forked from IBM/z_ansible_collections_samples
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsca_security_provision.yml
74 lines (72 loc) · 3.68 KB
/
sca_security_provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
###############################################################################
# © Copyright IBM Corporation 2022
#
# Changelog
# All notable changes to this sample will be documented in this playbook
#
# [1.2.0] - 2022-08-10
# - Released initial version
###############################################################################
###############################################################################
# This project provides sample playbooks which demonstrate how to validate and provision
# security requirements on the target z/OS systems by leveraging z/OSMF Security Configuration Assistant (SCA).
# These playbooks leverage module `zmf_sca`, which is provided by the IBM z/OSMF collection included in the Red Hat Ansible
# Certified Content for IBM Z.
#
# This playbook performs a security provisioning using module `zmf_sca`, which is provided with the IBM z/OSMF collection.
# The playbook will succeed if all the requirements described by the SCA security descriptor file
# are either already satisified or successfully provisioned, otherwise it will fail and return the items that are still not satisfied.
#
# Usage:
# ansible-playbook -i <inventory> <playbook>
#
# Example:
# ansible-playbook -i inventory.yml sca_security_provision.yml
#
# Notes:
# Before running the sample playbooks, please review and update the sample security requirements file
# [sca_sample_security_requirements_file.json](files/sca_sample_security_requirements_file.json) based on your needs. The security
# requirements in sca_sample_security_requirements_file.json are just samples and for your reference only.
#
# Requirements:
# IBM z/OSMF collection 1.2.0 or later
#
# Configure:
# state - "provisioned" is needed for security provisioning.
# target_userid - The value of this property identifies the target user/group id to be validated.
# location - The value of this property identifies the location of the security requirement file, local or remote.
# path - The value of this property identifies the path of the security requirement file.
###############################################################################
- hosts: zos_systems
connection: local
collections:
- ibm.ibm_zosmf
gather_facts: false
tasks:
# ##########################################################################
# Module: zmf_authenticate
# ##########################################################################
# ##########################################################################
# Authenticate with z/OSMF server
# ##########################################################################
- zmf_authenticate:
zmf_host: "{{ zmf_host }}"
zmf_port: "{{ zmf_port }}"
zmf_user: "{{ zmf_user }}"
zmf_password: "{{ zmf_password }}"
register: result_auth
# ##########################################################################
# Module: zmf_sca
# ##########################################################################
# ##########################################################################
# Perform security provision
# ##########################################################################
- name: Run security provision and expect all requirements are satisified
zmf_sca:
state: "provisioned"
zmf_credential: "{{ result_auth }}"
location: "{{location}}" # The location of the security requirement file: local if it is in the same host as the Ansible Engine or remote
path_of_security_requirements: "{{path}}" # Path of the security requirement file
target_userid: "{{target_userid}}" # Target user/group id to be validated
register: result
- debug: var=result