As mentioned previously, this first role is a simple one that installs the packages we need to run a scan:

$ ansible-galaxy init roles/install

There are a few defaults we need to set in roles/install/defaults/main.yml; these are:

install:
  packages:
    - "openscap-scanner"
    - "scap-security-guide"

There is a task in roles/install/tasks/main.yml that installs the packages and also performs a yum update:

- name: update all of the installed packages
  yum:
    name: "*"
    state: "latest"
    update_cache: "yes"

- name: install the packages needed
  package:
    name: "{{ item }}"
    state: latest
  with_items: "{{ install.packages }}"

That is it for this role; we will be calling it each time we run a scan to ensure that we have the correct packages installed to be running the scan itself.