As mentioned previously, this first role is a simple one that installs the packages we need to run a scan:
$ ansible-galaxy init roles/install
There are a few defaults we need to set in roles/install/defaults/main.yml; these are:
install:
packages:
- "openscap-scanner"
- "scap-security-guide"
There is a task in roles/install/tasks/main.yml that installs the packages and also performs a yum update:
- name: update all of the installed packages
yum:
name: "*"
state: "latest"
update_cache: "yes"
- name: install the packages needed
package:
name: "{{ item }}"
state: latest
with_items: "{{ install.packages }}"
That is it for this role; we will be calling it each time we run a scan to ensure that we have the correct packages installed to be running the scan itself.