Compliance scanning and remediation with Ansible is a common question that comes up. How does Ansible do this? What are its capabilities? Within the Ansible Galaxy community, there’s been some significant investment in developing ansible roles for security and compliance. I’ll show you how to download this Ansible role and make use of it within Ansible Tower.
First off, you can view the available security roles. Here we’ll use the rhel7-role-pci-dss role:
On the Tower host, let’s download and install this role using ansible-galaxy:
Create a playbook that makes use of this role, here’s an example you can use and then modify to your liking:
I’ve created a job template in Ansible Tower to then run this playbook via a github project integration in Tower. A user can then just click launch:
Finally, we see the PCI-DSS compliance role run on the example host, and apply all the remediations contained in the role: