliance

On the Tower host, let’s download and install this role using ansible-galaxy:

Download and install

Create a playbook that makes use of this role, here’s an example you can use and then modify to your liking:

github repo

I’ve created a job template in Ansible Tower to then run this playbook via a github project integration in Tower. A user can then just click launch:

Launch via Tower

Finally, we see the PCI-DSS compliance role run on the example host, and apply all the remediations contained in the role:

Compliance result